Network Working Group Jutta Degener Internet Draft Sendmail, Inc. Expires: December 2004 June 2004 Sieve Extension: Copying Without Side Effects Status of this memo This document is an Internet-Draft and is subject to all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet- Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/1id-abstracts.html The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html Abstract The sieve scripting language allows users to control handling and disposal of their incoming e-mail. By default, an e-mail message that is processed by a sieve script is saved in the owner's "inbox". Actions such as "fileinto" and "redirect" cancel this default behavior. This document defines a new keyword parameter, ":copy", to be used with the sieve "fileinto" and "redirect" actions. Adding ":copy" to an action suppresses cancellation of the default "inbox" save. It allows users to add commands to an existing script without changing the meaning of the rest of the script. 1. Introduction The sieve scripting language [SIEVE] allows users to control handling and disposal of their incoming e-mail. Two frequently used sieve commands are "fileinto" (saving into a local message store, such as an IMAP server) and "redirect" (forwarding to another e-mail address). Both of these cancel the sieve default behavior of saving into the user's "inbox". But some users have the notion of forwarding an extra copy of a message for safekeeping to another e-mail address, or of saving a copy in a folder -- in addition to the regular message delivery, which shouldn't be affected by the copy. If saving an extra copy is all the user wanted to do, fileinto "unfiltered"; keep; would do the job. The "keep" command does explicitly what the canceled default behavior did. But the explicit "keep" is a poor substitute for the implicit keep when more processing follows: fileinto "unfiltered"; keep; if header "Subject" "MAKE MONEY FAST!!!" { discard; } In this example, the "discard" is ineffective against the explicit "keep"; the discarded message still ends up in the user's inbox. It is possible to generate sieve code that perfectly expresses a user's wishes, but such code quickly grows unwieldy because it needs to keep track of the state the implicit keep would have had without the fileinto or redirect command. This extension tries to make life easier for user interface designers and script writers by allowing them to express the "copy" semantics directly. 2. Conventions used. Conventions for notations are as in [SIEVE] section 1.1, including use of [KEYWORDS] and "Syntax:" label for the definition of action and tagged arguments syntax. The capability string associated with extension defined in this document is "copy". 3. ":copy" extension to the "fileinto" and "redirect" command. Syntax: "fileinto" [":copy"] "redirect" [":copy"] If the optional :copy keyword is specified with "fileinto" or "redirect", the tagged command does not cancel the implicit keep. Instead, it merely files or redirects a copy in addition to whatever else is happening to the message. Example: require ["copy", "fileinto"]; fileinto :copy "incoming"; # ... more processing follows ... 4. Security Considerations The "copy" extension makes it easier to eavesdrop on a user's message stream without the user noticing. This was technically possible before if an attacker gained read/write access to a user's sieve scripts, but now an attacker no longer needs to parse a script in order to modify it. Write access to sieve scripts must be protected as strongly as read/write access to e-mail, for example by using secure directory protocols such as correctly parametrized LDAP over TLS [LDAP]. Organizations that wish to monitor their users' e-mail traffic must familiarize themselves with local data protection laws before creating stores of old e-mail traffic without control or perhaps even knowledge of the sender or intended recipients. Organizations that legally use redirect :copy to eavesdrop on correspondence (for example, by keeping a log to later answer questions about insider trading) can avoid later problems by setting privacy expectations of their users correctly. 5. IANA Considerations The following template specifies the IANA registration of the "copy" Sieve extension specified in this document. To: iana@iana.org Subject: Registration of new Sieve extension Capability name: copy Capability keyword: copy Capability arguments: N/A Standards Track/IESG-approved experimental RFC number: this RFC Person and email address to contact for further information: Jutta Degener Sendmail, Inc. 6425 Christie Ave, 4th Floor Emeryville, CA 94608 Email: jutta@sendmail.com This information should be added to the list of sieve extensions given on http://www.iana.org/assignments/sieve-extensions. 6. Acknowledgments Thanks to Eric Allman, Ned Freed, Will Lee, Nigel Swinson, and Rand Wacker for corrections and comments. 7. Author's Address Jutta Degener Sendmail, Inc. 6425 Christie Ave, 4th Floor Emeryville, CA 94608 Email: jutta@sendmail.com Appendices Appendix A. Normative References [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997. [LDAP] M. Wahl, H. Alvestrand, J. Hodges, R. Morgan, "Authentication Methods for LDAP", RFC 2829, May 2000. [SIEVE] Showalter, T., "Sieve: A Mail Filtering Language", RFC 3028, January 2001. Appendix B. Intellectual Property Rights Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. Appendix C. Full Copyright Statement Copyright (C) The Internet Society 2004. All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.