On Sep 22, 2007, at 6:16 PM, Alexey Melnikov wrote:
1). This is really no brainer. Any deployed mail system should have
a way to disable accounts. I would suggest adding the following:
Sieve implementations MUST provide facilities to allow
administrators to disable accounts abusing scripts.
Cullen, does this satisfy you?
Much of this thread is going in really the right direction but I do
need to comment on this one as I don't think I ever said anything
about being able to disable accounts. Of course I agree that
disabling accounts is a good idea - it never crossed my mind that
there might be any implementation that did not support this.
I suspect that a different things was being discussed that may have
lead to this idea about disabling accounts. Lisa or Chris was
explaining to me on one of the IESG calls that the ways you might
deal with misuse of sieve scripts changed on if it was more of and
enterprise style deployment or if it was that supported anonymous
accounts such as yahoo. I think the relevant factor here was if the
email account could be linked to a real human user thought I don't
recall Lisa or Chris every agreeing with this and I have no idea if
we are on the same page or not.
I am really lost on all the proposed changes and look forward to a
new version of the draft to follow all the changes.
The idea of separating scripts into harmless, harmful, unsure is
certainly an interesting path. It was not obvious to me how to do
this but it seems like if that advice is to restrict redirects to one
from harmful and unsure scripts, that would address my concerns.
Given that draft-ietf-sieve-variables-08 is approved, I suspect you
would want to deal with variables when describing the script analysis.
PS. I'm glad to keep bouncing emails around but my offer stands to
try some more interactive form of resolving this if people want to
try and move faster.