draft-ietf-sieve-autoreply-02.txt   draft-ietf-sieve-autoreply-03.txt 
Sieve working group R. George Sieve working group R. George
Internet-Draft Internet-Draft B. Leiba
Intended status: Informational B. Leiba Intended status: Informational Huawei Technologies
Expires: April 15, 2011 Huawei Technologies Expires: June 6, 2011 A. Melnikov
A. Melnikov
Isode Limited Isode Limited
October 12, 2010 December 3, 2010
Sieve Email Filtering: Use of Presence Information with Auto Responder Sieve Email Filtering: Use of Presence Information with Auto Responder
functionality functionality
draft-ietf-sieve-autoreply-02 draft-ietf-sieve-autoreply-03
Abstract Abstract
This document describes how the Sieve email filtering language, along This document describes how the Sieve email filtering language, along
with some extensions, can be used to create automatic replies to with some extensions, can be used to create automatic replies to
incoming electronic mail messages based on the address book and incoming electronic mail messages based on the address book and
presence information of the recipient. presence information of the recipient.
Status of this Memo Status of this Memo
skipping to change at page 1, line 37 skipping to change at page 1, line 36
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on April 15, 2011. This Internet-Draft will expire on June 6, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2010 IETF Trust and the persons identified as the Copyright (c) 2010 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 32 skipping to change at page 3, line 32
This can be used in mail filtering software, email-based information This can be used in mail filtering software, email-based information
services, and other automatic responder situations. There are many services, and other automatic responder situations. There are many
programs currently in use that automatically respond to email. Some programs currently in use that automatically respond to email. Some
of them send many useless or unwanted responses, or send responses to of them send many useless or unwanted responses, or send responses to
inappropriate addresses. The mechanism described herein will help to inappropriate addresses. The mechanism described herein will help to
avoid those problems (but see the discussion in Section 4). avoid those problems (but see the discussion in Section 4).
Implementations need to take care of tracking previous messages Implementations need to take care of tracking previous messages
received from the same sender and they will start or stop sending received from the same sender and they will start or stop sending
responses as the presence status of the recipient changes. responses as the presence status of the recipient changes.
An important note, though: users of any auto-reply mechanism should
really think about whether automatic replies are necessary, and at
what interval they make sense when they are. Email is not Instant
Messaging, and senders generally expect that replies might take a
while. Consider whether it's truly important to tell people that
you'll read their mail in an hour or so, or whether that can just be
taken as how email works. There are times when this makes sense, but
let's not use it to exacerbate information overload.
2. How To Create Auto Replies 2. How To Create Auto Replies
When an email message arrives, the Sieve script can use the When an email message arrives, the Sieve script can use the
notify_method_capability of the Notify extension [RFC5435] to check notify_method_capability of the Notify extension [RFC5435] to check
the recipient's presence information. The Notify-presence extension the recipient's presence information. The Notify-presence extension
[I-D.ietf-sieve-notify-presence] makes additional presence, such as [I-D.ietf-sieve-notify-presence] makes additional presence, such as
"away" and "do not disturb" status, available. The script can use "away" and "do not disturb" status, available. The script can use
the External-lists extension [I-D.ietf-sieve-external-lists] to look the External-lists extension [I-D.ietf-sieve-external-lists] to look
the sender up in the recipient's address book or other list. If the the sender up in the recipient's address book or other list. If the
information retrieved warrants an auto-reply message, the message can information retrieved warrants an auto-reply message, the message can
skipping to change at page 8, line 12 skipping to change at page 8, line 18
to probe the presence information. One result of that can be that to probe the presence information. One result of that can be that
the sender discerns changes in the recipient's presence that the the sender discerns changes in the recipient's presence that the
sender would normally not be allowed to see, making this an sender would normally not be allowed to see, making this an
unintentional back door into the user's presence information. unintentional back door into the user's presence information.
Another result is that this can create a "covert channel", allowing Another result is that this can create a "covert channel", allowing
the recipient to send information to a sender by changing his the recipient to send information to a sender by changing his
presence information, his address book, and/or his Sieve script presence information, his address book, and/or his Sieve script
(though in this regard, the exposure is comparable to any other case (though in this regard, the exposure is comparable to any other case
of shared presence information). of shared presence information).
Finally, users of any auto-reply mechanism should really think about An autoresponder can cause leaks of other pieces of information,
whether automatic replies are necessary, and at what interval they including potentially providing the ability to attack cryptographic
make sense when they are. Email is not Instant Messaging, and keying material. For example, using the time it takes to perform an
senders generally expect that replies might take a while. Consider cryptographic operation, an attacker may obtain information about the
whether it's truly important to tell people that you'll read their secret key. An autoresponder that doesn't take timing into account
mail in an hour or so, or whether that can just be taken as how email could accidentally leak this kind of information.
works. There are times when this makes sense, but let's not use it
to exacerbate information overload. Moreover, if an autoresponder script directly returns the results of
a cryptographic operation, that could also provide an attack vector.
For example, if a script returns the results of a decryption
operation, an attacker can send an arbitrarily encrypted message and
use the results as a chosen cyphertext attack to decode the
encryption key. Authors of scripts should be careful in what
information they return to senders.
5. IANA Considerations 5. IANA Considerations
There are no IANA actions required by this document. There are no IANA actions required by this document.
6. Normative References 6. Normative References
[I-D.ietf-sieve-external-lists] [I-D.ietf-sieve-external-lists]
Melnikov, A. and B. Leiba, "Sieve Extension: Externally Melnikov, A. and B. Leiba, "Sieve Extension: Externally
Stored Lists", draft-ietf-sieve-external-lists-02 (work in Stored Lists", draft-ietf-sieve-external-lists-02 (work in
skipping to change at page 9, line 12 skipping to change at page 9, line 24
[RFC5230] Showalter, T. and N. Freed, "Sieve Email Filtering: [RFC5230] Showalter, T. and N. Freed, "Sieve Email Filtering:
Vacation Extension", RFC 5230, January 2008. Vacation Extension", RFC 5230, January 2008.
[RFC5435] Melnikov, A., Leiba, B., Segmuller, W., and T. Martin, [RFC5435] Melnikov, A., Leiba, B., Segmuller, W., and T. Martin,
"Sieve Email Filtering: Extension for Notifications", "Sieve Email Filtering: Extension for Notifications",
RFC 5435, January 2009. RFC 5435, January 2009.
Authors' Addresses Authors' Addresses
Robins George Robins George
Huawei Technologies
Bangalore, Karnataka 560071
India
Phone: +91-080-41117676
Email: robinsgv@gmail.com Email: robinsgv@gmail.com
Barry Leiba Barry Leiba
Huawei Technologies Huawei Technologies
Phone: +1 646 827 0648 Phone: +1 646 827 0648
Email: barryleiba@computer.org Email: barryleiba@computer.org
URI: http://internetmessagingtechnology.org/ URI: http://internetmessagingtechnology.org/
Alexey Melnikov Alexey Melnikov
 End of changes. 8 change blocks. 
15 lines changed or deleted 33 lines changed or added

This html diff was produced by rfcdiff 1.40. The latest version is available from http://tools.ietf.org/tools/rfcdiff/