idnits 2.17.1 draft-degener-sieve-editheader-02.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3667, Section 5.1 on line 13. -- Found old boilerplate from RFC 3978, Section 5.5 on line 276. ** The document claims conformance with section 10 of RFC 2026, but uses some RFC 3978/3979 boilerplate. As RFC 3978/3979 replaces section 10 of RFC 2026, you should not claim conformance with it if you have changed to using RFC 3978/3979 boilerplate. ** The document seems to lack an RFC 3978 Section 5.1 IPR Disclosure Acknowledgement -- however, there's a paragraph with a matching beginning. Boilerplate error? ** This document has an original RFC 3978 Section 5.4 Copyright Line, instead of the newer IETF Trust Copyright according to RFC 4748. ** This document has an original RFC 3978 Section 5.5 Disclaimer, instead of the newer disclaimer which includes the IETF Trust according to RFC 4748. ** The document seems to lack an RFC 3979 Section 5, para. 1 IPR Disclosure Acknowledgement. ** The document seems to lack an RFC 3979 Section 5, para. 2 IPR Disclosure Acknowledgement. ** The document seems to lack an RFC 3979 Section 5, para. 3 IPR Disclosure Invitation. ** The document uses RFC 3667 boilerplate or RFC 3978-like boilerplate instead of verbatim RFC 3978 boilerplate. After 6 May 2005, submission of drafts without verbatim RFC 3978 boilerplate is not accepted. The following non-3978 patterns matched text found in the document. That text should be removed or replaced: By submitting this Internet-Draft, I certify that any applicable patent or other IPR claims of which I am aware have been disclosed, or will be disclosed, and any of which I become aware will be disclosed, in accordance with RFC 3668. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard == The page length should not exceed 58 lines per page, but there was 1 longer page, the longest (page 1) being 294 lines Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** There are 6 instances of too long lines in the document, the longest one being 3 characters in excess of 72. ** There are 25 instances of lines with control characters in the document. ** The document seems to lack a both a reference to RFC 2119 and the recommended RFC 2119 boilerplate, even if it appears to use RFC 2119 keywords. RFC 2119 keyword, line 66: '...eader. The name MUST be a valid 7-bit...' RFC 2119 keyword, line 71: '...the implementation MUST either flag an...' RFC 2119 keyword, line 76: '...n implementation MAY impose a length l...' RFC 2119 keyword, line 77: '...r field; such a limit MUST NOT be less...' RFC 2119 keyword, line 111: '... The field-name MUST be a valid 7-bit...' (6 more instances...) Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year == Line 232 has weird spacing: '...ription reque...' -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (November 2004) is 7095 days in the past. Is this intentional? -- Found something which looks like a code comment -- if you have code sections in the document, please surround them with '' and '' lines. Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Missing reference section? 'SIEVE' on line 258 looks like a reference -- Missing reference section? 'KEYWORDS' on line 261 looks like a reference -- Missing reference section? 'RFC-2822' on line 255 looks like a reference -- Missing reference section? 'COMPARATOR' on line 99 looks like a reference -- Missing reference section? 'MATCH-TYPE' on line 99 looks like a reference Summary: 12 errors (**), 0 flaws (~~), 4 warnings (==), 10 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Jutta Degener 2 Internet Draft Sendmail, Inc. 3 Expires: May 2005 November 2004 5 Sieve -- "editheader" extension 6 8 Status of this memo 10 By submitting this Internet-Draft, I certify that any applicable 11 patent or other IPR claims of which I am aware have been disclosed, or 12 will be disclosed, and any of which I become aware will be disclosed, 13 in accordance with RFC 3668. 15 This document is an Internet-Draft and is subject to all 16 provisions of Section 10 of RFC2026. 18 Internet-Drafts are working documents of the Internet Engineering 19 Task Force (IETF), its areas, and its working groups. Note that 20 other groups may also distribute working documents as 21 Internet-Drafts. 23 Internet-Drafts are draft documents valid for a maximum of six 24 months and may be updated, replaced, or obsoleted by other 25 documents at any time. It is inappropriate to use Internet- 26 Drafts as reference material or to cite them other than as 27 "work in progress." 