draft-ietf-sieve-managesieve-07.txt   draft-ietf-sieve-managesieve-08.txt 
Sieve Working Group A. Melnikov, Ed. Sieve Working Group A. Melnikov, Ed.
Internet-Draft Isode Limited Internet-Draft Isode Limited
Intended status: Standards Track T. Martin Intended status: Standards Track T. Martin
Expires: July 19, 2009 BeThereBeSquare Inc. Expires: July 19, 2009 BeThereBeSquare Inc.
January 15, 2009 January 15, 2009
A Protocol for Remotely Managing Sieve Scripts A Protocol for Remotely Managing Sieve Scripts
draft-ietf-sieve-managesieve-07 draft-ietf-sieve-managesieve-08
Status of this Memo Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 3, line 28 skipping to change at page 3, line 28
2. Commands . . . . . . . . . . . . . . . . . . . . . . . . . 12 2. Commands . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.1. AUTHENTICATE Command . . . . . . . . . . . . . . . . . . . 12 2.1. AUTHENTICATE Command . . . . . . . . . . . . . . . . . . . 12
2.1.1. Use of SASL PLAIN mechanism over TLS . . . . . . . . . . . 17 2.1.1. Use of SASL PLAIN mechanism over TLS . . . . . . . . . . . 17
2.2. STARTTLS Command . . . . . . . . . . . . . . . . . . . . . 17 2.2. STARTTLS Command . . . . . . . . . . . . . . . . . . . . . 17
2.2.1. Server Identity Check . . . . . . . . . . . . . . . . . . 18 2.2.1. Server Identity Check . . . . . . . . . . . . . . . . . . 18
2.3. LOGOUT Command . . . . . . . . . . . . . . . . . . . . . . 21 2.3. LOGOUT Command . . . . . . . . . . . . . . . . . . . . . . 21
2.4. CAPABILITY Command . . . . . . . . . . . . . . . . . . . . 21 2.4. CAPABILITY Command . . . . . . . . . . . . . . . . . . . . 21
2.5. HAVESPACE Command . . . . . . . . . . . . . . . . . . . . 21 2.5. HAVESPACE Command . . . . . . . . . . . . . . . . . . . . 21
2.6. PUTSCRIPT Command . . . . . . . . . . . . . . . . . . . . 22 2.6. PUTSCRIPT Command . . . . . . . . . . . . . . . . . . . . 22
2.7. LISTSCRIPTS Command . . . . . . . . . . . . . . . . . . . 24 2.7. LISTSCRIPTS Command . . . . . . . . . . . . . . . . . . . 24
2.8. SETACTIVE Command . . . . . . . . . . . . . . . . . . . . 25 2.8. SETACTIVE Command . . . . . . . . . . . . . . . . . . . . 24
2.9. GETSCRIPT Command . . . . . . . . . . . . . . . . . . . . 25 2.9. GETSCRIPT Command . . . . . . . . . . . . . . . . . . . . 25
2.10. DELETESCRIPT Command . . . . . . . . . . . . . . . . . . . 26 2.10. DELETESCRIPT Command . . . . . . . . . . . . . . . . . . . 25
2.11. RENAMESCRIPT Command . . . . . . . . . . . . . . . . . . . 26 2.11. RENAMESCRIPT Command . . . . . . . . . . . . . . . . . . . 26
2.12. CHECKSCRIPT Command . . . . . . . . . . . . . . . . . . . 27 2.12. CHECKSCRIPT Command . . . . . . . . . . . . . . . . . . . 27
2.13. NOOP Command . . . . . . . . . . . . . . . . . . . . . . . 28 2.13. NOOP Command . . . . . . . . . . . . . . . . . . . . . . . 28
2.14. Recommended extensions . . . . . . . . . . . . . . . . . . 29 2.14. Recommended extensions . . . . . . . . . . . . . . . . . . 28
2.14.1. UNAUTHENTICATE Command . . . . . . . . . . . . . . . . . . 29 2.14.1. UNAUTHENTICATE Command . . . . . . . . . . . . . . . . . . 28
3. Sieve URL Scheme . . . . . . . . . . . . . . . . . . . . . 29 3. Sieve URL Scheme . . . . . . . . . . . . . . . . . . . . . 29
4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . 32 4. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . 32
5. Security Considerations . . . . . . . . . . . . . . . . . 38 5. Security Considerations . . . . . . . . . . . . . . . . . 38
6. IANA Considerations . . . . . . . . . . . . . . . . . . . 38 6. IANA Considerations . . . . . . . . . . . . . . . . . . . 39
6.1. ManageSieve Capability Registration Template . . . . . . . 39 6.1. ManageSieve Capability Registration Template . . . . . . . 39
6.2. Registration of Initial ManageSieve capabilities . . . . . 39 6.2. Registration of Initial ManageSieve capabilities . . . . . 39
6.3. ManageSieve Response Code Registration Template . . . . . 42 6.3. ManageSieve Response Code Registration Template . . . . . 42
6.4. Registration of Initial ManageSieve Response Codes . . . . 42 6.4. Registration of Initial ManageSieve Response Codes . . . . 42
7. Internationalization Considerations . . . . . . . . . . . 47 7. Internationalization Considerations . . . . . . . . . . . 48
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 48 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 48
9. References . . . . . . . . . . . . . . . . . . . . . . . . 48 9. References . . . . . . . . . . . . . . . . . . . . . . . . 49
9.1. Normative References . . . . . . . . . . . . . . . . . . . 48 9.1. Normative References . . . . . . . . . . . . . . . . . . . 49
9.2. Informative References . . . . . . . . . . . . . . . . . . 50 9.2. Informative References . . . . . . . . . . . . . . . . . . 50
Authors' Addresses . . . . . . . . . . . . . . . . . . . . 51 Authors' Addresses . . . . . . . . . . . . . . . . . . . . 51
1. Introduction 1. Introduction
1.1. Conventions used in this document 1.1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
skipping to change at page 19, line 33 skipping to change at page 19, line 33
implementation may represent DNs in certificates according to implementation may represent DNs in certificates according to
X.500 or other conventions. For example, some X.500 X.500 or other conventions. For example, some X.500
implementations order the RDNs in a DN using a left-to-right implementations order the RDNs in a DN using a left-to-right
(most significant to least significant) convention instead of (most significant to least significant) convention instead of
LDAP's right- to-left convention. LDAP's right- to-left convention.
