Internet-Draft Sieve Process iMIP April 2024
Murchison, et al. Expires 12 October 2024 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-ietf-extra-processimip-06
Published:
Intended Status:
Standards Track
Expires:
Authors:
K. Murchison
Fastmail
R. Signes
Fastmail
M. Horsfall
Fastmail

Sieve Email Filtering: Extension for Processing Calendar Attachments

Abstract

This document describes the "processcalendar" extension to the Sieve email filtering language. The "processcalendar" extension gives Sieve the ability to process machine-readable calendar data that is encapsulated in an email message using Multipurpose Internet Mail Extensions (MIME).

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 12 October 2024.

Table of Contents

1. Introduction

Users frequently receive invites, replies, and cancellations for events, tasks, etc. via Internet mail messages. It is sometimes desirable to have such messages automatically parsed and the enclosed calendar data added to, updated on, or deleted from the user's calendars.

Typically such messages are based on the iCalendar Message-Based Interoperability Protocol (iMIP) [RFC6047]. However, sometimes the enclosed iCalendar [RFC5545] data does not include an iTIP method property (see [RFC5546], Section 1.4), or the enclosed data may be in some other machine-readable format (E.g. JSCalendar [RFC8984]).

This document defines an extension to the Sieve language [RFC5228] that enables scripts to process machine-readable calendar data that is encapsulated in an email message using MIME [RFC2045]. Specifically, this extension provides the ability to alter items on a user's calendars referenced in the encapsulated calendar data.

2. Conventions Used in This Document

Conventions for notations are as in Section 1.1 of [RFC5228], including use of the "Usage:" label for the definition of action and tagged arguments syntax.

This document uses terminology and concepts from iCalendar [RFC5545] and iTIP [RFC5546] to describe the processing of calendar data, but this extension can be used with any machine-readable calendar data format that can express similar concepts.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.

3. Capability Identifier

Sieve interpreters that implement this extension MUST have an identifier of "processcalendar" for use with the capability mechanism.

4. Process Calendar Action 

Usage: processcalendar [ :allowpublic ]
                       [ :addresses <string-list> ]
                       [ :updatesonly / :calendarid <string> ]
                       [ :deletecancelled ]
                       [ :organizers <ext-list-name: string> ]
                       [ :outcome <variablename: string> ]
                       [ :reason <variablename: string> ]

The "processcalendar" action is used to parse encapsulated calendar data and perform the appropriate action based on the content. If the calendar data is malformed in any way, it MUST be ignored and no action is taken. Otherwise, based on the iTIP method (see Section 1.4 of [RFC5546]) of the message, calendar objects are created, updated, or deleted from a given calendar.

This action can be used with or without the "extlists" [RFC6134] extension. When the "extlists" extension is enabled in a script using <require "extlists">, the script can use the :organizers (Section 4.6) argument to the "processcalendar" action as described below. When the "extlists" extension is not enabled, the :organizers argument MUST NOT be used and MUST cause an error according to [RFC5228].

This action can be used with or without the "variables" [RFC5229] extension. When the "variables" extension is enabled in a script using <require "variables">, the script can use the :outcome (Section 4.7) and :reason (Section 4.8) arguments to the "processcalendar" action as described below. When the "variables" extension is not enabled, the :outcome and :reason arguments MUST NOT be used and MUST cause an error according to [RFC5228].

If a mail messages contains calendar data in multiple MIME [RFC2045] parts, this action MUST verify that the calendar data in each part are semantically equalivalent to one another. If the data is found to be sematically different, the action MUST NOT process the message. Otherwise, the action MUST only process one representation of the data.

This action MUST NOT make any changes to the participant status of the recipient when processing the calendar data. The mechanism for a recipient to change their participant status to an event is out of scope for this document.

This action SHOULD remove alarms from calendar data before applying it to a calendar.

4.1. Allow Public Argument

The optional :allowpublic argument is used to tell the implementation that it can process calendar data that is not an iTIP message (it does not contain METHOD and/or ORGANIZER properties) or the METHOD is PUBLISH.

If :allowpublic is omitted, the implementation MUST NOT process calendar data unless is it is a well-formed iTIP message and one of the recipient user's email addresses matches the Calendar User Address (see Section 3.3.3 of [RFC5545]) of the intended target of the message, as determined by the iTIP method (see Section 1.4 of [RFC5546]) of the message:

The recipient user's email address matches the Calender User Address of the target if the Calendar User Address is in the form of a mailto URI and the email address matches the "addr-spec" of the URI.

An email address is considered to belong to the recipient if it is one of:

  1. an email address known by the implementation to be associated with the recipient,
  2. the final envelope recipient address if it's available to the implementation, or
  3. an address specified by the script writer via the :addresses (Section 4.2) argument.

4.2. Addresses Argument

The optional :addresses argument is used to specify email addresses that belong to the recipient in addition to the addresses known to the implementation.

4.3. Updates Only Argument

The optional :updatesonly argument is used to limit the messages processed to those targeting existing calendar objects only. If the message contains a new calendar object (its UID does not exist on any of the user's calendars), the implementation MUST NOT add the object to a calendar.

