Internet Message Access Protocol (IMAP) CATENATE Extension
draft-ietf-lemonade-catenate-05
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
05 | (System) | post-migration administrative database adjustment to the No Objection position for Scott Hollenbeck |
2012-08-22
|
05 | (System) | post-migration administrative database adjustment to the No Objection position for Sam Hartman |
2012-08-22
|
05 | (System) | post-migration administrative database adjustment to the No Objection position for Russ Housley |
2006-04-19
|
05 | (System) | This was part of a ballot set with: draft-ietf-lemonade-burl, draft-ietf-lemonade-urlauth |
2005-12-04
|
05 | Amy Vezza | State Changes to RFC Ed Queue from Approved-announcement sent by Amy Vezza |
2005-11-28
|
05 | Amy Vezza | IESG state changed to Approved-announcement sent |
2005-11-28
|
05 | Amy Vezza | IESG has approved the document |
2005-11-28
|
05 | Amy Vezza | Closed "Approve" ballot |
2005-11-28
|
05 | Amy Vezza | State Changes to Approved-announcement to be sent from IESG Evaluation::Revised ID Needed by Amy Vezza |
2005-11-16
|
05 | Sam Hartman | [Ballot Position Update] Position for Sam Hartman has been changed to No Objection from Discuss by Sam Hartman |
2005-11-08
|
05 | Scott Hollenbeck | [Ballot Position Update] Position for Scott Hollenbeck has been changed to No Objection from Discuss by Scott Hollenbeck |
2005-10-28
|
05 | (System) | Removed from agenda for telechat - 2005-10-27 |
2005-10-26
|
05 | Sam Hartman | [Ballot discuss] I appreciate the excellent work that went into addressing my discuss. I do have one minor point left which I believe still needs … [Ballot discuss] I appreciate the excellent work that went into addressing my discuss. I do have one minor point left which I believe still needs to be addressed. Currently when resolving an imap URL the specification says that plain credentials should be passed to the imap server as received by the submit server. I agree this configuration should be supported. I agree that this is a reasonable default if the imap server and submit server are in the same administrative domain. I'm not convinced it is a reasonable default if the imap server is an arbitrary internet server. I thought I brought this up in the discussion. I don't see a message where I was convinced that I was wrong nor do I see a response to this specific point. |
2005-10-20
|
05 | Ted Hardie | Placed on agenda for telechat - 2005-10-27 by Ted Hardie |
2005-10-20
|
05 | Ted Hardie | [Note]: 'Checking for revised DISCUSSes based on updates' added by Ted Hardie |
2005-10-04
|
05 | Russ Housley | [Ballot Position Update] Position for Russ Housley has been changed to No Objection from Discuss by Russ Housley |
2005-09-02
|
05 | Ted Hardie | [Note]: 'Lemonade chairs are PROTO shephers: gparsons@nortel.com, ebruger@brooktrout.com' added by Ted Hardie |
2005-09-01
|
05 | Amy Vezza | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Amy Vezza |
2005-09-01
|
05 | Russ Housley | [Ballot comment] In draft-ietf-lemonade-urlauth-07, the [RANDOM] reference should point to RFC 4086. In draft-ietf-lemonade-urlauth-07, section 2 says: > … [Ballot comment] In draft-ietf-lemonade-urlauth-07, the [RANDOM] reference should point to RFC 4086. In draft-ietf-lemonade-urlauth-07, section 2 says: > > ";URLAUTH=::" (the URLAUTH) MUST be at the end > of the URL. > This seems awkward to me. I suggest: > > The URLAUTH is comprised of ";URLAUTH=::". > The URLAUTH MUST be at the end of the URL. In draft-ietf-lemonade-urlauth-07, section 2 says: > > ";URLAUTH=::" indicates the access identifiers > which are permitted to use this URL, the authorization mechanism, and > the authorization token. > This also seems awkward to me. Building on the previous suggestion, I propose: > > The URLAUTH is composed of three parts. The portion > provides the authorized access identifiers which may constrain the > operations and users that are permitted to use this URL. The > portion provides the authorization mechanism used by the IMAP server > to generate the authorization token that follows. The > portion provides authorization token. In draft-ietf-lemonade-urlauth-07, section 6 says: > > (see below for more details about the URLMECH status response code). > Please provide a forward pointer to the section where this can be found. |
2005-09-01
|
05 | Russ Housley | [Ballot discuss] In draft-ietf-lemonade-urlauth-07, Status of this Memo, the document says: > > A revised version of this document will be … [Ballot discuss] In draft-ietf-lemonade-urlauth-07, Status of this Memo, the document says: > > A revised version of this document will be submitted to the RFC > editor as an Informational Document for the Internet Community. > This document is being recommended for standards-track. Do the authors have other expectations? In draft-ietf-lemonade-urlauth-07, section 2, the definition of "access identifiers" is unclear. In my COMMENT, I have suggested a clarification based on my reading of the document. I could easily have gotten something wrong, and I will accept any rewording that makes the meaning clear. In draft-ietf-lemonade-urlauth-07, section 2, the document says: > > The "submit+" access identifier, followed by a userid, indicates ... > and > > The "user+" access identifier, followed by a userid, indicates ... > Neither "submit+" and "user+" are authorized access identifiers, as they are not a complete portion of the URLAUTH. Perhaps these should be called authorized access identifiers prefixes. In draft-ietf-lemonade-burl-02, section 8, the document says: > > To address this expectation, the message submission server should use > STARTTLS or a mechanism providing equivalent data confidentiality when > fetching the content referenced by that URL. > Is there a reason that this text says "should" instead of "SHOULD"? |
