Network Working Group                                       Jutta Degener
Internet Draft                                             Sendmail, Inc.
Expires: December 2004                                          June 2004


             Sieve Extension: Copying Without Side Effects
                  <draft-degener-sieve-copy-03.txt>


Status of this memo

   This document is an Internet-Draft and is subject to all
   provisions of Section 10 of RFC2026.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as
   Internet-Drafts.

   Internet-Drafts are draft documents valid for a maximum of six
   months and may be updated, replaced, or obsoleted by other
   documents at any time.  It is inappropriate to use Internet-
   Drafts as reference material or to cite them other than as
   "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/1id-abstracts.html

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html


Abstract

   The sieve scripting language allows users to control
   handling and disposal of their incoming e-mail.  By default,
   an e-mail message that is processed by a sieve script is saved
   in the owner's "inbox".  Actions such as "fileinto" and
   "redirect" cancel this default behavior.

   This document defines a new keyword parameter, ":copy", to be
   used with the sieve "fileinto" and "redirect" actions.  Adding
   ":copy" to an action suppresses cancellation of the default
   "inbox" save.  It allows users to add commands to an existing
   script without changing the meaning of the rest of the script.


1. Introduction

   The sieve scripting language [SIEVE] allows users to control
   handling and disposal of their incoming e-mail.  Two frequently
   used sieve commands are "fileinto" (saving into a local message
   store, such as an IMAP server) and "redirect" (forwarding
   to another e-mail address).   Both of these cancel the sieve
   default behavior of saving into the user's "inbox".

   But some users have the notion of forwarding an extra copy of a
   message for safekeeping to another e-mail address, or of saving
   a copy in a folder -- in addition to the regular message
   delivery, which shouldn't be affected by the copy.

   If saving an extra copy is all the user wanted to do,

        fileinto "unfiltered";
        keep;

   would do the job.  The "keep" command does explicitly what the
   canceled default behavior did.  But the explicit "keep" is a
   poor substitute for the implicit keep when more processing follows:

        fileinto "unfiltered";
        keep;

        if header "Subject" "MAKE MONEY FAST!!!"
        {
                discard;
        }

   In this example, the "discard" is ineffective against the
   explicit "keep"; the discarded message still ends up in
   the user's inbox.

   It is possible to generate sieve code that perfectly
   expresses a user's wishes, but such code quickly grows
   unwieldy because it needs to keep track of the state
   the implicit keep would have had without the fileinto
   or redirect command.

   This extension tries to make life easier for user interface
   designers and script writers by allowing them to express
   the "copy" semantics directly.


2. Conventions used.

   Conventions for notations are as in [SIEVE] section 1.1, including
   use of [KEYWORDS] and "Syntax:" label for the definition of action
   and tagged arguments syntax.

   The capability string associated with extension defined in this
   document is "copy".


3. ":copy" extension to the "fileinto" and "redirect" command.

   Syntax:
        "fileinto" [":copy"] <folder: string>
        "redirect" [":copy"] <folder: string>

   If the optional :copy keyword is specified with "fileinto"
   or "redirect", the tagged command does not cancel the
   implicit keep.  Instead, it merely files or redirects a
   copy in addition to whatever else is happening to the
   message.

   Example:

        require ["copy", "fileinto"];
        fileinto :copy "incoming";

        # ... more processing follows ...


4. Security Considerations

   The "copy" extension makes it easier to eavesdrop on a user's
   message stream without the user noticing.  This was technically
   possible before if an attacker gained read/write access to a
   user's sieve scripts, but now an attacker no longer needs to
   parse a script in order to modify it.  Write access to sieve scripts
   must be protected as strongly as read/write access to e-mail,
   for example by using secure directory protocols such as correctly
   parametrized LDAP over TLS [LDAP].

   Organizations that wish to monitor their users' e-mail traffic
   must familiarize themselves with local data protection laws
   before creating stores of old e-mail traffic without control or
   perhaps even knowledge of the sender or intended recipients.

   Organizations that legally use redirect :copy to eavesdrop
   on correspondence (for example, by keeping a log to later answer
   questions about insider trading) can avoid later problems by
   setting privacy expectations of their users correctly.


5. IANA Considerations

   The following template specifies the IANA registration of the
   "copy" Sieve extension specified in this document.

   To: iana@iana.org
   Subject: Registration of new Sieve extension

   Capability name: copy
   Capability keyword: copy
   Capability arguments: N/A
   Standards Track/IESG-approved experimental RFC number: this RFC
   Person and email address to contact for further information:

        Jutta Degener
        Sendmail, Inc.
        6425 Christie Ave, 4th Floor
        Emeryville, CA 94608

        Email: jutta@sendmail.com

   This information should be added to the list of sieve extensions
   given on http://www.iana.org/assignments/sieve-extensions.


6. Acknowledgments

   Thanks to Eric Allman, Ned Freed, Will Lee, Nigel Swinson,
   and Rand Wacker for corrections and comments.


7. Author's Address

   Jutta Degener
   Sendmail, Inc.
   6425 Christie Ave, 4th Floor
   Emeryville, CA 94608

   Email: jutta@sendmail.com


Appendices

Appendix A.  Normative References

   [KEYWORDS]   Bradner, S., "Key words for use in RFCs to Indicate
                Requirement Levels", RFC 2119, March 1997.

   [LDAP]       M. Wahl, H. Alvestrand, J.  Hodges, R. Morgan,
                "Authentication Methods for LDAP", RFC 2829, May 2000.

   [SIEVE]      Showalter, T.,  "Sieve: A Mail Filtering Language", RFC 3028,
                January 2001.


Appendix B. Intellectual Property Rights Statement

    The IETF takes no position regarding the validity or scope of any
    intellectual property or other rights that might be claimed to
    pertain to the implementation or use of the technology described in
    this document or the extent to which any license under such rights
    might or might not be available; neither does it represent that it
    has made any effort to identify any such rights.  Information on the
    IETF's procedures with respect to rights in standards-track and
    standards-related documentation can be found in BCP-11.  Copies of
    claims of rights made available for publication and any assurances
    of licenses to be made available, or the result of an attempt made
    to obtain a general license or permission for the use of such
    proprietary rights by implementors or users of this specification
    can be obtained from the IETF Secretariat.


Appendix C. Full Copyright Statement

    Copyright (C) The Internet Society 2004. All Rights Reserved.

    This document and translations of it may be copied and furnished to
    others, and derivative works that comment on or otherwise explain it
    or assist in its implementation may be prepared, copied, published
    and distributed, in whole or in part, without restriction of any
    kind, provided that the above copyright notice and this paragraph
    are included on all such copies and derivative works.  However, this
    document itself may not be modified in any way, such as by removing
    the copyright notice or references to the Internet Society or other
    Internet organizations, except as needed for the purpose of
    developing Internet standards in which case the procedures for
    copyrights defined in the Internet Standards process must be
    followed, or as required to translate it into languages other than
    English.

    The limited permissions granted above are perpetual and will not be
    revoked by the Internet Society or its successors or assigns.

    This document and the information contained herein is provided on an
    "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
    TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
    BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
    HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.