JMAP K. Murchison Internet-Draft Fastmail Intended status: Standards Track September 22, 2020 Expires: March 26, 2021 JMAP for Sieve Scripts draft-ietf-jmap-sieve-01 Abstract This document specifies a data model for managing Sieve scripts on a server using JMAP. Open Issues o Do we need/want both "content" and "blobId" in the SieveScript object? It may be simpler to have just one way of specifying content and "blobId" is more versatile and doesn't require JSON- encoding of the content. Furthermore, use of the forthcoming(?) Blob/set method would avoid the extra roundtrip of having to upload the blob first. o The strawman for SieveScript/test only uses blobIds. Will this have to change once the issue regarding content/blobId in SieveScript is resolved? o Should ":fcc" and associated arguments (e.g., ":flags", ":create":, etc) reported in the /test response be in their own "fcc" sub-object rather than listed inline with the rest of the arguments for the action? Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on March 26, 2021. Murchison Expires March 26, 2021 [Page 1] Internet-Draft JMAP Sieve September 2020 Copyright Notice Copyright (c) 2020 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Notational Conventions . . . . . . . . . . . . . . . . . 3 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 1.3. Addition to the Capabilities Object . . . . . . . . . . . 3 1.3.1. urn:ietf:params:jmap:sieve . . . . . . . . . . . . . 3 2. Sieve Scripts . . . . . . . . . . . . . . . . . . . . . . . . 5 2.1. SieveScript/get . . . . . . . . . . . . . . . . . . . . . 6 2.2. SieveScript/set . . . . . . . . . . . . . . . . . . . . . 6 2.3. SieveScript/query . . . . . . . . . . . . . . . . . . . . 8 2.4. SieveScript/validate . . . . . . . . . . . . . . . . . . 9 2.5. SieveScript/test . . . . . . . . . . . . . . . . . . . . 10 2.5.1. Example . . . . . . . . . . . . . . . . . . . . . . . 13 3. Security Considerations . . . . . . . . . . . . . . . . . . . 16 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 4.1. JMAP Capability Registration for "sieve" . . . . . . . . 16 4.2. JMAP Error Codes Registry . . . . . . . . . . . . . . . . 16 4.2.1. scriptNameExists . . . . . . . . . . . . . . . . . . 16 4.2.2. tooManyScripts . . . . . . . . . . . . . . . . . . . 16 4.2.3. invalidScript . . . . . . . . . . . . . . . . . . . . 17 4.2.4. scriptIsActive . . . . . . . . . . . . . . . . . . . 17 5. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 17 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 17 6.1. Normative References . . . . . . . . . . . . . . . . . . 18 6.2. Informative References . . . . . . . . . . . . . . . . . 19 Appendix A. Change History (To be removed by RFC Editor before publication) . . . . . . . . . . . . . . . . . . . . 19 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 19 Murchison Expires March 26, 2021 [Page 2] Internet-Draft JMAP Sieve September 2020 1. Introduction JMAP ([RFC8620] - JSON Meta Application Protocol) is a generic protocol for synchronizing data, such as mail, calendars or contacts, between a client and a server. It is optimized for mobile and web environments, and aims to provide a consistent interface to different data types. This specification defines a data model for managing Sieve [RFC5228] scripts on a server using JMAP. The data model is designed to allow a server to provide consistent access to the same scripts via ManageSieve [RFC5804] as well as JMAP, however the functionality offered over the two protocols may differ. 1.1. Notational Conventions The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. Type signatures, examples, and property descriptions in this document follow the conventions established in Section 1.1 of [RFC8620]. Data types defined in the core specification are also used in this document. 1.2. Terminology The same terminology is used in this document as in the core JMAP specification, see [RFC8620], Section 1.6. The term SieveScript (with this specific capitalization) is used to refer to the data type defined in this document and instances of those data types. 1.3. Addition to the Capabilities Object The capabilities object is returned as part of the JMAP Session object; see [RFC8620], Section 2. This document defines one additional capability URI. 1.3.1. urn:ietf:params:jmap:sieve This represents support for the SieveScript data type and associated API methods. The value of this property in the JMAP Session capabilities property is an empty object. Murchison Expires March 26, 2021 [Page 3] Internet-Draft JMAP Sieve September 2020 The value of this property in an account's accountCapabilities property is an object that MUST contain the following information on server capabilities: o *supportsTest*: "Boolean" If true, the server supports the SieveScript/test (Section 2.5) method. o *maxNumberRedirects*: "UnsignedInt|null" The maximum number of Sieve "redirect" actions a script can perform during a single evaluation (see [RFC5804], Section 1.7), or "null" for no limit. o *maxNumberScripts*: "UnsignedInt|null" The maximum number of Sieve scripts the server is willing to store for the user, or "null" for no limit. o *maxSizeScript*: "UnsignedInt|null" The maximum size (in octets) of a Sieve script the server is willing to store for the user, or "null" for no limit. o *sieveExtensions*: "String[]" A list of case-sensitive Sieve capability strings (as listed in Sieve "require" action [RFC5228], Section 3.2) indicating the extensions supported by the Sieve engine. o *notificationMethods*: "String[]|null" A list of URI schema parts [RFC3986] for notification methods supported by the Sieve "enotify" extension [RFC5435], or "null" if the extension is not supported by the Sieve engine. Murchison Expires March 26, 2021 [Page 4] Internet-Draft JMAP Sieve September 2020 o *externalLists*: "String[]|null" A list of URI schema parts [RFC3986] for externally stored list types supported by the Sieve "extlists" extension [RFC6134], or "null" if the extension is not supported by the Sieve engine. 2. Sieve Scripts A *SieveScript* object represents a single Sieve [RFC5228] script. A user may have multiple SieveScripts on the server, yet only one script may be used for filtering of incoming messages. This is the active script. Users may have zero or one active script. The SieveScript/set (Section 2.2) method described below is used for changing the active script or disabling Sieve processing. A *SieveScript* object has the following properties: o *id*: "Id" (immutable; server-set) The id of the script. o *name*: "String" The unique user-visible name for the script, subject to the requirements in [RFC5804], Section 1.6. o *content*: "String" The raw octets of the script [RFC5228]. Note that both Sieve and JSON require encoding of special characters which MUST be done in the following order: 1. Escape any double quote (") or backslash (\) characters appearing inside of quoted strings in the Sieve code per Section 2.4.2 of [RFC5228]. E.g., A string containing the value \foo becomes "\\foo". 2. Escape any double quote ("), backslash (\), tab, carriage return, or line feed characters appearing in the resultant Sieve code per Section 7 of [RFC8259]. E.g., The example string in step 1 becomes \"\\\\foo\". o *blobId*: "Id" (immutable) Murchison Expires March 26, 2021 [Page 5] Internet-Draft JMAP Sieve September 2020 The id of the blob containing the raw octets of the script [RFC5228]. o *isActive*: "Boolean" (server-set; default: false) Is this the user's active script? Example (using the Imap4Flags [RFC5232] Extension): { "id": "Sabc", "blobId": "Bxyz", "name": "example.siv", "content": "require [ \"imap4flags\" ];\r\nkeep :flags \"\\\\flagged\";", "isActive": false } 2.1. SieveScript/get This is a standard "/get" method as described in [RFC8620], Section 5.1. The _ids_ argument may be "null" to fetch all at once. This method provides similar functionality to the GETSCRIPT and LISTSCRIPTS commands in [RFC5804]. 2.2. SieveScript/set This is a standard "/set" method as described in [RFC8620], Section 5.3 but with the following additional request arguments, either of which may be omitted: o *replaceOnCreate*: "Boolean" (default: false) If false, any attempt to create a SieveScript having the same "name" property as an existing SieveScript MUST be rejected with a "scriptNameExists" SetError. If true, the existing SieveScript will be destroyed and the new SieveScript created as a single atomic action. The id of the replaced SieveScript MUST be reported in the "destroyed" argument in the response. o *onSuccessActivateScript*: "Id|null" Murchison Expires March 26, 2021 [Page 6] Internet-Draft JMAP Sieve September 2020 The id of the SieveScript to activate if the create/update/destroy succeeds. (For references to SieveScript creations, this is equivalent to a creation-reference, so the id will be the creation id prefixed with a "#".) If "null", the currently active script (if any) will be deactivated. If this argument is not present in the request, the currently active script (if any) will remain as such. The id of the activated acript MUST be reported in the "created" or "updated" argument in the response as appropriate. The id of the deactivated script, if any, MUST be reported in the "updated" argument in the response unless the script was also destroyed. This method provides similar functionality to the PUTSCRIPT, DELETESCRIPT, RENAMESCRIPT, and SETACTIVE commands in [RFC5804]. When creating or updating a script, a client MUST include either a _content_ or a _blobId_ property. A request that includes neither or both properties MUST be rejected with an "invalidProperties" SetError. The server MUST