2005-09-01
|
05 | Russ Housley | [Ballot Position Update] New position, Discuss, has been recorded for Russ Housley by Russ Housley |
2005-09-01
|
05 | Alex Zinin | [Ballot Position Update] New position, No Objection, has been recorded for Alex Zinin by Alex Zinin |
2005-09-01
|
05 | Allison Mankin | [Ballot Position Update] New position, No Objection, has been recorded for Allison Mankin by Allison Mankin |
2005-09-01
|
05 | Bert Wijnen | [Ballot Position Update] New position, No Objection, has been recorded for Bert Wijnen by Bert Wijnen |
2005-09-01
|
05 | Bill Fenner | [Ballot comment] draft-ietf-lemonade-burl should use the ABNF from 3986, in which 'absoluteURI' is spelled 'absolute-URI'. |
2005-09-01
|
05 | Bill Fenner | [Ballot Position Update] New position, No Objection, has been recorded for Bill Fenner by Bill Fenner |
2005-09-01
|
05 | Mark Townsley | [Ballot Position Update] New position, No Objection, has been recorded for Mark Townsley by Mark Townsley |
2005-09-01
|
05 | David Kessens | [Ballot Position Update] New position, No Objection, has been recorded for David Kessens by David Kessens |
2005-09-01
|
05 | Brian Carpenter | [Ballot comment] Some curious text in the "status of this memo" section of -urlauth-07: A revised version of this document will be submitted … [Ballot comment] Some curious text in the "status of this memo" section of -urlauth-07: A revised version of this document will be submitted to the RFC editor as an Informational Document for the Internet Community. A revised version of this draft document will be submitted to the RFC editor as a Proposed Standard for the Internet Community. Gen-ART review comments from Lakshimnath Dondeti, for consideration if there are new versions: BURL ------- No additional issues other than those on the tracker already. What does BURL stand for? There are some typos toward the end of the security considerations section. Please run a spell check. Also, the RFC ed process will take care of it too. Lemonda-Catenate: ------------------------ Note: The author of this draft, Pete Resnick and I are colleagues, however I was not aware of this work until I read the draft for the first time to review it for Gen-ART. *) I would like to see more in the security considerations section. I understand that the draft says the proposal does not introduce any threats. However, this is in contradiction to the BURL draft's sec considerations section. I think that the first part of that section might be appropriate in this draft as well. *) The draft says "Responses behave just as the original APPEND command described in IMAP [1]." But the examples are somewhat inconsistent (may be I am being too picky): In Example 1: S: A003 OK catenate append completed In Example 3: A003 OK append Completed In Example 4: ... CATENATE append has failed, one message expunged Should they all use the keyword APPEND? Is the keyword CATENATE allowed in responses? I realize it is allowed in capabilities as specified in Section 5. URLauth ----------- * I am uncomfortable with the word Authorization and the mechanisms for it in this draft. However, it is late in the process to have a philosophical discussion. Since this is a WG consensus, I can live with it. To explain: The first sentence notes that RFC 2192 requires authorization My reading of that RFC is that it is talking about authenticating a user and then verifying whether the user is authorized to read/read-write. Authorization comes from local policy and enforced after authenticating the user. Section 1.4 concerns me. First, I am not sure I understand the use of HMAC-SHA-1 as an authorization mechanism. More importantly, the draft only recommends something such as that algorithm and notes that there is no way to change the algorithm without severe consequences. While HMAC is holding up, there are concerns about SHA-1 already; I am not sure about advancing protocol specs in which algorithms cannot be updated. |
2005-09-01
|
05 | Brian Carpenter | [Ballot Position Update] Position for Brian Carpenter has been changed to No Objection from Undefined by Brian Carpenter |
2005-09-01
|
05 | Jon Peterson | [Ballot Position Update] New position, No Objection, has been recorded for Jon Peterson by Jon Peterson |
2005-08-31
|
