Internet Draft R. Gellens Document: draft-gellens-acap-sieve-00.txt QUALCOMM Expires: 28 August 2000 28 February 2000 ACAP Profile for Sieve Script Access Status of this Memo: This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at <http://www.ietf.org/ietf/1id-abstracts.txt> The list of Internet-Draft Shadow Directories can be accessed at <http://www.ietf.org/shadow.html>. A version of this draft document is intended for submission to the RFC editor as a Proposed Standard for the Internet Community. Discussion and suggestions for improvement are requested. Copyright Notice Copyright (C) The Internet Society 2000. All Rights Reserved. Gellens Expires August 2000 [Page 1]Internet Draft ACAP Profile for Sieve Script Access>February 2000 Table of Contents 1. Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Conventions Used in this Document . . . . . . . . . . . . . . 2 3. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . 2 4. Sieve ACAP Profile Overview . . . . . . . . . . . . . . . . . 2 5. Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 3 6. Responses . . . . . . . . . . . . . . . . . . . . . . . . . . 4 7. Datasets and Attributes . . . . . . . . . . . . . . . . . . 4 8. Multiple Sieve Scripts . . . . . . . . . . . . . . . . . . . 5 9. Example Session . . . . . . . . . . . . . . . . . . . . . . 5 10. References . . . . . . . . . . . . . . . . . . . . . . . . . 6 11. Security Considerations . . . . . . . . . . . . . . . . . . 6 12. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 6 13. Author's Address . . . . . . . . . . . . . . . . . . . . . . 6 14. Full Copyright Statement . . . . . . . . . . . . . . . . . . 6 1. Abstract The Sieve [SIEVE] language provides a very useful interoperable syntax for mail filtering. The Email Account Dataset Class [ACAP-EMAIL] provides an extensible and interoperable means of accessing and controlling Sieve scripts, but requires an ACAP [ACAP] server. This memo proposes a profile of ACAP which is suitable for accessing Sieve scripts, very easy to implement in clients and servers, and upwardly compatible with ACAP. 2. Conventions Used in this Document The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [KEYWORDS]. 3. Comments Public comments can be sent to the Sieve mailing list, <ietf-mta-filters@imc.org>. To subscribe, send a message to <ietf-mta-filters-request@imc.org> with the word SUBSCRIBE as the body. Private comments should be sent to the author. 4. Sieve ACAP Profile Overview The Sieve ACAP Profile uses ACAP commands and syntax but provides access only to Sieve-related [SIEVE] attributes in an actual or virtual Email Account Dataset [ACAP-EMAIL]. Clients can store and retrieve Sieve scripts. If supported by the server, syntax errors Gellens Expires August 2000 [Page 2]Internet Draft ACAP Profile for Sieve Script Access>February 2000 and warnings for just-stored scripts, and/or run-time errors and warnings, are also available. By using a profile of ACAP, we get a ready-made protocol designed for just this type of activity which is very easy to implement, and most importantly, an easy upgrade path. A client which uses this profile can also talk to a full ACAP server. Full ACAP provides many features not available in the profile, such as Access Control Lists (ACLs), sophisticated searching (including change notification), and of course unlimited attributes and datasets. The goal of this profile is to provide the minimum functionality required to access and store Sieve scripts, in a way that is as easy as possible to implement in clients and servers, with a sensible upgrade mechanism (in this case, to full ACAP). This profile of ACAP uses port xxx. The normal ACAP sequence is followed (client opens connection, server responds with an initial greeting, etc.) 5. Commands The supported ACAP commands (with the RFC 2244 section numbers) are: AUTHENTICATE (6.3.1) SEARCH (6.4.1) STORE (6.6.1) NOOP (6.2.1) LOGOUT (6.2.4) Note that the SEARCH and STORE commands are severely limited as to the datasets and attributes which may be accessed, and the command elements which may be used. Servers MAY choose to support only those command elements specifically mentioned here. The SEARCH command MUST NOT use a dataset name not permitted by section 7, Datasets and Attributes. The RETURN modifier MAY be used. Other modifiers SHOULD NOT be used. The RETURN modifier MUST only specify attributes permitted by section 7, Datasets and Attributes. The EQUAL criteria SHOULD be used. Other criteria SHOULD NOT be used. The EQUAL criteria SHOULD specify an attribute of "ENTRY", a comparator of "i;octet", and a value permitted by section 7. A typical SEARCH command is: Gellens Expires August 2000 [Page 3]Internet Draft ACAP Profile for Sieve Script Access>February 2000 t1 SEARCH "/email/~/" RETURN ("email.sieve.script") EQUAL "entry" "i;octet" "sieve" The SEARCH command results in typically one ENTRY intermediate response and one MODTIME intermediate response, followed by an OK response. The STORE command MUST be passed one entry store list. The entry path normally refers to the "sieve" (or another) entry