If :updatesonly is omitted, new calendar objects may be added to one of the user's calendars.

4.4. Calendar ID Argument

The optional :calendarid argument specifies the identifier of the calendar onto which new calendar objects should be placed.

If :calendarid is omitted, new calendar objects will be placed on the user's "default" calendar as determined by the implementation.

4.5. Delete Cancelled Argument

The optional :deletecancelled argument is used to tell the implementation that if it receives a cancellation message, it should remove the associated calendar object from the calendar.

If :deletecancelled is omitted, the status of the associated calendar object will be set to cancelled and will remain on the calendar.

4.6. Organizers Argument

The optional :organizers argument is used to specify an external list of email addresses from which the recipient is willing to accept public events, invites, updates, and cancellations. Implementations MUST NOT process calendar data unless is it is a well-formed iTIP message and one of the addresses in the external list matches the Calendar User Address of the "Organizer" property. An email address in the external list matches the Calender User Address of the "Organizer" property if it is in the form of a mailto URI and the email address matches the "addr-spec" of the URI.

If :organizers is omitted, no validation of the "Organizer" property is performed.

4.7. Outcome Argument

The optional :outcome argument specifies the name of a variable into which one of the following strings specifying the outcome of the action will be stored:

  • "no_action": No action was performed (E.g., the message didn't contain calendar data, or the set of provided options prevented the message from being processed).
  • "added": A new calendar object was added to a calendar
  • "updated": A calendar resource was updated, cancelled, or removed from the calendar.
  • "error": The message would have been processed but encountered an error in doing so.

4.8. Reason Argument

The optional :reason argument specifies the name of a variable into which a string describing the reason for the outcome will be stored. If no reason for the outcome is available, implementations MUST set the variable to the empty string.

For example, an outcome of "no_action" may have a reason of "only processing updates" or an outcome of "error" may have a reason of "missing UID property".

4.9. Interaction with Other Sieve Actions

The "processcalendar" action does not cancel Sieve's implicit keep action.

The "processcalendar" action can only be executed once per script. A script MUST fail with an appropriate error if it attempts to execute two or more "processcalendar" actions.

The "processcalendar" action is incompatible with the Sieve reject and ereject [RFC5429] actions.

4.10. Examples

The following example specifies email addresses belonging to the user and the identifier of the calendar onto which to place new calendar objects:

require [ "processcalendar" ];

processcalendar :addresses [ "me@example.com", "alsome@example.com" ]
                :calendarid "1ea6d86b-6c7f-48a2-bed3-2a4c40ec281a";

The following example tells the interpreter to process flight itineraries from a particular airline:

require [ "processcalendar" ];

if allof (address ["from", "sender"] "airline@example.com",
          header :contains "subject" "itinerary") {
   processcalendar :allowpublic;
}

The following example adds headers to the message if calendar data isn't processed :

require [ "processcalendar", "variables", "editheader" ];

set "processcal_outcome" "no_action";
set "processcal_error" "";

processcalendar :outcome "processcal_outcome"
                :errstr "processcal_error";

if not string :is "${processcal_outcome}" ["added", "updated"] {
   addheader "X-ProcessCal-Outcome" "${processcal_outcome}";
   addheader "X-ProcessCal-Error" "${processcal_error}";
}

5. Implementation Status

< RFC Editor: before publication please remove this section and the reference to [RFC7942] >

This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC7942]. The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist.

According to [RFC7942], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit".

5.1. Cyrus Server

The open source Cyrus Server project is a highly scalable enterprise mail system which supports Sieve email filtering at the point of final delivery. This production level Sieve implementation supports all of the requirements described in this document. This implementation is freely distributable under a BSD style license from Computing Services at Carnegie Mellon University.

6. Security Considerations

This document describes a method for altering an electronic calendar without user interaction. As such, unless proper precautions are undertaken, it can be used as a vector for calendar abuse.

It is critical that implementations correctly implement the behavior and restrictions described throughout this document. Security issues associated with processing unsolicited calendar data, and methods for mitigating them are discussed in [CALSPAM]. Specifically:

Additionally, if the calendar data has embedded (a.k.a. inline) attachments, implementations SHOULD:

If an attachment is found to be malicious, processcalendar MUST NOT process the calendar data.

7. Privacy Considerations

It is believed that this extension doesn't introduce any privacy considerations beyond those in [RFC5228].

8. IANA Considerations

8.1. Registration of Sieve Extension

This document defines the following new Sieve extension to be added to the registry defined in Section 6.2 of [RFC5228] and located here: https://www.iana.org/assignments/sieve-extensions/sieve-extensions.xhtml#sieve-extensions

IANA are requested to add a capability to the Sieve Extensions registry:

8.2. Registration of Sieve Action

This document defines the following new Sieve action to be added to the registry defined in Section 2.1 of [RFC9122] and located here: https://www.iana.org/assignments/sieve-extensions/sieve-extensions.xhtml#sieve-actions

IANA are requested to add a capability to the Sieve Actions registry:

9. Acknowledgments

The authors would like to thank the following individuals for contributing their ideas and support for writing this specification: Ned Freed and Alexey Melnikov.

