Re: [Extra] Review: draft-ietf-extra-imap4rev2-11

Alexey Melnikov <alexey.melnikov@isode.com> Fri, 07 February 2020 16:58 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16B1912084E for <extra@ietfa.amsl.com>; Fri, 7 Feb 2020 08:58:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Agx8A0H2AwRW for <extra@ietfa.amsl.com>; Fri, 7 Feb 2020 08:58:15 -0800 (PST)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 9298112025D for <extra@ietf.org>; Fri, 7 Feb 2020 08:58:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1581094693; d=isode.com; s=june2016; i=@isode.com; bh=a6Fwo9BpvVDqZFZXr15dME0wJxHD98TjV33ywvdGkKU=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Sto+gflj33ZpLVyEbP2zCQSaga3a1bFW8N4bfr8R2S8C1DzoNQBO1Okg1DqAVcEVwjC+MY OGsyVLjRQzS5TAlZt6WNhDPLgG/RBkintxlmI9DLMHgCnC+S3RFdbrKLl+JbK6neuurkZZ nPimfsdMFcL0pXp57UqdVIqKI8AnvwM=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <Xj2XJABD4Lqk@waldorf.isode.com>; Fri, 7 Feb 2020 16:58:13 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
To: Timo Sirainen <timo@sirainen.com>, Bron Gondwana <brong@fastmailteam.com>
Cc: extra@ietf.org, Barry Leiba <barryleiba@computer.org>
References: <9fdfa8e8-147d-4248-a0c1-48de171ac675@dogfood.fastmail.com> <872422BE-C8FA-4AA0-8EF1-2ECA79F64926@sirainen.com> <96BAB7A5-420A-49AF-977F-1F722746E5DD@isode.com>
Message-ID: <f6fe67d4-7fa7-2711-6097-f3eae359e7f4@isode.com>
Date: Fri, 7 Feb 2020 16:57:52 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.3.1
In-Reply-To: <96BAB7A5-420A-49AF-977F-1F722746E5DD@isode.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------2B4E6F4D8A632CC40768E012"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/cT1PUrsxJjsrGzcaHZlNFuNScAs>
Subject: Re: [Extra] Review: draft-ietf-extra-imap4rev2-11
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 16:58:19 -0000

Hi,

On 29 Jan 2020, at 14:20, Timo Sirainen <timo@sirainen.com 
<mailto:timo@sirainen..com>> wrote:

> On 29. Jan 2020, at 14.08, Bron Gondwana <brong@fastmailteam.com 
> <mailto:brong@fastmailteam.com>> wrote:
>>
>> *2.2.1 Client protocol*
>> *
>> *
>> /"A different tag is generated by the client for each command"./ 
>> There's no "MUST" on this, and certainly I've seen clients which 
>> don't.  Do we want to make that more strict in rev2?  It would be a 
>> bit of a pain on the commandline where I normally use ".", but it's 
>> also annoying as a server author that you can't rely on tag uniqueness.
>>
>> Maybe the client SHOULD generate a different tag for every command, 
>> but a server MUST accept tag reuse (could restrict concurrency, a tag 
>> can only be reused after it's been "returned")
>
> I haven't seen this as a problem, so I don't really care either way.

I don’t see this as a problem and I don’t want to require servers to 
check for reuse.

I am Ok with adding informative suggestion for clients to generate 
unique tags to ease in debugging issues. Would this work for people?
>
>> *2.3.1.1 UID Attribute
>> *
>> /
>> /
>> /"The next unique identifier value MUST NOT change unless new 
>> messages are added to the mailbox". /I would very much like that 
>> first MUST NOT to be weakened to "SHOULD NOT".  My reasoning is that 
>> you could have a virtual mailbox which used a global sequence number 
>> per message.  It would behave to clients as if a message had been 
>> delivered and then immediately expunged.  I'm pretty sure clients 
>> don't care - they'll fetch the range, discover that nothing new has 
>> appeared, and stay happy.  The second MUST is obviously correct, that 
>> the UIDNEXT must increase when messages are delivered.
>
> Agreed.

I was initially fine with this change, but after rereading this sentence 
I think it is mostly Ok as is. I think a possible point to clarify is 
that if a message is added and removed in another session, the UIDNEXT 
will be updated, even if the change is not reported in the current 
session. This is perfectly fine behaviour and should also work for the 
virtual mailbox case.

