IETF Logo Mail Archive

Re: [Extra] AD Review of draft-ietf-extra-imap4rev2

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 06 January 2021 22:53 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E14A73A134C for <extra@ietfa.amsl.com>; Wed, 6 Jan 2021 14:53:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.087
X-Spam-Level:
X-Spam-Status: No, score=-2.087 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fgO3qiWvnFmq for <extra@ietfa.amsl.com>; Wed, 6 Jan 2021 14:53:48 -0800 (PST)
Received: from mail-vs1-xe2f.google.com (mail-vs1-xe2f.google.com [IPv6:2607:f8b0:4864:20::e2f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E6903A0C18 for <extra@ietf.org>; Wed, 6 Jan 2021 14:53:48 -0800 (PST)
Received: by mail-vs1-xe2f.google.com with SMTP id e15so2684231vsa.0 for <extra@ietf.org>; Wed, 06 Jan 2021 14:53:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=/3A3I2FlocyFgb/ZcrY0M/vxNPJcIQoq8Q8PD/1LLuA=; b=HpD9WIE/q9wnNsmDWMEbXGeTCDQQu9LCOD3a6/8qYA/QcwAwmBiu3Iin94tDQCzMpS WDrrIC2FTVGX3vis53m55utMh5jO0Xf5iP3vD+5oGCtXsM1DBnhsDez55kH4pBVxPjQW Mad5+k9js+jSbQVaGU/7cbe/dSPtSVKrkOg69Y8XsdkJ9EVim7IwiC3lBCzhrz3+y00A B/Tbxtfx3q2ovTOKdfXoRn4h3Adlv3FBqCnesPuRjYUDLKhml8Rts9r3OUwvPTjkYCjh W/a19o/zyArku6HwPGVeJz5rliDsicTZVjLRg8NrvzHaTeG7atWElLCwUhFe4D8EE7so Y1rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=/3A3I2FlocyFgb/ZcrY0M/vxNPJcIQoq8Q8PD/1LLuA=; b=bRk3kPXd/+jn63YpN8P1boteqoIxHpAXCL0RKdTlEUFImwiU4jCSQLi7dodbPnuF22 849vvpKbn0tpulZzKZIrTb/O2M9y/SgEvhmRXUP7bbv8QRpme70a58SXydkb5XHehNCL uVY7ZtzSA5WmvKZNeaRxMYlb8HXgFTraADJ+aMr8FMcUNpFk8Gm03y6SujrcwXSKAhkY TTz6Xh+SYxnXyARilmdXOvFSlT77oIM+KhI3ucjNYkeJU9zxs/ruW0KL5n25dPWUBjf1 CResfhwHy1fW4vyhYqs/WwLRGkdaQJk0nsD9RUs2ORTPekP0ywedts7irKDTUA54ToBD jMiA==
X-Gm-Message-State: AOAM531p2C74lcjuK81Mjcya/zlLSskj5Dp5Y9OetV4XOujpJo0C4JmA xcjZGG+UVsxC8ESkuwgy6C8AbpshtRtOSdROu8EZZaQpx/o=
X-Google-Smtp-Source: ABdhPJyfgQ/7tPzZHO5bQPF1kxN+BXrAjliTWEaZOFaReQV9XS2NpFP7MmPVVP7ZaWEIImgG1zeWrDf78bdsPCQe72I=
X-Received: by 2002:a67:18c6:: with SMTP id 189mr4946214vsy.54.1609973627100; Wed, 06 Jan 2021 14:53:47 -0800 (PST)
MIME-Version: 1.0
References: <CAL0qLwaLa+PuGWRrKTbpmDa_SWKT9ZQUEQ9dsPgXfUmTzcYAYw@mail.gmail.com> <bb662e64-626c-914b-de59-f85ef18ee5e3@isode.com> <CAL0qLwYXht2r_83PCZo6+tJUJAoYCd0EoGyCHm6BQEQ=YhWT-A@mail.gmail.com> <5bd4c4e9-4414-e9b5-48f4-520f3185239b@isode.com>
In-Reply-To: <5bd4c4e9-4414-e9b5-48f4-520f3185239b@isode.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
Date: Wed, 06 Jan 2021 14:53:35 -0800
Message-ID: <CAL0qLwYXqj577yxiHuQBR1E70uik4fpQuizYaBFqa2DaXCmbmw@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: extra@ietf.org
Content-Type: multipart/alternative; boundary="0000000000002421f205b84332ff"
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/H7c5qfw6lnpw9Tp3DTbPZ9xNUmY>
Subject: Re: [Extra] AD Review of draft-ietf-extra-imap4rev2
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jan 2021 22:53:51 -0000