29 The list of current Internet-Drafts can be accessed at 30 http://www.ietf.org/1id-abstracts.html 32 The list of Internet-Draft Shadow Directories can be accessed at 33 http://www.ietf.org/shadow.html 35 Abstract 37 This document defines two new actions for the "sieve" 38 language that add and delete e-mail header fields. 40 1. Introduction 42 Email headers are a flexible and easy to understand means 43 of communication between email processors. 44 This extension enables sieve scripts to interact with other 45 components that consume or produce header fields by allowing 46 the script to delete and add header fields. 48 2. Conventions used. 50 Conventions for notations are as in [SIEVE] section 1.1, including 51 use of [KEYWORDS] and "Syntax:" label for the definition of action 52 and tagged arguments syntax. 54 The term "header field" is used here as in [RFC-2822] to mean a 55 logical line of an e-mail message header. 57 The capability string associated with extension defined in this 58 document is "editheader". 60 3. Action addheader 62 Syntax: 63 "addheader" [":last"] 65 The addheader action adds a header field to the existing 66 message header. The name MUST be a valid 7-bit US-ASCII header 67 field name as described by [RFC-2822] "field-name" nonterminal. 69 If the specified field value does not match the RFC 2822 70 "unstructured" nonterminal or exceeds a length limit set by 71 the implementation, the implementation MUST either flag an 72 error or encode the field using folding white space and the 73 encodings described in RFC 2047 or RFC 2231 to be compliant 74 with RFC 2822. 76 An implementation MAY impose a length limit onto the size of 77 the encoded header field; such a limit MUST NOT be less 78 than 998 characters, not including the terminating CRLF 79 supplied by the implementation. 81 By default, the header field is inserted at the beginning of 82 the existing header. If the optional flag ":last" is 83 specified, it is appended at the end. 85 Example: 86 /* Don't redirect if we already redirected */ 87 if not header :contains "X-Sieve-Filtered" 88 ["", ""] 89 { 90 addheader "X-Sieve-Filtered" ""; 91 redirect "kim@home.tld"; 92 } 94 4. Action deleteheader 96 Syntax: 97 "deleteheader" 98 [":index" [":last"]] 99 [COMPARATOR] [MATCH-TYPE] 100 101 [] 103 By default, the deleteheader action deletes all occurrences 104 of the named header field. 106 The field-name is mandatory and always matched as a 107 case-insensitive us-ascii string. The value-patterns, 108 if specified, are matched according to the match type and 109 comparator. If none are specified, all values match. 111 The field-name MUST be a valid 7-bit header field name as 112 described by the [RFC-2822] "field-name" nonterminal. 114 If :index is specified, the attempts to match 115 a value are limited to the header field (beginning 116 at 1, the first named header field). If :last is specified, 117 the count is backwards; 1 denotes the last named header field, 118 2 the second to last, and so on. The counting happens 119 before the match, if any; 121 deleteheader :index 2 :contains "Received" "via carrier-pidgeon" 123 deletes the second "Received:" header field if it contains 124 the string "via carrier-pidgeon" (not the second Received: field 125 that contains "via carrier-pidgeon"). 127 5. Interaction with Other Sieve Extensions 129 Tests and actions such as "exist" or "header" that examine 130 header fields MUST examine the current state of a header as 131 modified by any actions that have taken place so far. 133 As an example, the "header" test in the following fragment will 134 always evaluate to true, regardless of whether the incoming 135 message contained an "X-Hello" header field or not: 137 addheader "X-Hello" "World"; 138 if header :contains "X-Hello" "World" 139 { 140 fileinto "international"; 141 } 143 Actions that create messages in storage or in transport to 144 MTAs MUST store and send messages with the current set of 145 header fields. 147 For the purpose of weeding out duplicates, a message modified 148 by addheader or deleteheader MUST be considered the same as 149 the original message. For example, in an implementation that 150 obeys the constraint in [SIEVE] section 2.10.3 and does not deliver 151 the same message to a folder more than once, the following 152 code fragment 154 keep; 155 addheader "X-Flavor" "vanilla"; 156 keep; 158 MUST only file one message. It is up to the implementation 159 to pick which of the redundant "fileinto" or "keep" actions is 160 executed, and which ones are ignored. 