Re: [Extra] draft-ietf-extra-imap4rev2-04 review

"Chris Newman" <chris.newman@oracle.com> Tue, 26 March 2019 15:42 UTC

Return-Path: <chris.newman@oracle.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBF6F120448 for <extra@ietfa.amsl.com>; Tue, 26 Mar 2019 08:42:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id D_bxhFUJbH8U for <extra@ietfa.amsl.com>; Tue, 26 Mar 2019 08:42:49 -0700 (PDT)
Received: from aserp2130.oracle.com (aserp2130.oracle.com [141.146.126.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C2AF1203BD for <extra@ietf.org>; Tue, 26 Mar 2019 08:42:49 -0700 (PDT)
Received: from pps.filterd (aserp2130.oracle.com [127.0.0.1]) by aserp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x2QFe5C7144019; Tue, 26 Mar 2019 15:42:48 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=corp-2018-07-02; bh=lml05BQ27KR6q+2w+50W3ItAPpPs93bTMlHY5N4orjY=; b=vS+0j74HwjdFGu6XmZ6Vr5TkgrhCGwk3KhCZGu0JCdl71KmalMrxRawQDGp4Gh2wAatn tcMBPVrHOxfRSod7q8OSqVPPEBJq/sFPyhXs2aeuJ8IGMGuyi5p9H40Vd6F/3j+8+/Ub lBBy4bbvgsZ0xaboZTfoHNWnWD1cz8qvhIXEa7S757EHqLPuWWDy4zTPtKbjIgNN+qdG rIVYTq6SeRymy5dU4G8j6kukhjR+SR/TbdhssKjI3+P22SpZVh7FYj4D6ZhnsY3UrdQi sW5qEfSE2gYQHBe+/OMX7etZwSUpsinx99zn4ExrKSzrGQ2FA20D+BGzAFvYVRSkBLn0 +A==
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp2130.oracle.com with ESMTP id 2re6g0u9n7-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 Mar 2019 15:42:48 +0000
Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id x2QFglHq007145 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 26 Mar 2019 15:42:48 GMT
Received: from abhmp0007.oracle.com (abhmp0007.oracle.com [141.146.116.13]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x2QFgf2D004903; Tue, 26 Mar 2019 15:42:41 GMT
Received: from [10.175.57.41] (/10.175.57.41) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 26 Mar 2019 08:42:41 -0700
From: "Chris Newman" <chris.newman@oracle.com>
To: "Ned Freed" <ned.freed@oracle.com>
Cc: "Timo Sirainen" <tss@iki.fi>, extra@ietf.org
Date: Tue, 26 Mar 2019 16:42:38 +0100
X-Mailer: MailMate (1.12.4r5594)
Message-ID: <3ACD6BFE-2936-4F12-8159-BCEEFC965CBE@oracle.com>
In-Reply-To: <01R4QZ1O8F8G000051@mauve.mrochek.com>
References: <44234C00-7A5D-4B41-9E85-4CF839B48214@iki.fi> <D7C76954-8685-42EB-A0CE-6C5A57D0731E@oracle.com> <01R4QZ1O8F8G000051@mauve.mrochek.com>
MIME-Version: 1.0
Content-Type: text/plain; format=flowed
X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=9206 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1903260109
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/AfdRNXGLFDphfR0hr3B6qLRDNXU>
Subject: Re: [Extra] draft-ietf-extra-imap4rev2-04 review
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Mar 2019 15:42:54 -0000

On 26 Mar 2019, at 15:13, Ned Freed wrote:
>> On 25 Mar 2019, at 13:04, Timo Sirainen wrote:
>> >> 3.4.  Logout State
>> >>
>> >
>> >>    A server MUST NOT unilaterally close the connection without
>> >> sending
>> >>    an untagged BYE response that contains the reason for having 
>> done
>> >> so.
>> >
>> > Also already in RFC 3501, but this MUST NOT has to be violated
>> > sometimes. For example otherwise it would allow client to FETCH a
>> > large message and keep reading it very very slowly over days, and
>> > server wouldn't be allowed to disconnect it, because it can't send 
>> BYE
>> > in the middle of the large mail literal.
>
>> Another example is if a client gets hung up (or goes silently 
>> offline)
>> during a TLS negotiation. The server has to eventually timeout the
>> connection but it would be semantically wrong to send a "* BYE" since
>> there's no data channel. One case where this happened was when our 
>> SSL
>> stack dropped support for an SSLv2-compatible hello (allowed by RFC
>> 6176), but some very old client kept sending such a hello (prohibited 
>> by
>> RFC 6176). Incidentally, SSLv2 is completely incompatible with SSLv3 
>> so
>> the client sends something that's not sufficient to complete an SSLv3
>> packet so both ends get stuck waiting until one side hangs up.
>
> There was a suggestion (I think) during the meeting that this should 
> be handled
> by sending the TLS equivalent of "* BYE". Which sounds fine in theory, 
> but as
> said at the time, I'm skeptical that many/most TLS implementations 
> provide
> implementors with the means to conveniently do that.

I didn't hear such a suggestion. I made the observation that a wedged 
TLS negotiation is a scenario where sending "* BYE" shouldn't be done. 
It was suggested that example be mentioned in the document. I did not 
mention the fact that TLS has it's own alert syntax that could be used 
instead of "* BYE" -- I agree discussing that would be a bad idea.

		- Chris