IETF Logo Mail Archive

Re: [Extra] Roman Danyliw's No Objection on draft-ietf-extra-imap4rev2-26: (with COMMENT)

Alexey Melnikov <alexey.melnikov@isode.com> Tue, 02 February 2021 17:08 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ECA43A0C5D; Tue, 2 Feb 2021 09:08:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RTw-IpVo42mV; Tue, 2 Feb 2021 09:08:17 -0800 (PST)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 27E3F3A0C5B; Tue, 2 Feb 2021 09:08:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1612285696; d=isode.com; s=june2016; i=@isode.com; bh=9xFoLONtL7qMhmncA8DQZxwJPf8pVTMGoi3baeSPWrU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=kxzDwruvD4Km3qWyuw1DOzRd6WWWU7W7ha0iZYE5RNNqsi04KB6W65H2OmK+J2CGpdnlhQ mL7YXNy3GPxvGvnzTjPG8dv23YEHypktT0QfXXscPh8zGjTN7sr4JrEKLjDMkbaf0jOX1q gsKRku7lJV2TwFDGprZcqkMTW22yIHs=;
Received: from [192.168.1.222] (host5-81-100-50.range5-81.btcentralplus.com [5.81.100.50]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <YBmG=wAuQVkt@waldorf.isode.com>; Tue, 2 Feb 2021 17:08:16 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Cc: extra@ietf.org, brong@fastmailteam.com, draft-ietf-extra-imap4rev2@ietf.org, extra-chairs@ietf.org
References: <161227892696.22043.1613107216198518224@ietfa.amsl.com>
Message-ID: <d11c48d6-bbe4-156f-30a8-d5206557d82d@isode.com>
Date: Tue, 02 Feb 2021 17:08:15 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
In-Reply-To: <161227892696.22043.1613107216198518224@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/QQ469bP0D1Oz4o6XywYYS8LWbUA>
Subject: Re: [Extra] Roman Danyliw's No Objection on draft-ietf-extra-imap4rev2-26: (with COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 17:08:19 -0000

Hi Roman,

Thank you for your comments. Replying to most of your comments (I will 
reply to the rest separately):

On 02/02/2021 15:15, Roman Danyliw via Datatracker wrote:
> ** Section 1.3.  What are the “unpublished IMAP2bis protocols”?  Even if there
> were unpublished, is there any pointer/reference that can be provided, say like
> https://tools.ietf.org/html/draft-ietf-imap-imap2bis-02?
Yes, this looks like a reasonable informative reference.
> ** Section 2.3.1.1.  Step #4.  Should “In particular, the internal date,
> [RFC-5322] size, envelope, body structure, and message texts (all BODY[...]
> fetch data items) must never change)”, use the normative “MUST never change”?
Sure.
> ** Section 2.3.3.  The text for $Forwarded notes that “Once set, the flag
> SHOULD NOT be cleared.”  Should the same guidance apply to $MDNSent?
$MDNSet description points to RFC 3503, which states "MUST NOT be 
cleared". I would rather not copy the text into this draft, if that is 
Ok with you?
> ** Section 5.1.2.  Editorial.  s/manager to grant to their secretary access
> rights/manager to grant to their administrative support staff access rights/
Ok.
> ** Section 6.3.1.  Per “However, servers cannot send those unsolicited
> responses (with the exception of response codes (see Section 7.1) included in
> tagged or untagged OK/NO/BAD responses, which can always be sent) until they
> know that the clients support such extensions and thus won't choke on the
> extension response data”, what is the more precise definition of “choke” here.
> Is it that the client doesn’t understand the extension or that it won’t be able
> to process it?
The former. I think it was intended as a shortcut for "crash and 
misbehave in other surprising ways".
> ** Section 6.3.9.3.  Step 3.  Per “Attributes returned in the same LIST
> response must be treated additively”, should this be a normative “MUST”?
I think MUST is going to be a bit silly here, as the whole set is 
specified in a single LIST response. I will change this to "are treated 
additively".
> ** Section 6.3.12 and Section 8.  The examples here have a few “non example”
> domains (e.g., @Blurdybloop.com, @owatagu.siam.edu, @cac.washington.edu)
Yes, this comes from RFC 3501. I can change these if this is a big deal 
to people, but this will cause literal size changes in various places, 
so this is more work than just search & replace everywhere in the document.
> ** Section 6.4.4.4.  Editorial.  In this section the inline annotation of the
> C: and S: examples are with a “//”.  In Section 6.3.10, these annotations are
> made via “< … >”.  I’d recommend consistency.

Ok. Murray has pointed out the same thing. I will discuss with RFC 
Editor about the best way of representing comments.

  [snip]

> ** Section 7.1.4.  Per “For this reason PREAUTH response SHOULD only be
> returned by servers on connections that are protected by TLS (such as on
> implicit TLS port [RFC8314]) or protected through other means such as IPSec”,
> what is the corner case in mind that motives a SHOULD (instead of a MUST)?
I was thinking about loopback interface or something like Unix domain 
socket (the latter is technically out of scope for this document).
> ** Section 11.  There are both confidentiality and integrity issues with
> sending of IMAP in the clear.
>
> OLD
> IMAP4rev2 protocol transactions, including electronic mail data, are
> sent in the clear over the network unless protection from snooping is
> negotiated.
>
> NEW
> IMAP4rev2 protocol transactions, including electronic mail data, are sent in
> the clear over the network exposing them to possible eavesdropping and
> manipulation unless protections are negotiated.
I used your text, thank you.
> ** Section 11.1.  Per “Other TLS cipher suites recommended in RFC 7525 are
> RECOMMENDED …”, seems as if RFC7525 needs to be an explicit reference.

Good point. Added.

  [snip]

> ** In the spirit of inclusive language, consider something like the following:
>
> -- Section 6.2.1.  s/to protect against man-in-the-middle attackers which
> alter/to protect against an on-path attacker which could alter/
>
> -- Section 11.1
> OLD
> … as presented in the server Certificate message, in order to prevent
> man-in-the-middle attacks.
>
> NEW
> … as presented in the server Certificate message, in order to prevent on-path
> attackers attempting to masquerade as the server.
Changed, thank you.
> -- Section 11.3.  s/(or a man-in-the-middle attacker)/ (or an on-path attacker)/
Changed.
> ** Typos:
> -- Section 11.2. s/overriden/overridden/
Fixed, thanks.
> ** From idnits:
>    -- The draft header indicates that this document obsoletes RFC3501, but the
>       abstract doesn't seem to mention this, which it should.
>
>    -- There are a number of reference warnings which should be confirmed as not
>    being problematic (not mentioned in the shepherd write-up)

Will do. I think all of them were covered by the IETF LC announcement, 
but I will double check.

Best Regards,

Alexey

v2.23.0 | Report a Bug | By Email