Lisa Dusseault wrote:
Ok, so there's already CHECKSCRIPT, which leaves me even more
clueless why ADDSCRIPT would be defined to operate differently while
anonymous, rather than just be disabled.
I probably need to add a bit of history on this:
Originally the document allowed a client to verify a script by
specifying the empty script name in the PUTSCRIPT command. This was a
bit of a hack.
Then somebody suggested to use SASL ANONYMOUS authentication, which is a
special authentication mechanism that tells the server that the user is
effectively unauthenticated.
Then Stephan pointed out that some sysadmins wouldn't want to just let
any client to use their ManageSieve server for script verification (by
allowing SASL ANONYMOUS), but would like to allow authenticated users to
do script verfication. After some discussion with the WG the new
CHECKSCRIPT command was added.
But anyway, now that you've mentioned this, I think there is no point in
having script verification through ANONYMOUS. So I suggest deleting it.
Lisa
On Dec 15, 2008, at 11:44 AM, Lisa Dusseault wrote:
Anonymous mode:
Implementations MAY advertise the ANONYMOUS SASL mechanism
[SASL-ANON]. This indicates that the server supports ANONYMOUS SIEVE
script syntax verification. Only the CAPABILITY, PUTSCRIPT and
LOGOUT commands are available to the anonymous user. All other
commands defined in the base ManageSieve protocol MUST give NO
responses, however ManageSieve extensions MAY allow other commands in
the ANONYMOUS Sieve script verification mode. Furthermore the
PUTSCRIPT command MUST NOT persistently store any data. In this mode
a positive response to the PUTSCRIPT command indicates that the given
script does not have any syntax errors.
This conflates two things (which is generally bad for
extensibility): anonymous authentication, with script syntax
verification. It would be better not to conflate these things, in
case there is ever any other purpose to anonymous mode, or any need
for script syntax verification while authenticated. How about a
TRYSCRIPT method that acts as PUTSCRIPT but never stores the
script? Then the anonymous mode can be defined, in this version of
managesieve, as allowing TRYSCRIPT but not PUTSCRIPT.