[Top] [All Lists]

Status of draft-martin-managesieve

2008-09-13 12:21:54

Hi folks,
Soon I will be posting -11. Below I am detailing the major changes in the document, most of which were prompted by Chris Newman's review of the document. And I will post a separate message(s) asking about some remaining changes that were suggested.

1). Clarified that inactivity timeout can be shorter than 30 mins before authentication.

2). Allowed characters in Sieve script names - I've changed the document to use NET-Unicode (RFC 5198) with some extra restrictions. The following characters are disallowed:

       0000-001F; [CONTROL CHARACTERS]
       007F; DELETE
       0080-009F; [CONTROL CHARACTERS]
       2028; LINE SEPARATOR

Please let me know if this look reasonable.

3). Clarified script name length limit in Unicode characters and octets. Clarified that the server MUST NOT truncate any name to its limit.

4). Described cases when AUTHENTICATE command can be pipelined with others.

5). Chris Newman pointed out that the document was missing text about certificate verification after successful STARTTLS. I've cut & pasted text from draft-hodges-server-ident-check-00.txt, however I've edited it and hoping that my version is better.

6). Added user language advertisement to CAPABILITY.

7). Clarified that all human readable strings are encoded in UTF-8.

8). Added new response codes to disambiguate deletion of the active script from deletion of a non existent script, new script name existing in RENAMESCRIPT, etc.

9). Changed NOOP response to return the client token in a response code, instead of the human readable portion of the response. This feels cleaner.

10). Extra text in the Security Considerations section talking about information about user accounts that might be disclosed by various response codes.

11). Various changes/fixes to ABNF, for example to show which commands are valid in which states, which responses are valid for which commands, etc.

12). Added a new requirement on clients to use SRV lookups to locate ManageSieve servers.

13). Added UNAUTHENTICATE command, so that the same connection can be reused by an administrative client that wants to manage scripts for different users.

<Prev in Thread] Current Thread [Next in Thread>