[Top] [All Lists]

Re: draft-segmuller-sieve-relation-01.txt

2001-10-03 07:42:26

--On Tuesday, October 02, 2001 3:46 PM -0700 
ned(_dot_)freed(_at_)mrochek(_dot_)com wrote:

I would like to keep the envelope part in the spec, because one thought
is a server wide Sieve script that would see the multiple recipients.
I'll add a section in the security concerns about this use.

Ah, but therein lies the problem: The sieve specification quite clearly
states that envelope only operates on the single recipient address the
sieve is associated with.

Short of revising the base sieve specification, this isn't something
you're going to be able to do. And given the security issues I see no
chance of such a revision passing muster.

Ok, I'll remove any reference to server wide Sieve scripts.

What if I add the notation:

With the current Sieve specifications, this extension has limited uses when used with the envelope test. The test for envelope "to" will always return 1 and the envelope "from" will always return either 0 or 1.

And in the security section:

An implementation MUST ensure that the test for envelope "to" only reflects the delivery to the current user.