Here are the proposed changes to MANAGESIEVE that I mentioned at IETF.
These have been sent to and accepted by Tim Martin already:
1. Based on the fact that the server no longer auto-issues the
capabilities response (per draft -04), paragraph 3 of section 2.2 should
be changed to something like (stolen from RFC 2595):
Once TLS has been started, the client MUST discard cached
information about server capabilities and SHOULD re-issue the
CAPABILITY command. This is necessary to protect against
man-in-the-middle attacks which alter the capabilities list prior
to STARTTLS. The server MAY advertise different capabilities
after STARTTLS.
2. Based on Cyrus Murder/virtdomains work, Rob Siemborski and I propose
the following augmented Sieve URL grammar:
sieveurl = "sieve://" [ [ authinfo "@" ] hostport ] "/" scriptname
authinfo = authid [ ";" userid ]
authid = userid = *( unreserved | escaped |
":" | "&" | "=" | "+" | "$" | "," )
scriptname = *pchar
--
Kenneth Murchison Oceana Matrix Ltd.
Software Engineer 21 Princeton Place
716-662-8973 x26 Orchard Park, NY 14127
--PGP Public Key-- http://www.oceana.com/~ken/ksm.pgp