[Top] [All Lists]

Re: Cullen's DISCUSS on draft-ietf-sieve-3028bis-12.txt, take 2

2007-10-01 06:10:12

On Sep 22, 2007, at 6:16 PM, Alexey Melnikov wrote:

1). This is really no brainer. Any deployed mail system should have a way to disable accounts. I would suggest adding the following:

Sieve implementations MUST provide facilities to allow administrators to disable accounts abusing scripts.

Cullen, does this satisfy you?

Much of this thread is going in really the right direction but I do need to comment on this one as I don't think I ever said anything about being able to disable accounts. Of course I agree that disabling accounts is a good idea - it never crossed my mind that there might be any implementation that did not support this.

I suspect that a different things was being discussed that may have lead to this idea about disabling accounts. Lisa or Chris was explaining to me on one of the IESG calls that the ways you might deal with misuse of sieve scripts changed on if it was more of and enterprise style deployment or if it was that supported anonymous accounts such as yahoo. I think the relevant factor here was if the email account could be linked to a real human user thought I don't recall Lisa or Chris every agreeing with this and I have no idea if we are on the same page or not.

I am really lost on all the proposed changes and look forward to a new version of the draft to follow all the changes.

The idea of separating scripts into harmless, harmful, unsure is certainly an interesting path. It was not obvious to me how to do this but it seems like if that advice is to restrict redirects to one from harmful and unsure scripts, that would address my concerns. Given that draft-ietf-sieve-variables-08 is approved, I suspect you would want to deal with variables when describing the script analysis.

PS. I'm glad to keep bouncing emails around but my offer stands to try some more interactive form of resolving this if people want to try and move faster.

<Prev in Thread] Current Thread [Next in Thread>