[Top] [All Lists]

Re: ManageSIEVE review: conflating two functions

2008-12-15 16:59:30

Alexey Melnikov wrote:

Lisa Dusseault wrote:

Ok, so there's already CHECKSCRIPT, which leaves me even more clueless why ADDSCRIPT would be defined to operate differently while anonymous, rather than just be disabled.

I probably need to add a bit of history on this:

Originally the document allowed a client to verify a script by specifying the empty script name in the PUTSCRIPT command. This was a bit of a hack. Then somebody suggested to use SASL ANONYMOUS authentication, which is a special authentication mechanism that tells the server that the user is effectively unauthenticated. Then Stephan pointed out that some sysadmins wouldn't want to just let any client to use their ManageSieve server for script verification (by allowing SASL ANONYMOUS), but would like to allow authenticated users to do script verfication. After some discussion with the WG the new CHECKSCRIPT command was added.

But anyway, now that you've mentioned this, I think there is no point in having script verification through ANONYMOUS. So I suggest deleting it.

And I've just found the following comment in my XML source (just before the paragraph):

<!--cref: Should this paragraph be deleted?-->