check the script content for syntactic validity, which includes checking that all Sieve extensions mentioned in Sieve script "require" statement(s) are supported by the Sieve interpreter. (Note that if the Sieve interpreter supports the Sieve "ihave" extension [RFC5463], any unrecognized/unsupported extension mentioned in the "ihave" test MUST NOT cause the syntactic validation failure.) A script of zero length SHOULD be considered invalid. If the script content is invalid the request MUST be rejected with a "invalidScript" SetError. Note that simply activating or deactivating a script without changing any script content is accomplished via a request containing an "onSuccessActivateScript" argument and "null" "create", "update", and "delete" arguments. The following extra SetError types are defined: For "create": o *scriptNameExists*: A SieveScript already exists with the given *name* property, and the "replaceOnCreate" argument was false. An _existingId_ property of type _Id_ MUST be included on the SetError object with the id of the existing SieveScript. Murchison Expires March 26, 2021 [Page 7] Internet-Draft JMAP Sieve September 2020 o *tooManyScripts*: Creating the SieveScript would exceed the *maxNumberScripts* limit (see Section 1.3.1). For "create" and "update": o *invalidScript*: The SieveScript violates the Sieve grammar [RFC5228] and/or one or more extensions mentioned in the script's "require" statement(s) are not supported by the Sieve interpreter. The _description_ property on the SetError object SHOULD contain a specific error message giving the line number of the first error. For "destroy": o *scriptIsActive*: The SieveScript is active and the "onSuccessActivateScript" argument was not present. 2.3. SieveScript/query This is a standard "/query" method as described in [RFC8620], Section 5.5. A _FilterCondition_ object has the following properties, any of which may be omitted: o *name*: "String" The SieveScript "name" property contains the given string. o *isActive*: "Boolean" The "isActive" property of the SieveScript must be identical to the value given to match the condition. The following SieveScript properties MUST be supported for sorting: Murchison Expires March 26, 2021 [Page 8] Internet-Draft JMAP Sieve September 2020 o "name" o "isActive" 2.4. SieveScript/validate This method is used by the client to verify Sieve script validity without storing the script on the server. The method provides similar functionality to the CHECKSCRIPT command in [RFC5804]. The *SieveScript/validate* method takes the following arguments: o *accountId*: "Id" The id of the account to use. o *content*: "String" The raw octets of the script [RFC5228]. o *blobId*: "Id" (immutable) The id of the blob containing the raw octets of the script [RFC5228]. A client MUST include either a _content_ or a _blobId_ property. A request that includes neither or both properties MUST be rejected with an "invalidProperties" SetError. The _content_ property, if used, MUST be encoded following the same procedure as for the _content_ property in the SieveScript (Section 2) object. The server MUST check the script content for syntactic validity, which includes checking that all Sieve extensions mentioned in Sieve script "require" statement(s) are supported by the Sieve interpreter. (Note that if the Sieve interpreter supports the Sieve "ihave" extension [RFC5463], any unrecognized/unsupported extension mentioned in the "ihave" test MUST NOT cause the syntactic validation failure.) The response has the following arguments: o *accountId*: "Id" Murchison Expires March 26, 2021 [Page 9] Internet-Draft JMAP Sieve September 2020 The id of the account used for this call. o *error*: "SetError|null" A SetError object if the request or the script content invalid, or "null" if the script content is valid. 2.5. SieveScript/test This method is used by the client to ask the Sieve interpreter to evaluate a Sieve script against a set of emails and report what actions would be performed for each. The *SieveScript/test* method takes the following arguments: o *accountId*: "Id" The id of the account to use. o *scriptBlobId*: "Id" The id of the blob containing the SieveScript to test against. o *emailBlobIds*: "Id[]" The ids of the blobs containing the Emails [RFC8621] to test against. o *envelope*: "Envelope|null" Information that the Sieve interpreter should assume was present in the SMTP transaction that delivered the email when evaluating "envelope" tests. If "null", all "envelope" tests MUST eveluate to false. See Section 7 of Email [RFC8621] for the contents of the Envelope object. Murchison Expires March 26, 2021 [Page 10] Internet-Draft JMAP Sieve September 2020 o *lastVacationResponse*: "Date|null" The date-time at which the Sieve interpreter should assume that it last auto-replied to the sender of the email, or "null" if the Sieve interpreter should assume that it has not auto-replied to the sender. The response has the following arguments: o *accountId*: "Id" The id of the account used for this call. o *completed*: "Id[Action[]]|null" A map of the blob id to a set of _Action_ types for each Email successfully processed by the script, or "null" if none. The _Action_ data type is a tuple, represented as a JSON array containing two elements: 1. A "String" *name* of the Sieve action (e.g., "keep"). 