EXTRA @IETF110 (Prague virtual) === ## Agenda Friday 2021-03-12 15:30-16:30 Intro and Note Well: 5 min Current documents: * draft-ietf-extra-imap4rev2 - 15 min * draft-ietf-extra-quota - 10 min * draft-ietf-extra-sieve-mailboxid - 5 min * draft-ietf-extra-sieve-snooze - 10 min Milestone review: 5 min Future of the working group / AOB - 10 min ## Minutes AOB: Alexey has a barebones sieve IANA registry document. #### imap4rev2 * 10 revs since last meeting * description of changes from IESG review * there's an issue with STARTTLS where plaintext can be consided secure if pipelined - buggy server, but there's ways to be safe. * some servers in the past had a bug about COPY/MOVE auto-creating folders, now tighted from SHOULD. * Daniel with SECDIR review found issue with TLS ciphers. * private email about ENABLE, marked as allowed in a different state than ABNF. Also issues with injections of various responses if TLS not negotiated. - test with injecting LIST responses before login - researchers pointed out that PREAUTH response will force client to bypass STARTTLS - need client to either use SSL port or reject PREAUTH if not already STARTTLS. - ALERT response codes are displayed with URL highlighting, can be used for phishing. - text saying "before STARTTLS, ignore all alerts" * Bron: shows how bad STARTTLS is! Just connect to the SSL port. Bugs with clients that will send credentials over the cleartext link, etc. We should just mandate port 993 only! (but we can't realistically at this stage) * In RFC editor queue. * Might rev again in a year, but need implementations first. * Now is a good time to organise interops and implementations. ACTIONS: none! Alexey doesn't need anything. * maybe organise hackathon. #### quota * one revision since -03. ACTION: Bron to ship to IESG #### mailbox-sieve * Agree that adding the ABNF isn't needed. * Ken: ABNF that was removed was incorrect, needs to be FCC-OPTS * Alexey and Murray both have a weak preference. * Ken: issue is that base sieve spec wasn't written in a way to add new things to the grammar. The base spec itself doesn't even add the base actions. * Not sure how to add existing test and existing tagged argument * Barry: as someone who wrote sieve stuff, found it hard to do ABNF correctly. * Alexey: would like to separate the issues. ACTION: Bron will put FCC-OPTS extension. "Cannot be used alongside special use". #### sieve-snooze * changes since IETF109 done. * special "sieve snoozed" mailbox probably needs more text and Ken welcomes more text. * Ken was hoping Ned would be here, but we can ask for more feedback on the list. * Alexey - happy to go WGLC. ## what next? * Alexey could look at Sieve EAI in a couple of months * if imap4rev2 needs work, we could leave it running * Barry: when we chartered, idea was to leave it as a dormant working group, so good to leave dormant. * Ken: on actions registry, hold up snooze to do with? * Alexey: don't have to, if this goes first, then just include snooze on the other doc. * Sieve-EAI, is there demand? Alexey - implementations will need to be updated. * Barry and Alexey will look at. * Since uptake of EAI has been so slow, unlikely to be looked at - is whether we want suite to be complete for forms sake. ## Milestones * quota to IESG: Apr 2021 * sieve snooze to IESG: Apr 2021 * adopt April, submit Jul 2021 FINISHED 16:06.