"Protocols/APIs used to retrieve/verify external list membership MUST
provide at least the same level of confidentiality as protocols/APIs
used to retrieve Sieve scripts. For example, if Sieve scripts are
retrieved using LDAP secured with Transport Layer Security (TLS)
encryption, then the protocol used to retrieve external list
membership must use a comparable mechanism for providing connection
confidentiality. In particular, the protocol used to retrieve
external list membership must not be lacking encryption."
Use Case One: Public FOAF
how does banning access to public resources improve security?
Use Case Two: Web Services
how should an implementation judge whether a web service discovered
over UDDI (say) is more or less confidential than script storage in
LDAP (say)?
- robert