10. References

10.1. Normative References

[CALSPAM]
The Calendaring and Scheduling Consortium, "Calendar operator practices - Guidelines to protect against calendar abuse", CC/R 18003, , <https://standards.calconnect.org/csd/cc-18003.html>.
[RFC2119]
Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, , <https://www.rfc-editor.org/info/rfc2119>.
[RFC5228]
Guenther, P., Ed. and T. Showalter, Ed., "Sieve: An Email Filtering Language", RFC 5228, DOI 10.17487/RFC5228, , <https://www.rfc-editor.org/info/rfc5228>.
[RFC5229]
Homme, K., "Sieve Email Filtering: Variables Extension", RFC 5229, DOI 10.17487/RFC5229, , <https://www.rfc-editor.org/info/rfc5229>.
[RFC6047]
Melnikov, A., Ed., "iCalendar Message-Based Interoperability Protocol (iMIP)", RFC 6047, DOI 10.17487/RFC6047, , <https://www.rfc-editor.org/info/rfc6047>.
[RFC6134]
Melnikov, A. and B. Leiba, "Sieve Extension: Externally Stored Lists", RFC 6134, DOI 10.17487/RFC6134, , <https://www.rfc-editor.org/info/rfc6134>.
[RFC8174]
Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, , <https://www.rfc-editor.org/info/rfc8174>.
[RFC9122]
Melnikov, A. and K. Murchison, "IANA Registry for Sieve Actions", RFC 9122, DOI 10.17487/RFC9122, , <https://www.rfc-editor.org/info/rfc9122>.

10.2. Informative References

[RFC2045]
Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, , <https://www.rfc-editor.org/info/rfc2045>.
[RFC5235]
Daboo, C., "Sieve Email Filtering: Spamtest and Virustest Extensions", RFC 5235, DOI 10.17487/RFC5235, , <https://www.rfc-editor.org/info/rfc5235>.
[RFC5429]
Stone, A., Ed., "Sieve Email Filtering: Reject and Extended Reject Extensions", RFC 5429, DOI 10.17487/RFC5429, , <https://www.rfc-editor.org/info/rfc5429>.
[RFC5545]
Desruisseaux, B., Ed., "Internet Calendaring and Scheduling Core Object Specification (iCalendar)", RFC 5545, DOI 10.17487/RFC5545, , <https://www.rfc-editor.org/info/rfc5545>.
[RFC5546]
Daboo, C., Ed., "iCalendar Transport-Independent Interoperability Protocol (iTIP)", RFC 5546, DOI 10.17487/RFC5546, , <https://www.rfc-editor.org/info/rfc5546>.
[RFC7942]
Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, DOI 10.17487/RFC7942, , <https://www.rfc-editor.org/info/rfc7942>.
[RFC8984]
Jenkins, N. and R. Stepanek, "JSCalendar: A JSON Representation of Calendar Data", RFC 8984, DOI 10.17487/RFC8984, , <https://www.rfc-editor.org/info/rfc8984>.

Appendix A. Change History (To be removed by RFC Editor before publication)

Changes since draft-ietf-sieve-processimip-05:

  1. Renamed :errstr to :reason and added examples.
  2. Miscellaneous editorial changes.

Changes since draft-ietf-sieve-processimip-04:

  1. Miscellaneous editorial changes.

Changes since draft-ietf-sieve-processimip-03:

  1. Added text about multiple MIME parts containing calendar data.
  2. Added text about embedded attachments to Security Considerations.
  3. Added :organizers option if "extlists" is supported.
  4. Miscellaneous editorial changes.

Changes since draft-ietf-sieve-processimip-02:

  1. Renamed :nonitip to :allowpublic to cover both non-iTIP and METHOD:PUBLIC messages.
  2. Renamed :deletecanceled to :deletecancelled to match RFC5545 language.
  3. Specified that this action MUST NOT alter a recipient's participation status.
  4. :errstr MUST be set to the empty string if no reason for the outcome is available.
  5. Added the "Interaction with Other Sieve Actions" subsection.
  6. Add Security Considerations.
  7. Added action registration.
  8. Added three issues for discussion.
  9. Miscellaneous editorial changes.

Changes since draft-ietf-sieve-processimip-01:

  1. Changed the name of the action from processimip to processcalendar.
  2. The action is now independent of iMIP and is calendar data format agnostic.
  3. Added examples.

Changes since draft-ietf-sieve-processimip-00:

  1. No changes.

Changes since draft-murchison-sieve-processimip-00:

  1. Document name change only.

Authors' Addresses

Kenneth Murchison
Fastmail US LLC
1429 Walnut Street - Suite 1201
Philadelphia, PA 19102
United States of America
Ricardo Signes
Fastmail US LLC
1429 Walnut Street - Suite 1201
Philadelphia, PA 19102
United States of America
Matthew Horsfall
Fastmail US LLC
1429 Walnut Street - Suite 1201
Philadelphia, PA 19102
United States of America