Minutes IETF110: extra
minutes-110-extra-00

EXTRA @IETF110 (Prague virtual)
===

## Agenda

Friday 2021-03-12 15:30-16:30

Intro and Note Well: 5 min

Current documents:

* draft-ietf-extra-imap4rev2 - 15 min
* draft-ietf-extra-quota - 10 min
* draft-ietf-extra-sieve-mailboxid - 5 min
* draft-ietf-extra-sieve-snooze - 10 min

Milestone review: 5 min

Future of the working group / AOB - 10 min

## Minutes

AOB: Alexey has a barebones sieve IANA registry document.

#### imap4rev2

* 10 revs since last meeting
* description of changes from IESG review
* there's an issue with STARTTLS where plaintext can be consided secure if
pipelined - buggy server, but there's ways to be safe. * some servers in the
past had a bug about COPY/MOVE auto-creating folders, now tighted from SHOULD.

* Daniel with SECDIR review found issue with TLS ciphers.

* private email about ENABLE, marked as allowed in a different state than ABNF.
 Also issues with injections of various responses if TLS not negotiated.
    - test with injecting LIST responses before login
    - researchers pointed out that PREAUTH response will force client to bypass
    STARTTLS - need client to either use SSL port or reject PREAUTH if not
    already STARTTLS. - ALERT response codes are displayed with URL
    highlighting, can be used for phishing. - text saying "before STARTTLS,
    ignore all alerts"
* Bron: shows how bad STARTTLS is!  Just connect to the SSL port.  Bugs with
clients that will send credentials over the cleartext link, etc.  We should
just mandate port 993 only! (but we can't realistically at this stage)

* In RFC editor queue.
* Might rev again in a year, but need implementations first.
* Now is a good time to organise interops and implementations.

ACTIONS: none!  Alexey doesn't need anything.
* maybe organise hackathon.

#### quota

* one revision since -03.

ACTION: Bron to ship to IESG

#### mailbox-sieve

* Agree that adding the ABNF isn't needed.
* Ken: ABNF that was removed was incorrect, needs to be FCC-OPTS
* Alexey and Murray both have a weak preference.
* Ken: issue is that base sieve spec wasn't written in a way to add new things
to the grammar.  The base spec itself doesn't even add the base actions. * Not
sure how to add existing test and existing tagged argument * Barry: as someone
who wrote sieve stuff, found it hard to do ABNF correctly. * Alexey: would like
to separate the issues.

ACTION: Bron will put FCC-OPTS extension.  "Cannot be used alongside special
use".

#### sieve-snooze

* changes since IETF109 done.

* special "sieve snoozed" mailbox probably needs more text and Ken welcomes
more text.

* Ken was hoping Ned would be here, but we can ask for more feedback on the
list.

* Alexey - happy to go WGLC.

## what next?

* Alexey could look at Sieve EAI in a couple of months
* if imap4rev2 needs work, we could leave it running
* Barry: when we chartered, idea was to leave it as a dormant working group, so
good to leave dormant. * Ken: on actions registry, hold up snooze to do with?
    * Alexey: don't have to, if this goes first, then just include snooze on
    the other doc.

* Sieve-EAI, is there demand?  Alexey - implementations will need to be updated.
    * Barry and Alexey will look at.
    * Since uptake of EAI has been so slow, unlikely to be looked at - is
    whether we want suite to be complete for forms sake.

## Milestones

* quota to IESG: Apr 2021
* sieve snooze to IESG: Apr 2021
* adopt April, submit Jul 2021

FINISHED 16:06.