On Tue, Jan 5, 2021 at 5:56 AM Alexey Melnikov <alexey.melnikov@isode.com>
wrote:

> Hi Murray,
> On 04/01/2021 17:21, Murray S. Kucherawy wrote:
>
> On Mon, Jan 4, 2021 at 6:05 AM Alexey Melnikov <alexey.melnikov@isode.com>
> wrote:
>
>>
>> Section 2.2.1
>>
>>   Clients MUST follow the syntax outlined in this specification
>>
>>    strictly.  It is a syntax error to send a command with missing or
>>
>>    extraneous spaces or arguments.
>>
>> It seems unnecessary to say this in a standards track document.  There’s
>> a similar paragraph in Section 2.2.2.
>>
>> I think the text is there due to various bugs in implementations, so I
>> would rather keep it as is.
>>
> I would use "need to" instead of "MUST" here.  It's otherwise a bit
> hand-wavy for use of BCP 14 language.  But I'll leave this to the WG.
>
> Barry replied to this and I think you are Ok with MUST staying as is.
>

Yep, I just wanted to have the discussion.  Thanks for indulging.

Section 2.2.2
>>
>>    In the case of certain server data, the data MUST be recorded.
>>
>> This seems misplaced; the MUST should be in the descriptions for the
>> specific cases where this requirement exists.
>>
>> I think this text is actually Ok where it is, as it warns/requires the
>> client to implement proper cashing. It is more a statement of intent.
>>
>> If you think use of RFC 2119 language here is not right, we can discuss
>> that.
>>
> Similar to the previous case, I suggest "needs to" here, and then wherever
> you talk about certain server data, that's where the BCP 14 language should
> go.
>
> The latter would be difficult, because there are several responses like
> EXISTS and EXPUNGE that needs to be remembered by clients, but this list is
> not exhaustive.
>

I hear you.  The thing that I was hoping to solve for is that it's not very
crisp.  Which server data MUST be cached, and which server data is OK to
toss?  You can't tell just from that sentence.  If it's specified more
clearly later on, then this isn't needed.


> I also didn't think you meant caching when you said "recorded"; I took
> that to refer to logging.  Possibly something else to clarify.
>
> So this paragraph says:
>
>    Server data SHOULD
>    be recorded, so that the client can reference its recorded copy
>    rather than sending a command to the server to request the data.  In
>    the case of certain server data, the data MUST be recorded.
>
> I think caching is intended here. Is "remembered" better that "recorded"
> above?
>
Somehow when I read it the first time I didn't realize that was simply
caching; it seemed to be describing something more elaborate.  Anyway, yes,
this is fine.


>
>> The text surrounding $Phishing goes further into human factors work than
>> other working groups have felt appropriate.  (DKIM and DMARC come to
>> mind.)  Are we sure that belongs here?
>>
>> Yes, considering this is a security consideration, a good example of UI
>> is necessary here.
>>
>
> I'm curious to see if anyone else raises this given how much energy those
> other WGs used in the past to resist providing any UI advice at all.
>
> There are obvious counter examples in recent history, like TLS and OAUTH
> WG.
>

Huh.  OK.  I learned something today.  :-)


> Should this section mention whether the system flags are permanent?
>> \Seen, for example, is clearly a system flag, but it could also be a
>> session flag.
>>
>> No, implementations differ and sometimes even \Seen is not permanent.
>> (The last sentence of the first paragraph already says "A flag of either
>> type can also be permanent or session-only.")
>>
> Yep, that's what caused me to make the comment.
>
> Basically I don't think we can say anything useful about system flags in
> this respect. They may or may not be permanent, same as keywords. So I
> think no change for this one.
>

OK.


