ietf-mta-filters
[Top] [All Lists]

Re: Updated Sieve notification draft

2005-09-28 01:44:18

On Tue, Sep 27, 2005 at 01:50:21PM +0100, Alexey Melnikov wrote:
This makes it sound like there are hard and fast rules between user status 
notifications and the setting of the priority parameter, yet the 
discussion is very brief and doesn't elaborate to rigorously define all 
those rules.  I also feel uneasy about adding syntax that permits only 3 
levels of priority.   I think we should either drop the parameter, or 
extend it to allow an almost arbitrary number and style of priority 
statuses, even if we only define 3 for now.  I'm thinking of the 
Priority/X-Priority/X-MSMail-Priority mess in mail headers.  I'd suggest a 
string which could be used with the relational draft to do numeric 
comparisons if desired.


Let me think about this one for a bit.

Just my two cent: Drop it.  The :id option might be renamed to :handle,
like for vacation.  If I wanted to use priorities, I would encode the
priority in the id and match that.

I am a bit puzzled by denotify anyway.  Obviously, notify predated
variables, thus duplicating some functionality.  Do we really need the
complexity of denotify?  How is the notify id scope defined? Does it
match the scope of variables with regard to including scripts?

I know :copy was invented to simplify scripts without having variables,
but it is cheap to implement.  Denotify looks like a can of worms to me.

5.  Security Consideration

Is there additional risk of mail loops when using this extension?


Yes, if you use mailto: URI schema. Or any other notification method 
that can be getawayed to mail.
But this is not an issue specific to Sieve notify.

It is and it is not.  Vacation goes into great detail about rate limiting,
among other reasons for that purpose.  With vacation, it makes sense,
because you are about to annoy other people.  Notify is usually directed
to yourself, but rate limiting may still be interesting.

The question is: Do we need rate limiting inside notify (preferably a
token bucket) or should a rate limit extension, expressed as new test,
be defined?

SMS are not for free and some protection against mail bombing causing
high costs should be offered.

Michael