[Fwd: Re: [secdir] secdir review of draft-ietf-sieve-notify-mailto-07.txt]
2008-03-26 06:22:41
--- Begin Message ---
Hi Hannes,
Below are my opinions as a Sieve WG participant and not as the Sieve WG
chair:
Hannes Tschofenig wrote:
[...]
o The "To:" header field and the envelope recipient(s) of the
notification message SHOULD be set to the address(es) specified in
the URI (including any URI headers where the hname is "to").
This could be a MUST as well. Otherwise you might want to say to what it is set in other cases.
Indeed.
o The "Subject:" field of the notification message MUST contain the
value defined by the :message notify tag, as described in
[Notify]. If there is no :message tag and there is a "subject"
header on the URI, then that value SHOULD be used. If that is
also absent, the subject SHOULD be retained from the triggering
message. Note that Sieve [Variables] can be used to advantage
here, as shown in the example in Section 3.
Shouldn't the last SHOULD be a MUST? There do not seem to be too many other useful choices.
Agreed. The only other choice I can think of is an implementation
defined string. I am not sure it is a good choice, but if it is, it
should be explicitly listed.
Actually I think that both SHOULDs should be MUSTs.
I am just imagining a support person trying to argue with a customer
about why a particular notification email had wrong subject, when the
"subject" URI header was specified.
o The "From:" header field of the notification message SHOULD be set
to the value of the ":from" parameter to the notify action, if one
is specified, has email address syntax and is valid according to
the implementation specific security checks (see Section 3.3 of
[Notify]). If ":from" is not specified or is not valid, the
"From:" header field of the notification message SHOULD be set
either to the envelope "to" field from the triggering message, as
used by Sieve, or to a fixed email address (so it "comes from the
notification system"), at the discretion of the implementation.
This may not be overridden by a "from" URI header, and any such
URI header MUST be ignored.
o If the envelope sender of the triggering message is empty, the
envelope sender of the notification message MUST be empty as well,
to avoid message loops. Otherwise, the envelope sender of the
notification message SHOULD be set to the value of the ":from"
parameter to the notify action, if one is specified, has email
address syntax and is valid according to the implementation
specific security checks (see Section 3.3 of [Notify]). If
":from" is not specified or is not valid, the envelope sender of
the notification message SHOULD be set either to the envelope "to"
field from the triggering message, as used by Sieve, or to a fixed
email address (so it "comes from the notification system"), at the
discretion of the implementation. This may not be overridden by a
"from" URI header, and any such URI header MUST be ignored.
For these two paragraphs the same question applies; why a SHOULD instead of a
MUST
I also think the SHOULDs should be MUSTs here.
I think "address ... is valid according to the implementation specific
security checks" already provides enough leeway to implementations if
they want not to use a particular :from value.
The part that reads:
If ":from" is not specified or is not valid, the envelope sender of
the notification message SHOULD be set either to the envelope "to"
field from the triggering message, as used by Sieve, or to a fixed
email address (so it "comes from the notification system"), at the
discretion of the implementation.
already list all possible alternatives, so I don't think it is a SHOULD
either.
--- End Message ---
<Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Fwd: Re: [secdir] secdir review of draft-ietf-sieve-notify-mailto-07.txt],
Alexey Melnikov <=
|
|
|