Technical Summary
IMAP (RFC 3501) is a rich protocol for accessing remote message stores.
It provides an ideal mechanism for accessing public mailing list
archives as well as private and shared message stores. This document
defines a URL scheme for referencing objects on an IMAP server.
This document obsoletes RFC 2192 and updates RFC 4467.
Working Group Summary
This document removed support for IMAP URLs for listing the contents of a
mailbox. There was a clear consensus that this feature (originally
described in RFC 2192) was never implemented.
Some of the changes to the document were a result of the Lemonade
interoperability event of October 2006 held in London, England.
Protocol Quality
The document received several positive reviews. In particular it is
worth noting Ted Hardie and Zoltan Ordogh have done detailed reviews of
the document. This document addresses all issues raised.
Eric Burger shepherds this document on behalf of Lisa Dusseault, the
responsible Area Director. Lisa and Eric reviewed this document and
believe it is ready for forwarding to the IESG for publication.
Note to RFC Editor
In section 6.1.1.1, first paragraph, last sentence:
OLD:
The authorization token is
generated from the URL, the authorized access identifer, authoriza-
^^^^^^^^^
tion mechanism name, and a mailbox access key.
NEW:
The authorization token is
generated from the URL, the authorized access identifier, autho-
^^^^^^^^^^
rization mechanism name, and a mailbox access key.
(typo in the word "identifier")
In section 6.1.1.2, replace the first paragraph:
OLD: The mailbox access key is a random string with at least 128 bits
of
entropy. It is generated by software (not by the human user), and
MUST be unpredictable.
NEW:
The mailbox access key is an unpredictable, random string. To
ensure unpredictability, the random string with at least 128 bits
of entropy is generated by software or hardware (not by the human
user).
In section 9.1, 9th paragraph:
OLD:
The following edge case example demostrates that the ;UIDVALIDITY=
^^^^^^^^^^^
modifier is a part of the mailbox name as far as relative URI reso-
lution is concerned:
NEW:
The following edge case example demonstrates that the ;UIDVALIDITY=
^^^^^^^^^^^^
modifier is a part of the mailbox name as far as relative URI reso-
lution is concerned:
typo: demonstrates
In section 10.1, first paragraph, replace the last sentence:
OLD:
Use of either of these access identi-
fiers makes it impossible for an attacker, spying on the session,
to use the same URL, either directly or by submission to a message
submission entity.
NEW:
Use of either of these mechanisms limits the scope of the URL.
An attacker who cannot authenticate using the appropriate credentials
cannot make use of the URL.
In section 12.1, 13th paragraph:
OLD:
A widely deployed IMAP client Netscape Mail (and possibly
Mozilla/ Thubderbird/Seamonkey) use a different imap: scheme inter-
^ ^
nally.
NEW:
A widely deployed IMAP client Netscape Mail (and possibly
Mozilla/Thunderbird/Seamonkey) use a different imap: scheme inter-
^ ^
nally.
(typo in Thunderbird, also remove an extra space)
In Appendix D, third paragraph, add:
OLD:
Editors would like to thank Mark Crispin, Ken Murchison, Ted
Hardie, Zoltan Ordogh, Dave Cridland, Kjetil Torgrim Homme, Lisa
Dusseault, Spencer Dawkins, Filip Navara and Shawn M. Emery for the
^^^
time they devoted to reviewing of this document and/or for the com-
ments received.
NEW:
Editors would like to thank Mark Crispin, Ken Murchison, Ted
Hardie, Zoltan Ordogh, Dave Cridland, Kjetil Torgrim Homme, Lisa
Dusseault, Spencer Dawkins, Filip Navara, Shawn M. Emery, Sam Hartman,
^ ^^^^^^^^^^^^^
Russ Housley and Lars Eggert for the time they devoted to
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
reviewing of this document and/or for the comments received.