Re: [Extra] Roman Danyliw's No Objection on draft-ietf-extra-imap4rev2-26: (with COMMENT)
Alexey Melnikov <alexey.melnikov@isode.com> Tue, 02 February 2021 17:08 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ECA43A0C5D; Tue, 2 Feb 2021 09:08:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RTw-IpVo42mV; Tue, 2 Feb 2021 09:08:17 -0800 (PST)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 27E3F3A0C5B; Tue, 2 Feb 2021 09:08:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1612285696; d=isode.com; s=june2016; i=@isode.com; bh=9xFoLONtL7qMhmncA8DQZxwJPf8pVTMGoi3baeSPWrU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=kxzDwruvD4Km3qWyuw1DOzRd6WWWU7W7ha0iZYE5RNNqsi04KB6W65H2OmK+J2CGpdnlhQ mL7YXNy3GPxvGvnzTjPG8dv23YEHypktT0QfXXscPh8zGjTN7sr4JrEKLjDMkbaf0jOX1q gsKRku7lJV2TwFDGprZcqkMTW22yIHs=;
Received: from [192.168.1.222] (host5-81-100-50.range5-81.btcentralplus.com [5.81.100.50]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <YBmG=wAuQVkt@waldorf.isode.com>; Tue, 2 Feb 2021 17:08:16 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Roman Danyliw <rdd@cert.org>, The IESG <iesg@ietf.org>
Cc: extra@ietf.org, brong@fastmailteam.com, draft-ietf-extra-imap4rev2@ietf.org, extra-chairs@ietf.org
References: <161227892696.22043.1613107216198518224@ietfa.amsl.com>
Message-ID: <d11c48d6-bbe4-156f-30a8-d5206557d82d@isode.com>
Date: Tue, 02 Feb 2021 17:08:15 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0
In-Reply-To: <161227892696.22043.1613107216198518224@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/QQ469bP0D1Oz4o6XywYYS8LWbUA>
Subject: Re: [Extra] Roman Danyliw's No Objection on draft-ietf-extra-imap4rev2-26: (with COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Feb 2021 17:08:19 -0000
Hi Roman, Thank you for your comments. Replying to most of your comments (I will reply to the rest separately): On 02/02/2021 15:15, Roman Danyliw via Datatracker wrote: > ** Section 1.3. What are the “unpublished IMAP2bis protocols”? Even if there > were unpublished, is there any pointer/reference that can be provided, say like > https://tools.ietf.org/html/draft-ietf-imap-imap2bis-02? Yes, this looks like a reasonable informative reference. > ** Section 2.3.1.1. Step #4. Should “In particular, the internal date, > [RFC-5322] size, envelope, body structure, and message texts (all BODY[...] > fetch data items) must never change)”, use the normative “MUST never change”? Sure. > ** Section 2.3.3. The text for $Forwarded notes that “Once set, the flag > SHOULD NOT be cleared.” Should the same guidance apply to $MDNSent? $MDNSet description points to RFC 3503, which states "MUST NOT be cleared". I would rather not copy the text into this draft, if that is Ok with you? > ** Section 5.1.2. Editorial. s/manager to grant to their secretary access > rights/manager to grant to their administrative support staff access rights/ Ok. > ** Section 6.3.1. Per “However, servers cannot send those unsolicited > responses (with the exception of response codes (see Section 7.1) included in > tagged or untagged OK/NO/BAD responses, which can always be sent) until they > know that the clients support such extensions and thus won't choke on the > extension response data”, what is the more precise definition of “choke” here. > Is it that the client doesn’t understand the extension or that it won’t be able > to process it? The former. I think it was intended as a shortcut for "crash and misbehave in other surprising ways". > ** Section 6.3.9.3. Step 3. Per “Attributes returned in the same LIST > response must be treated additively”, should this be a normative “MUST”? I think MUST is going to be a bit silly here, as the whole set is specified in a single LIST response. I will change this to "are treated additively". > ** Section 6.3.12 and Section 8. The examples here have a few “non example” > domains (e.g., @Blurdybloop.com, @owatagu.siam.edu, @cac.washington.edu) Yes, this comes from RFC 3501. I can change these if this is a big deal to people, but this will cause literal size changes in various places, so this is more work than just search & replace everywhere in the document. > ** Section 6.4.4.4. Editorial. In this section the inline annotation of the > C: and S: examples are with a “//”. In Section 6.3.10, these annotations are > made via “< … >”. I’d recommend consistency. Ok. Murray has pointed out the same thing. I will discuss with RFC Editor about the best way of representing comments. [snip] > ** Section 7.1.4. Per “For this reason PREAUTH response SHOULD only be > returned by servers on connections that are protected by TLS (such as on > implicit TLS port [RFC8314]) or protected through other means such as IPSec”, > what is the corner case in mind that motives a SHOULD (instead of a MUST)? I was thinking about loopback interface or something like Unix domain socket (the latter is technically out of scope for this document). > ** Section 11. There are both confidentiality and integrity issues with > sending of IMAP in the clear. > > OLD > IMAP4rev2 protocol transactions, including electronic mail data, are > sent in the clear over the network unless protection from snooping is > negotiated. > > NEW > IMAP4rev2 protocol transactions, including electronic mail data, are sent in > the clear over the network exposing them to possible eavesdropping and > manipulation unless protections are negotiated. I used your text, thank you. > ** Section 11.1. Per “Other TLS cipher suites recommended in RFC 7525 are > RECOMMENDED …”, seems as if RFC7525 needs to be an explicit reference. Good point. Added. [snip] > ** In the spirit of inclusive language, consider something like the following: > > -- Section 6.2.1. s/to protect against man-in-the-middle attackers which > alter/to protect against an on-path attacker which could alter/ > > -- Section 11.1 > OLD > … as presented in the server Certificate message, in order to prevent > man-in-the-middle attacks. > > NEW > … as presented in the server Certificate message, in order to prevent on-path > attackers attempting to masquerade as the server. Changed, thank you. > -- Section 11.3. s/(or a man-in-the-middle attacker)/ (or an on-path attacker)/ Changed. > ** Typos: > -- Section 11.2. s/overriden/overridden/ Fixed, thanks. > ** From idnits: > -- The draft header indicates that this document obsoletes RFC3501, but the > abstract doesn't seem to mention this, which it should. > > -- There are a number of reference warnings which should be confirmed as not > being problematic (not mentioned in the shepherd write-up) Will do. I think all of them were covered by the IETF LC announcement, but I will double check. Best Regards, Alexey
- [Extra] Roman Danyliw's No Objection on draft-iet… Roman Danyliw via Datatracker
- Re: [Extra] Roman Danyliw's No Objection on draft… Alexey Melnikov
- Re: [Extra] Roman Danyliw's No Objection on draft… Alexey Melnikov
- Re: [Extra] Roman Danyliw's No Objection on draft… Roman Danyliw
- Re: [Extra] Roman Danyliw's No Objection on draft… Roman Danyliw
- Re: [Extra] Roman Danyliw's No Objection on draft… Alexey Melnikov
- Re: [Extra] Roman Danyliw's No Objection on draft… Roman Danyliw