Re: [Extra] draft-ietf-extra-imap4rev2-04 review

Ned Freed <ned.freed@mrochek.com> Tue, 26 March 2019 14:21 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5DEF41202F0 for <extra@ietfa.amsl.com>; Tue, 26 Mar 2019 07:21:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mrochek.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vb3ANRRueI74 for <extra@ietfa.amsl.com>; Tue, 26 Mar 2019 07:21:46 -0700 (PDT)
Received: from plum.mrochek.com (plum.mrochek.com [172.95.64.195]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1E8912031E for <extra@ietf.org>; Tue, 26 Mar 2019 07:21:16 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01R4QZ1QN2M80035QV@mauve.mrochek.com> for extra@ietf.org; Tue, 26 Mar 2019 07:16:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=201712; t=1553609772; bh=sb0gJ6aM+MQdqjiygF6EyF85Jg5W4ns7lzAxEIyNcIc=; h=Cc:Date:From:Subject:In-reply-to:References:To:From; b=WAtjgFTUOl9JNdWRnfK2AhRnUk1c2D91uO42Q/udmla+NL2D1Bm8KhYkmH+dtefYq C/m5FOOfPEEQJ87U6wDdlirS75g111LjDaogD/Auamd1pU2COgjXvg+a/vueDs2zDp DtGs+Iyjx4O6PPmEhxYHHKuin2eyahyUR/I/dq0A=
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: TEXT/PLAIN; CHARSET=us-ascii; Format=flowed
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01R4OX3W0CEO000051@mauve.mrochek.com>; Tue, 26 Mar 2019 07:16:07 -0700 (PDT)
Cc: Timo Sirainen <tss@iki.fi>, extra@ietf.org
Message-id: <01R4QZ1O8F8G000051@mauve.mrochek.com>
Date: Tue, 26 Mar 2019 07:13:06 -0700 (PDT)
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Tue, 26 Mar 2019 09:45:57 +0100" <D7C76954-8685-42EB-A0CE-6C5A57D0731E@oracle.com>
References: <44234C00-7A5D-4B41-9E85-4CF839B48214@iki.fi> <D7C76954-8685-42EB-A0CE-6C5A57D0731E@oracle.com>
To: Chris Newman <chris.newman@oracle.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/-k_vZvYb3Sl6XVhSYhXlQalwKSc>
Subject: Re: [Extra] draft-ietf-extra-imap4rev2-04 review
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 14:21:47 -0000

> On 25 Mar 2019, at 13:04, Timo Sirainen wrote:
> >> 3.4.  Logout State
> >>
> >
> >>    A server MUST NOT unilaterally close the connection without
> >> sending
> >>    an untagged BYE response that contains the reason for having done
> >> so.
> >
> > Also already in RFC 3501, but this MUST NOT has to be violated
> > sometimes. For example otherwise it would allow client to FETCH a
> > large message and keep reading it very very slowly over days, and
> > server wouldn't be allowed to disconnect it, because it can't send BYE
> > in the middle of the large mail literal.

> Another example is if a client gets hung up (or goes silently offline)
> during a TLS negotiation. The server has to eventually timeout the
> connection but it would be semantically wrong to send a "* BYE" since
> there's no data channel. One case where this happened was when our SSL
> stack dropped support for an SSLv2-compatible hello (allowed by RFC
> 6176), but some very old client kept sending such a hello (prohibited by
> RFC 6176). Incidentally, SSLv2 is completely incompatible with SSLv3 so
> the client sends something that's not sufficient to complete an SSLv3
> packet so both ends get stuck waiting until one side hangs up.

There was a suggestion (I think) during the meeting that this should be handled
by sending the TLS equivalent of "* BYE". Which sounds fine in theory, but as
said at the time, I'm skeptical that many/most TLS implementations provide
implementors with the means to conveniently do that.

				Ned