162 The "implicit keep" is thought to be executed at the end of 163 the script, after the headers have been modified. (However, 164 a canceled "implicit keep" remains canceled.) 166 6. IANA Considerations 168 The following template specifies the IANA registration of the Sieve 169 extension specified in this document: 171 To: iana@iana.org 172 Subject: Registration of new Sieve extension 174 Capability name: editheader 175 Capability keyword: editheader 176 Capability arguments: N/A 177 Standards Track/IESG-approved experimental RFC number: this RFC 178 Person and email address to contact for further information: 180 Jutta Degener 181 jutta@sendmail.com 183 This information should be added to the list of sieve extensions 184 given on http://www.iana.org/assignments/sieve-extensions. 186 7. Security Considerations 188 Someone with write access to a user's script storage may use this 189 extension to generate headers that a user would otherwise be 190 shielded from (by a gateway MTA that removes them). 192 A sieve filter that removes headers may unwisely destroy 193 evidence about the path a header has taken. 195 Any change in a message content may interfere with digital 196 signature mechanisms that include the header in the signed 197 material. Since normal message delivery adds "Received:" 198 header fields to the beginning of a message, many such schemas 199 are impervious to headers prefixed to a message, and will 200 work with "addheader" unless :last is used. 202 Any decision mechanism in a user's filter that is based 203 on headers is vulnerable to header spoofing. For example, 204 if the user adds an APPROVED header or tag, a malicious sender 205 may add that tag or header themselves. One way to guard against 206 this is to delete or rename any such headers or stamps prior 207 to processing the message. 209 8. Acknowledgments 211 Thanks to Eric Allman, Cyrus Daboo, Ned Freed, Philip Guenther, 212 Simon Josefsson, Will Lee, Mark E. Mallet, Chris Markle, 213 Randall Schwartz, Nigegl Swinson, Kjetil Torgrim Homme, and 214 Rand Wacker for extensive corrections and suggestions. 216 9. Author's Address 218 Jutta Degener 219 Sendmail, Inc. 220 6425 Christie Ave, 4th Floor 221 Emeryville, CA 94608 223 Email: jutta@sendmail.com 225 10. Discussion 227 This section will be removed when this document leaves the 228 Internet-Draft stage. 230 This draft is intended as an extension to the Sieve mail filtering 231 language. Sieve extensions are discussed on the MTA Filters mailing 232 list at . Subscription requests can 233 be sent to (send an email 234 message with the word "subscribe" in the body). 236 More information on the mailing list along with a WWW archive of 237 back messages is available at . 239 10.1 Changes from the previous version 241 Changed the duplicate restrictions from "messages with different 242 headers MUST be considered different" to their direct opposite, 243 "messages with different headers MUST be considered the same," 244 as requested by workgroup members on the mailing list. 246 Expanded mention of header signature schemes to Security 247 Considerations. 249 Added IANA Considerations section. 251 Appendices 253 Appendix A. References 255 [RFC-2822] Resnick, P., "Internet Message Format", RFC 2822, April 256 2001. 258 [SIEVE] Showalter, T., "Sieve: A Mail Filtering Language", RFC 3028, 259 January 2001. 261 [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate 262 Requirement Levels", RFC 2119, March 1997. 264 Appendix B. Copyright Statement 266 Copyright (C) The Internet Society (2004). This document is subject 267 to the rights, licenses and restrictions contained in BCP 78, and 268 except as set forth therein, the authors retain all their rights. 270 This document and the information contained herein are provided on an 271 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS 272 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET 273 ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, 274 INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE 275 INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED 276 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.