* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Extra Status Pages

Email mailstore and eXtensions To Revise or Amend (Active WG)
Art Area: Francesca Palombini, Murray Kucherawy | 2017-Sep-13 —  
Chairs
 
 


IETF-110 extra minutes

Session 2021-03-12 1530-1630: Room 1 - extra chatroom

Minutes

minutes-110-extra-00 minutes



          EXTRA @IETF110 (Prague virtual)
          ===
          
          ## Agenda
          
          Friday 2021-03-12 15:30-16:30
          
          Intro and Note Well: 5 min
          
          Current documents:
          
          * draft-ietf-extra-imap4rev2 - 15 min
          * draft-ietf-extra-quota - 10 min
          * draft-ietf-extra-sieve-mailboxid - 5 min
          * draft-ietf-extra-sieve-snooze - 10 min
          
          Milestone review: 5 min
          
          Future of the working group / AOB - 10 min
          
          ## Minutes
          
          AOB: Alexey has a barebones sieve IANA registry document.
          
          #### imap4rev2
          
          * 10 revs since last meeting
          * description of changes from IESG review
          * there's an issue with STARTTLS where plaintext can be consided secure
          if pipelined - buggy server, but there's ways to be safe.
          * some servers in the past had a bug about COPY/MOVE auto-creating
          folders, now tighted from SHOULD.
          
          * Daniel with SECDIR review found issue with TLS ciphers.
          
          * private email about ENABLE, marked as allowed in a different state
          than ABNF.  Also issues with injections of various responses if TLS
          not negotiated.
              - test with injecting LIST responses before login
              - researchers pointed out that PREAUTH response will force client
              to bypass STARTTLS
              - need client to either use SSL port or reject PREAUTH if not
              already STARTTLS.
              - ALERT response codes are displayed with URL highlighting, can be
              used for phishing.
              - text saying "before STARTTLS, ignore all alerts"
          * Bron: shows how bad STARTTLS is!  Just connect to the SSL port.  Bugs
          with clients that will send credentials over the cleartext link, etc.
          We should just mandate port 993 only! (but we can't realistically at
          this stage)
          
          * In RFC editor queue.
          * Might rev again in a year, but need implementations first.
          * Now is a good time to organise interops and implementations.
          
          ACTIONS: none!  Alexey doesn't need anything.
          * maybe organise hackathon.
          
          #### quota
          
          * one revision since -03.
          
          ACTION: Bron to ship to IESG
          
          #### mailbox-sieve
          
          * Agree that adding the ABNF isn't needed.
          * Ken: ABNF that was removed was incorrect, needs to be FCC-OPTS
          * Alexey and Murray both have a weak preference.
          * Ken: issue is that base sieve spec wasn't written in a way to add
          new things to the grammar.  The base spec itself doesn't even add the
          base actions.
          * Not sure how to add existing test and existing tagged argument
          * Barry: as someone who wrote sieve stuff, found it hard to do ABNF
          correctly.
          * Alexey: would like to separate the issues.
          
          ACTION: Bron will put FCC-OPTS extension.  "Cannot be used alongside
          special use".
          
          #### sieve-snooze
          
          * changes since IETF109 done.
          
          * special "sieve snoozed" mailbox probably needs more text and Ken
          welcomes more text.
          
          * Ken was hoping Ned would be here, but we can ask for more feedback on
          the list.
          
          * Alexey - happy to go WGLC.
          
          
          ## what next?
          
          * Alexey could look at Sieve EAI in a couple of months
          * if imap4rev2 needs work, we could leave it running
          * Barry: when we chartered, idea was to leave it as a dormant working
          group, so good to leave dormant.
          * Ken: on actions registry, hold up snooze to do with?
              * Alexey: don't have to, if this goes first, then just include snooze
              on the other doc.
          
          * Sieve-EAI, is there demand?  Alexey - implementations will need to
          be updated.
              * Barry and Alexey will look at.
              * Since uptake of EAI has been so slow, unlikely to be looked at -
              is whether we want suite to be complete for forms sake.
          
          ## Milestones
          
          * quota to IESG: Apr 2021
          * sieve snooze to IESG: Apr 2021
          * adopt April, submit Jul 2021
          
          
          FINISHED 16:06.
          
          



Generated from PyHt script /wg/extra/minutes.pyht Latest update: 24 Oct 2012 16:51 GMT -