>> Section 2.3.3
>>
>> All the SHOULDs in here make me wonder when an implementor might
>> legitimately choose to do something different.  Or maybe instead of “SHOULD
>> be”, just say “is”?
>>
>> I think for delivery by SMTP, I agree. For COPY/MOVE there is actually a
>> posibility that some mailstores wouldn't preserve original values, so this
>> is asking them to really think hard about preserving it.
>>
>> And for APPEND, this is a similar requirement on MUAs to preserve this
>> information. (Some don't and it is very awkward.)
>>
>> So I prefer to keep the last 2 SHOULDs.
>>
> I guess I'm wondering if those implementations chose not to for some
> reason you think is valid, or was it purely an oversight on their part and
> you're using SHOULD to grandfather them in?  Would it be fine to say MUST
> here and just say that an implementation not doing this is therefore not
> compliant with rev2?
>
> I think I already gave an example of limited mailstores that are not able
> to preserve some information on COPY/MOVE. (For example they might be
> gatewaying data to other more restrictive formats). I don't think we want
> to make them non compliant at this time.
>
> In regards to clients preserving internaldates on APPEND. If they use
> APPEND to migrate/copy data between 2 different IMAP servers or between a
> local and remote mailstore, they must preserve it. But APPEND can also be
> used for other creating modifications, so again I think SHOULD is fine as
> is.
>
OK, thanks for explaining.  I don't have any particular remedy in mind now
that I know what's going on behind this.


>> Section 6.1.2
>>
>>
>> This section says NOOP can be used to reset the autologout timer (which
>> seems definite), but Section 5.1.4 says any command only SHOULD reset the
>> timer.  Do these line up?
>>
>> (I assume you meant 5.4)
>>
>> Well spotted. I changed text in 5.4 to readL
>>
>>  The receipt of any command from the client during that interval resets
>> the autologout timer.
>>
> Why would a command deviate from the SHOULD and not reset the timer?
>
> There is no reason I can think of, so the new text I suggested above no
> longer uses "SHOULD". I think that addresses your issue. Do you disagree?
>

Nope, we're good here.


>  [snip]
>>
>> This section should make it more explicit, up front, that the response
>> names the extensions that were successfully enabled.  Right now the lede is
>> buried in about the 7th paragraph.
>>
>> I didn't move the paragraph that talks about ENABLED response, but I
>> clarified it.
>>
>
> It seems like a pretty important aspect of the response, so I thought it
> was strange that it wasn't presented until so late in the section.  Your
> call though.
>
> I think the new text is clear, as it explains what appears in the ENABLED
> response the first time ENABLED response is mentioned. So have a look at
> -23 and let me know.
>

Good to go.

>
>> It’s weird to say “renaming INBOX is permitted”
>>
>> This is saying that the server wouldn't return "BAD" to it.
>>
>> followed immediately by “some servers don’t let you do this”.
>>
>> But this is saying that the server can still return "NO".
>>
>> Which is the standard for this version of IMAP?  If it’s an
>> implementation choice, I think that’s what this should say.
>>
>> Yes, it is.
>>
>
> That's fine, then, if this is clarified.  I just found that bit to be
> self-contradicting as written in -22.
>
> I think IMAP is a bit subtle in places, as NO and BAD have very different
> semantics. "BAD" means that the client shouldn't have tried this. "NO"
> means some other reason why this fails, which can be entirely server
> specific.
>
> Anyway, I clarified this.
>

Thanks!

-24 covers all of the major stuff except the text duplication (nice
work!).  Did we figure out how you'd like to deal with that?  That's not a
Last Call blocker for me -- I'll send -24 if you think it's ready -- but I
wouldn't be surprised if some downstream reviewer or AD makes the same
observation.

-MSK

v2.23.0 | Report a Bug | By Email