Note to RFC Editor
Add the following paragraph to the end of the Security Considerations:
"It is imperative that whatever implementations use to store the
user-defined filtering scripts protect them from unauthorized
modification, to preserve the integrity of the mail system. An attacker
who can modify a script can cause mail to be discarded, rejected, or
forwarded to an unauthorized recipient. In addition it's possible that
Sieve scripts might expose private information, such as mailbox names, or
email addresses of favoured (or disfavoured) correspondents. Because of
that, scripts SHOULD also be protected from unauthorized retrieval."
SIEVE notify extension WG Chairs Write-up for IESG.
draft-ietf-sieve-notify-09 - Proposed Standard
(1.a) Shepherd: Cyrus Daboo <mailto:email@example.com> I have
personally reviewed this document and believe it ready for
submission to the IESG.
(1.b) It has had adequate review from WG members. Not from non-WG
members. No concerns with the nature of those reviews.
(1.c) No concerns about broader review.
(1.d) No IPR or other concerns with this document.
(1.e) There is strong WG consensus behind this document.
(1.f) No appeals or serious discontent.
(1.g) ID nits were checked. Whilst some warnings appear, the draft
in fact was correct.
(1.h) References are split into two sections. There is one normative
reference to the SIEVE base spec revision draft which has
already been submitted to the IESG. There is one informative
reference to the SIEVE variables extension draft that is in
the RFC Editor queue waiting on the revised base spec.
(1.i) IANA section verified.
(1.j) XML and ABNF validated.
The SIEVE notify extension adds an action that allows users to trigger
a notification to be sent when an incoming message matches some criteria.
The "base" specification defines a framework on how this action can be
used with a URI to specify the notification method. Subsequent documents
will profile different URI schemes for use with the notify action.
The draft has a detailed description of how interactions with other
SIEVE extensions/actions are handled.
The security considerations section covers several identified security
Working Group Summary
This document has been discussed and reviewed in the SIEVE Working Group.
There is strong consensus in the Working Group to publish this document
as a Proposed Standard.
Several implementers have indicated they will implement this extension.
Document Shepherd: Cyrus Daboo <mailto:firstname.lastname@example.org>
AD: Lisa Dusseault <mailto:email@example.com>