in the "email" dataset (for example, "/email/~/sieve" ). See section 7. Attribute store items MUST use attribute names which begin with "email.sieve." The NOCREATE modifier MUST NOT be used. The UNCHANGEDSINCE modifier MAY be used. A typical STORE command is: t2 STORE ("/email/~/sieve" "email.sieve.script" <script>) 6. Responses The following ACAP responses are supported (with the section number in RFC 2244): ACAP Untagged Response (6.1.1) OK Response (6.2.5) NO Response (6.2.6) BAD Response (6.2.7) ENTRY Intermediate Response (6.4.2) MODTIME Intermediate Response (6.4.3) BYE Untagged Response (6.2.8) Note that the definition of initial-greeting (the ACAP untagged response) is changed to: initial-greeting = "*" SP "SIEVE" *(SP "(" init-capability ")") CRLF This is to avoid confusion with a full ACAP server, in addition to operating on a different port. 7. Datasets and Attributes Only attributes which start with "email.sieve", in the Email dataset, are generally accessible using this profile. The server MAY also permit access to attributes which start with "capability.email.sieve." in the "email" entry of the "capability" dataset. These attributes indicate (by a value of "1") the availability of the corresponding attributes in the Email dataset, for example, for Sieve run-time and syntax error and warning information. To simplify implementation, this dataset is accessed Gellens Expires August 2000 [Page 4]Internet Draft ACAP Profile for Sieve Script Access>February 2000 only as "/capability/~/", that is, under the user hierarchy. Only one entry in the Email dataset is available. In implementations which use this protocol solely to allow access to existent or new Sieve scripts (such as a mail server), it is likely that there are no actual entries or datasets, simply one or more Sieve scripts per user. In such cases, the "sieve" entry is used as a place holder for the only entry. In other situations, there may be a full ACAP server offering access to general datasets and entries. In this case, the client needs to know the actual entry name. Thus, it is reasonable for clients to allow users to specify an entry name in addition to a server name, user name, etc. It is also reasonable to default the entry name to "sieve". Attributes are specified in the Email Account Dataset Class [ACAP-EMAIL]. Note that the active Sieve script is contained in the "email.sieve.script" attribute. Supported Sieve extension capability strings are in the multivalued "email.sieve.capability" attribute. 8. Multiple Sieve Scripts It is possible to access multiple Sieve scripts. The active Sieve script is always in the "email.sieve.script" attribute. Additional Sieve scripts may be placed in attributes of the form "email.sieve.script.foo", where "foo" is the name of another script. A client can access all Sieve scripts by asking the server to return "email.sieve.script*". 9. Example Session S: * SIEVE (IMPLEMENTATION "sievead v1.0.0.7") (SASL "PLAIN" "CRAM-MD5") C: 0001 authenticate .... S: 0001 OK "Logged in" C: 0002 search "/email/~/" return ("email.sieve.capability" "email.sieve.script") equal "entry" "+i;octet" "sieve" S: 0002 ENTRY "sieve" ("fileinto" "vacation" "envelope") {25+} if size over 1 keep; S: 0002 MODTIME "20000224232637550" S: 0002 OK "SEARCH Completed" C: 0003 store ("/email/~/sieve" "email.sieve.script" {112+} #rule\09<<0>> #size #verb \09 Over #value \09 2ááááááááá #Keep \09 Gellens Expires August 2000 [Page 5]Internet Draft ACAP Profile for Sieve Script Access>February 2000 if size :over 2ááááááááá { Keep; } ) S: 003 OK "STORE Completed" 10. References [ACAP] Newman, Myers, "ACAP -- Application Configuration Access Protocol", RFC 2244, Innosoft, Netscape, November 1997. <ftp://ftp.isi.edu/in-notes/rfc2244.txt> [ACAP-EMAIL] Gellens, "ACAP Email Account Dataset Class", work in Progress. <ftp://ftp.ietf.org/internet-drafts/draft-gellens-acap-acnt-xx.txt> [KEYWORDS] Bradner, "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, Harvard University, March 1997. <ftp://ftp.isi.edu/in-notes/rfc2119.txt> [SIEVE] Showalter, "Sieve -- a Mail Filtering Language", Carnegie Mellon, Work in Progress. <ftp://ftp.ietf.org/internet-drafts/draft-showalter-sieve-xx.txt>\ 11. Security Considerations Since this protocol does not include Access Control Lists (ACLs) or other means for setting or changing permissions, by default servers MUST ensure that only a script owner has access to a script. Servers MAY provide and/or honor out-of-band mechanisms for setting access controls on scripts (for example, native OS file permissions). 12. Acknowledgments Many thanks to Larry Greenfield and Alexey Melnikov for their suggestions and for catching so many of my errors. 13. Author's Address Randall Gellens +1 858 651 5115 QUALCOMM Incorporated randy@qualcomm.com 5775 Morehouse Drive San Diego, CA 92121-2779 U.S.A. Gellens Expires August 2000 [Page 6]Internet Draft ACAP Profile for Sieve Script Access>February 2000 14. Full Copyright Statement Copyright (C) The Internet Society 2000. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Gellens Expires August 2000 [Page 7]