Ballot for draft-ietf-jmap-sieve
Yes
No Objection
Note: This ballot was opened for revision 19 and is now closed.
I share the issues Roman mentioned in his comments. Additionally: blobId: Id The id of the blob containing the raw octets of the script. How is this Id specified? Also in "(UTF-8) octets" ? Can it contain control characters? Similar for other entries that don't specify the type, eg "accountId". onSuccessActivateScript: Id (optional) I read this first as "Id is optional" but after realizing this made no sense, I figured out that onSuccessActivateScript is optional. Perhaps write it as: onSuccessActivateScript (optional): Id or: [optional] onSuccessActivateScript: Id While I agree that the Security Considerations are those of JMAP and Sieve, I found that neither of those try to confirm Sieve modifications with some interactive user (eg imagine it requiring FaceID on my iphone to modify Sieve scripts). This would harden things a bit but arguably that not this documents problem to solve.
Thank you to Ines Robles for the GENART review. ** Section 1.2.1 The maximum length, in (UTF-8) octets, allowed for the name of a SieveScript. For compatibility with ManageSieve, this MUST be at least 512 (up to 128 Unicode characters). What’s a “(UTF-8) octet” as opposed to just a “octet”? ** Section 2.1 For compatibility with ManageSieve, servers MUST reject names that contain control characters What is the definition of “control characters”? Recommend either citing Section 1.6 of RFC5804 or repeating the guidance here. ** Section 2.4 If the id is either illegal or nonexistent, it MUST be ignored and the currently active SieveScript (if any) will remain as such. Is an “illegal” id the same as “invalid”? That might be clearer. ** Section 2.6 and 5. The SieveScript validation would appear to require the serve to parse and validate the provided SieveScript. Section 5 cites the security considerations of RFC5804 and RFC8620. The latter has Section 8.4 which discusses the considerations for JSON processing. Is there an equivalent for a Sieve script (which is not JSON).
I could have *sworn* that I already ballotted on this, but I don't see my ballot in the DT, so... ¯\_(ツ)_/¯