2. A "String[*]" object containing named *arguments* for that action (e.g., ":flags" or "mailbox"). o *notCompleted*: "Id[SetError]|null" A map of the blob id to a SetError object for each Email that was not successfully processed by the script, or "null" if none. A "serverFail" SetError (see Section 3.6.2 of [RFC8620]) MUST be used to indicate a Sieve interpreter run-time error. The following additional errors may be returned instead of the "SieveScript/test" response: Murchison Expires March 26, 2021 [Page 11] Internet-Draft JMAP Sieve September 2020 o "blobNotFound": The script referenced by the blob id could not be found. o "invalidScript": The referenced script is invalid (see Section 2.2). o "serverFail": The referenced script failed preparation to be executed for some other reason. The name to use for each argument is a direct mapping of the argument names as given in the specification of each action. Tagged and optional arguments MUST use the name of the tag, minus the leading ":". Positional arguments MUST use the name of the argument inside of the angle brackets ("<" and ">") in the "Usage" line in the specification for the action. The JSON data type to use for each argument value is a direct mapping from its Sieve data type, per the following table: +-------------+----------------+ | Sieve Type | JSON Type | +-------------+----------------+ | Number | Number | | String | String | | String List | String[] | | no value | Boolean (true) | +-------------+----------------+ Recommendations for constructing the list of arguments are as follows: o Tagged arguments SHOULD procede positional arguments. o Optional arguments in which the value is supplied by the Sieve interpreter SHOULD be included (e.g., ":from" and ":subject" arguments to the "vacation" [RFC5230] action). o Optional arguments in which the value is supplied by a Sieve variable SHOULD be included (e.g., "keep" or "fileinto" actions without an explicit ":flags" argument, but "imap4flags" [RFC5232] have been set on the internal variable). o Optional arguments in which the value is the specfied default MAY be omitted. o Tagged arguments that are only used to determine whether the action will be executed and have no impact on the result of the Murchison Expires March 26, 2021 [Page 12] Internet-Draft JMAP Sieve September 2020 action MAY be omitted (e.g., ":days" and ":addresses" arguments to the vacation action). 2.5.1. Example Assume that the following script has been uploaded and assigned blob id "B123". require [ "imapflags", "editheader", "vacation", "fcc" ]; setflag "$SieveFiltered"; addheader :last "X-Sieve-Filtered" "yes"; vacation :days 3 :fcc "INBOX.Sent" :flags "\\Answered" text: Gone fishing. . ; Assume that the following email has been uploaded and assigned blob id "B456". From: "Some Example Sender" To: test@example.com Subject: test email Date: Wed, 23 Sep 2020 12:11:11 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" This is a test email. Murchison Expires March 26, 2021 [Page 13] Internet-Draft JMAP Sieve September 2020 The following request executes the script against the email and provides envelope information for use by the "vacation" action. { "using": [ "urn:ietf:params:jmap:core", "urn:ietf:params:jmap:sieve", "urn:ietf:params:jmap:mail" ], "methodCalls": [ [ "SieveScript/test", { "scriptBlobId": "B123", "emailBlobIds": [ "B456" ], "envelope": { "mailFrom": { "email": "example@example.net", "parameters": null }, "rcptTo": [ { "email": "test@example.com", "parameters": null } ] }, "lastVacationResponse": null }, "R1" ] ] } Murchison Expires March 26, 2021 [Page 14] Internet-Draft JMAP Sieve September 2020 The following response lists the actions that would be performed by the script. { "methodResponses": [ [ "SieveScript/test", { "accountId": "test", "completed": { "B456": [ [ "addheader", { "last": true, "field-name": "X-Sieve-Filtered", "value": "yes" } ], [ "vacation", { "fcc": "INBOX.Sent", "flags": [ "\\answered" ], "subject": "Auto: test email", "from": "test@example.com", "reason": "Gone fishing." } ], [ "keep", { "flags": [ "$SieveFiltered" ] } ] ] }, "notCompleted": null }, "R1" ] ], "sessionState": "0" } Murchison Expires March 26, 2021 [Page 15] Internet-Draft JMAP Sieve September 2020 3. Security Considerations All security considerations of JMAP [RFC8620] apply to this specification. 