ietf-mta-filters
[Top] [All Lists]

Re: ManageSIEVE review: conflating two functions

2008-12-15 16:59:28

Lisa Dusseault wrote:

Ok, so there's already CHECKSCRIPT, which leaves me even more clueless why ADDSCRIPT would be defined to operate differently while anonymous, rather than just be disabled.

I probably need to add a bit of history on this:

Originally the document allowed a client to verify a script by specifying the empty script name in the PUTSCRIPT command. This was a bit of a hack. Then somebody suggested to use SASL ANONYMOUS authentication, which is a special authentication mechanism that tells the server that the user is effectively unauthenticated. Then Stephan pointed out that some sysadmins wouldn't want to just let any client to use their ManageSieve server for script verification (by allowing SASL ANONYMOUS), but would like to allow authenticated users to do script verfication. After some discussion with the WG the new CHECKSCRIPT command was added.

But anyway, now that you've mentioned this, I think there is no point in having script verification through ANONYMOUS. So I suggest deleting it.

Lisa

On Dec 15, 2008, at 11:44 AM, Lisa Dusseault wrote:

Anonymous mode:

  Implementations MAY advertise the ANONYMOUS SASL mechanism
  [SASL-ANON].  This indicates that the server supports ANONYMOUS  SIEVE
  script syntax verification.  Only the CAPABILITY, PUTSCRIPT and
  LOGOUT commands are available to the anonymous user.  All other
  commands defined in the base ManageSieve protocol MUST give NO
  responses, however ManageSieve extensions MAY allow other commands  in
  the ANONYMOUS Sieve script verification mode.  Furthermore the
  PUTSCRIPT command MUST NOT persistently store any data.  In this  mode
  a positive response to the PUTSCRIPT command indicates that the  given
  script does not have any syntax errors.

This conflates two things (which is generally bad for extensibility): anonymous authentication, with script syntax verification. It would be better not to conflate these things, in case there is ever any other purpose to anonymous mode, or any need for script syntax verification while authenticated. How about a TRYSCRIPT method that acts as PUTSCRIPT but never stores the script? Then the anonymous mode can be defined, in this version of managesieve, as allowing TRYSCRIPT but not PUTSCRIPT.