o When the reference identity is an IP address, the iPAddress o When the reference identity is an IP address, the iPAddress
subjectAltName SHOULD be used by the client for comparison. The subjectAltName SHOULD be used by the client for comparison. The
comparison is performed as described in Section 2.2.1.2. comparison is performed as described in Section 2.2.1.2.
o In either case the client MAY map the reference identity to a
different type prior to performing a comparison. Mappings may be
performed for all available subjectAltName types to which the
reference identity can be mapped; however, the reference identity
should only be mapped to types for which the mapping is either
inherently secure (e.g., extracting the DNS hostname from a URI)
or for which the mapping is performed in a secure manner (e.g.,
using DNSSEC, or using user- or admin-configured host-to-address/
address-to-host lookup tables).
If the server identity check fails, user-oriented clients SHOULD If the server identity check fails, user-oriented clients SHOULD
either notify the user (clients MAY give the user the opportunity to either notify the user (clients MAY give the user the opportunity to
continue with the ManageSieve session in this case) or close the continue with the ManageSieve session in this case) or close the
transport connection and indicate that the server's identity is transport connection and indicate that the server's identity is
suspect. Automated clients SHOULD return or log an error indicating suspect. Automated clients SHOULD return or log an error indicating
that the server's identity is suspect and/or SHOULD close the that the server's identity is suspect and/or SHOULD close the
transport connection. Automated clients MAY provide a configuration transport connection. Automated clients MAY provide a configuration
setting that disables this check, but MUST provide a setting which setting that disables this check, but MUST provide a setting which
enables it. enables it.
skipping to change at page 38, line 43 skipping to change at page 38, line 43
Some response codes returned on failed AUTHENTICATE command may Some response codes returned on failed AUTHENTICATE command may
disclose whether or not the username is valid (e.g. TRANSITION- disclose whether or not the username is valid (e.g. TRANSITION-
NEEDED), so server implementations SHOULD provide the ability to NEEDED), so server implementations SHOULD provide the ability to
disable these features (or make them not conditional on a per-user disable these features (or make them not conditional on a per-user
basis) for sites concerned about such disclosure. In the case of basis) for sites concerned about such disclosure. In the case of
ENCRYPT-NEEDED, if it is applied to all identities then no extra ENCRYPT-NEEDED, if it is applied to all identities then no extra
information is disclosed, but if it is applied on a per-user basis it information is disclosed, but if it is applied on a per-user basis it
can disclose information. can disclose information.
A compromised or malicious server can use the TRANSITION-NEEDED
response code to force the client which is configured to use a
mechanism that does not disclose the user's password to the server
(e.g., Kerberos), to send the bare password to the server. Clients
SHOULD have the ability to disable the password transition feature,
or disclose that risk to the user and offer the user an option how to
proceed.
6. IANA Considerations 6. IANA Considerations
IANA is requested to reserve a TCP port number for use with the IANA is requested to reserve a TCP port number for use with the
ManageSieve protocol described in this document. ManageSieve protocol described in this document.
IANA is requested to register the "sieve" URI scheme defined in IANA is requested to register the "sieve" URI scheme defined in
Section 3 of this document. Section 3 of this document.
IANA is requested to register "sieve" in the "GSSAPI/Kerberos/SASL IANA is requested to register "sieve" in the "GSSAPI/Kerberos/SASL
Service Names" registry. Service Names" registry.
 End of changes. 9 change blocks. 
19 lines changed or deleted 17 lines changed or added

This html diff was produced by rfcdiff 1.35. The latest version is available from http://tools.ietf.org/tools/rfcdiff/