4. IANA Considerations 4.1. JMAP Capability Registration for "sieve" IANA will register the "sieve" JMAP Capability as follows: Capability Name: "urn:ietf:params:jmap:sieve" Specification document: this document Intended use: common Change Controller: IETF Security and privacy considerations: this document, Section 3 4.2. JMAP Error Codes Registry The following sub-section register several new error codes in the JMAP Error Codes registry, as defined in [RFC8620]. 4.2.1. scriptNameExists JMAP Error Code: scriptNameExists Intended use: common Change controller: IETF Reference: This document, Section 2.2 Description: The client tried to create a SieveScript with the same "name" property as an existing SieveScript and the "replaceOnCreate" argument was false. present. 4.2.2. tooManyScripts JMAP Error Code: tooManyScripts Intended use: common Change controller: IETF Murchison Expires March 26, 2021 [Page 16] Internet-Draft JMAP Sieve September 2020 Reference: This document, Section 2.2 Description: Creating the SieveScript would exceed the "maxNumberScripts" limit. 4.2.3. invalidScript JMAP Error Code: invalidScript Intended use: common Change controller: IETF Reference: This document, Section 2.2 Description: The SieveScript violates the Sieve grammar [RFC5228] and/or one or more extensions mentioned in the script's "require" statement(s) are not supported by the Sieve interpreter. 4.2.4. scriptIsActive JMAP Error Code: scriptIsActive Intended use: common Change controller: IETF Reference: This document, Section 2.2 Description: The client tried to destroy the active SieveScript, but the "OnSuccessActivateScript" argument was not present. 5. Acknowledgments The concepts in this document are based largely on those in [RFC5804]. The author would like to thank the authors of that document for providing both inspiration and some borrowed text for this document. The author would also like to thank the following individuals for contributing their ideas and support for writing this specification: Bron Gondwana, Alexey Melnikov, and Ricardo Signes. 6. References Murchison Expires March 26, 2021 [Page 17] Internet-Draft JMAP Sieve September 2020 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, . [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform Resource Identifier (URI): Generic Syntax", STD 66, RFC 3986, DOI 10.17487/RFC3986, January 2005, . [RFC5228] Guenther, P., Ed. and T. Showalter, Ed., "Sieve: An Email Filtering Language", RFC 5228, DOI 10.17487/RFC5228, January 2008, . [RFC5435] Melnikov, A., Ed., Leiba, B., Ed., Segmuller, W., and T. Martin, "Sieve Email Filtering: Extension for Notifications", RFC 5435, DOI 10.17487/RFC5435, January 2009, . [RFC5804] Melnikov, A., Ed. and T. Martin, "A Protocol for Remotely Managing Sieve Scripts", RFC 5804, DOI 10.17487/RFC5804, July 2010, . [RFC6134] Melnikov, A. and B. Leiba, "Sieve Extension: Externally Stored Lists", RFC 6134, DOI 10.17487/RFC6134, July 2011, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . [RFC8259] Bray, T., Ed., "The JavaScript Object Notation (JSON) Data Interchange Format", STD 90, RFC 8259, DOI 10.17487/RFC8259, December 2017, . [RFC8620] Jenkins, N. and C. Newman, "The JSON Meta Application Protocol (JMAP)", RFC 8620, DOI 10.17487/RFC8620, July 2019, . [RFC8621] Jenkins, N. and C. Newman, "The JSON Meta Application Protocol (JMAP) for Mail", RFC 8621, DOI 10.17487/RFC8621, August 2019, . Murchison Expires March 26, 2021 [Page 18] Internet-Draft JMAP Sieve September 2020 6.2. Informative References [RFC5230] Showalter, T. and N. Freed, Ed., "Sieve Email Filtering: Vacation Extension", RFC 5230, DOI 10.17487/RFC5230, January 2008, . [RFC5232] Melnikov, A., "Sieve Email Filtering: Imap4flags Extension", RFC 5232, DOI 10.17487/RFC5232, January 2008, . [RFC5463] Freed, N., "Sieve Email Filtering: Ihave Extension", RFC 5463, DOI 10.17487/RFC5463, March 2009, . Appendix A. Change History (To be removed by RFC Editor before publication) Changes since ietf-00: o Specified that changes made by onSuccessActivateScript MUST be reported in the /set response as created and/or updated as appropriate. o Reworked and specified more of the /test response based on implementation experience. Changes since murchison-01: o Explicitly stated that Sieve capability strings are case- sensitive. o errorDescription is now String|null. o Added /query method. o Added /test method. Changes since murchison-00: o Added IANA registration for "scriptIsActive" JMAP error code. o Added open issue about /set{create} with an existing script name. Author's Address Murchison Expires March 26, 2021 [Page 19] Internet-Draft JMAP Sieve September 2020 Kenneth Murchison Fastmail US LLC 1429 Walnut Street - Suite 1201 Philadelphia, PA 19102 USA Email: murch@fastmailteam.com Murchison Expires March 26, 2021 [Page 20]