[Top] [All Lists]

Re: [sieve] Working group last call on draft-ietf-sieve-include

2011-09-24 13:19:24
On Sat, Sep 24, 2011 at 4:08 PM, Alexey Melnikov
<alexey(_dot_)melnikov(_at_)isode(_dot_)com> wrote:
Aaron Stone wrote:


In the case of a MUST, it means that a valid includes implementation
imposes a script naming restriction. If a site isn't using
managesieve, would that site really need to accept the name

If you don't make it a MUST, then nobody can be relied upon the rule.

I'm a little unclear why allowing people to rely on this rule should
be seen as good thing...

1. Can anyone think of a use case that could be satisfied best by an
author intentionally including a restricted script name?

2. Allowing implementors to rely on this rule may create a false sense
of security, and so may encourage them to neglect proper checks on
names before accessing their backing store. What are the positive
benefits that outweigh this risk?

In any case, I think reminding people about potential attacks in "4.
Security Considerations" would be useful, so I would like to see
something like [1] included


[1] Sieve implementations MUST check that script names are safe for
use with their storage system. Any script including a name which could
be used as a vector to attack the system used to store scripts MUST be
sieve mailing list