05 | Sam Hartman | [Ballot discuss] The burl draft does not provide enough information and does not require a mandatory to implement mechanism such that a submit server from … [Ballot discuss] The burl draft does not provide enough information and does not require a mandatory to implement mechanism such that a submit server from one vendor is guaranteed to be able to interoperate with an imap server from another vendor. Here are examples of missing information: 1) Mandatory to implement authentication mechanism for submit servers to support when contacting imap servers. 2) How does the submit server log in? Obvious answers include using the submit credential with no authorization id or the submit credential with the authorization ID of the user after submit+/user+. I think the first option is probably preferable, although it may involve some imap ickyness. |
2005-08-31
|
05 | Sam Hartman | [Ballot Position Update] New position, Discuss, has been recorded for Sam Hartman by Sam Hartman |
2005-08-31
|
05 | Brian Carpenter | [Ballot comment] Some curious text in the "status of this memo" section of -urlauth-07: A revised version of this document will be submitted … [Ballot comment] Some curious text in the "status of this memo" section of -urlauth-07: A revised version of this document will be submitted to the RFC editor as an Informational Document for the Internet Community. A revised version of this draft document will be submitted to the RFC editor as a Proposed Standard for the Internet Community. |
2005-08-31
|
05 | Brian Carpenter | [Ballot comment] Some curious text in the "status of this memo" section of -urlauth-07: A revised version of this document will be submitted … [Ballot comment] Some curious text in the "status of this memo" section of -urlauth-07: A revised version of this document will be submitted to the RFC editor as an Informational Document for the Internet Community. A revised version of this draft document will be submitted to the RFC editor as a Proposed Standard for the Internet Community. Discussion and suggestions for improvement are requested, and should be sent to lemonade@IETF.ORG. |
2005-08-31
|
05 | Brian Carpenter | [Ballot Position Update] New position, Undefined, has been recorded for Brian Carpenter by Brian Carpenter |
2005-08-30
|
05 | Margaret Cullen | [Ballot Position Update] New position, No Objection, has been recorded for Margaret Wasserman by Margaret Wasserman |
2005-08-30
|
05 | Scott Hollenbeck | [Ballot comment] The documents contain normative references to RFC 2234, which has been obsoleted. It's replacement (draft-crocker-abnf-rfc2234bis) is in the RFC Editor … [Ballot comment] The documents contain normative references to RFC 2234, which has been obsoleted. It's replacement (draft-crocker-abnf-rfc2234bis) is in the RFC Editor queue. References to 2234 should probably be replaced with references to 2234bis. |
2005-08-30
|
05 | Scott Hollenbeck | [Ballot discuss] draft-ietf-lemonade-catenate: The ABNF in section 5 contains two instances of an illegal character. The "_" characters in "toobig_response_code / badurl_response_code" should probably … [Ballot discuss] draft-ietf-lemonade-catenate: The ABNF in section 5 contains two instances of an illegal character. The "_" characters in "toobig_response_code / badurl_response_code" should probably be changed to "-" characters. |
2005-08-30
|
05 | Scott Hollenbeck | [Ballot Position Update] New position, Discuss, has been recorded for Scott Hollenbeck by Scott Hollenbeck |
2005-08-26
|
05 | Ted Hardie | [Ballot Position Update] New position, Yes, has been recorded for Ted Hardie |
2005-08-26
|
05 | Ted Hardie | Ballot has been issued by Ted Hardie |
2005-08-26
|
05 | Ted Hardie | Created "Approve" ballot |
2005-08-25
|
05 | Ted Hardie | Placed on agenda for telechat - 2005-09-01 by Ted Hardie |
2005-08-25
|
05 | Ted Hardie | State Changes to IESG Evaluation from Waiting for Writeup by Ted Hardie |
2005-07-25
|
05 | (System) | State has been changed to Waiting for Writeup from In Last Call by system |
2005-07-13
|
05 | Michelle Cotton | IANA Last Call Comments: Upon approval of this document the IANA will register the CATENATE IMAP capability in the following registry: http://www.iana.org/assignments/imap4-capabilities |
2005-07-11
|
05 | Amy Vezza | Last call sent |
2005-07-11
|
05 | Amy Vezza | State Changes to In Last Call from Last Call Requested by Amy Vezza |
2005-07-11
|
05 | Ted Hardie | Last Call was requested by Ted Hardie |
2005-07-11
|
05 | Ted Hardie | State Changes to Last Call Requested from Publication Requested by Ted Hardie |
2005-07-11
|
05 | (System) | Ballot writeup text was added |
2005-07-11
|
05 | (System) | Last call text was added |
2005-07-11
|
05 | (System) | Ballot approval text was added |
2005-06-21
|
05 | Ted Hardie | Intended Status has been changed to Proposed Standard from None |
2005-06-21
|
05 | Ted Hardie | Draft Added by Ted Hardie in state Publication Requested |
2005-03-14
|
05 | (System) | New version available: draft-ietf-lemonade-catenate-05.txt |
2005-02-17
|
04 | (System) | New version available: draft-ietf-lemonade-catenate-04.txt |
2004-12-13
|
03 | (System) | New version available: draft-ietf-lemonade-catenate-03.txt |
2004-10-04
|
02 | (System) | New version available: draft-ietf-lemonade-catenate-02.txt |
2004-01-09
|
01 | (System) | New version available: draft-ietf-lemonade-catenate-01.txt |
2003-12-08
|
00 | (System) | New version available: draft-ietf-lemonade-catenate-00.txt |