>> *5.1 Mailbox Naming*
>>
>> This doesn't solve one of my naming bugbears.  The spec says things 
>> like/"servers MAY accept a de-normalized UTF-8 mailbox name and 
>> conver it to Net-Unicode prior to mailbox creation." -/*//*there is 
>> no clear way to know what the SELECTable name will be after creating 
>> a mailbox.
>>
>> If I was designing this myself from scratch I would say that "SELECT 
>> of the same octets that were passed to CREATE MUST open that same 
>> mailbox" or something to that effect.  Since we're messing with how 
>> mailbox naming works somewhat for imap4rev2, I'd be keen to add this 
>> restriction on server behaviour so that clients don't fall into a 
>> "CREATE -> ALREADY EXISTS / SELECT -> DOESN'T EXIST" loop.

I agree this is a problem and happy to do what you suggest.
>>
>> It still doesn't mean that you can reliably tell the correct octets 
>> for the matching mailbox from the LIST response though :(
>
> Is it too late to add a new response code? Something like:
>
> * OK [CREATED] TAG "a123" NAME "Denormalized name"

Response codes are cheap and don’t break older clients, so I am happy to 
add one.
>
>> *6.3.2 SELECT command
>> *
>>
>> I also saw somewhere that the server can unilaterally send a "* 
>> [CLOSED]" response at any point if it's had to close the mailbox 
>> (e.g. it got deleted, or IO errors).  I'm not sure if that requires 
>> opt-in to IMAP4REV2, since otherwise clients will not be aware to 
>> watch for it.  This may need to be clarified.

Agreed.

>> Current behaviour of our server right now is to drop the connection 
>> entirely, which is ugly - but it's rare and all clients already need 
>> to handle it cleanly, so it guarantees no messed up data model for 
>> the clients.
>
> Yeah, I'd prefer just BYE instead of unilateral CLOSED. I don't think 
> clients are going to implement it correctly since it almost never 
> happens, so nobody tests that code path.

Let me think about this.
>
>> *6.3.4 and 6.3..5 CREATE and DELETE
>> *
>>
>> Can we make it illegal to "DELETE" a mailbox with children rather 
>> than make it a \NoSelect mailbox pretty pretty please?  I'm just 
>> looking at some patches to deal with Outlook misbehaving with this 
>> precise situation, and it's all horrible.  Because of mailboxId 
>> requirements for JMAP we've been forced to keep these things around 
>> as "intermediate" mailboxes anyway, and it's been the source of tons 
>> of bugs.
>
> \NoSelect seems to be causing confusion in general, and Dovecot 
> nowadays has options that makes it try to avoid creating them. But I'm 
> not sure if it needs to be made illegal in the RFC itself. I think 
> your server implementation can just decide to reject DELETE if it has 
> children.
>
> It sounds like your issues are with \NoSelect mailboxes in general, 
> not just this specific way of creating them with DELETE? For example 
> CREATE a/b could create "a" se \NoSelect also.

I am happy to disallow this, or at least say that servers can either 
disallow delete of a mailbox with children or add \NoSelect to it.

I think the only safe for clients to do is to assume that deleting a 
mailbox with submailboxes is not going to work, so the client needs to 
delete each child separately.
>> *6.3.6 RENAME*
>>
>> I thought we had agreed to strongly recommend against clients using 
>> RENAME INBOX Other, but maybe I've forgotten.  I don't see it in the 
>> minutes, so maybe it's just my wishful thinking.
>
> Dovecot doesn't allow RENAME INBOX in some configurations. I don't 
> remember people complaining.

 From the client prospective I am disagreeing with this, renaming INBOX 
is useful for archiving.

I am happy to say that some servers might disallow this though. Would 
that be Ok with people?
>
>> We definitely have an option in Cyrus IMAP to make subscriptions 
>> follow RENAME.  It's one of the warts (largely due to Thunderbird 
>> showing greyed out folders and confusing people).
>
> We haven't needed to do this yet. I think the \NoSelect folders have 
> been more of a reason for Thunderbird confusion.
>
>> *6.3.7 SUBSCRIBE
>> *
>>
>> Speak of the devil. Lots of sites violate the MUST NOT unilaterally 
>> remove rule.  Should we weaken it to SHOULD?  The justification for 
>> the MUST is "the server site might choose to do X" - well, if the 
>> server site is doing that, then maybe they SHOULDN'T unilaterally 
>> remove the subscriptions, but otherwise it's a better user experience 
>> and what people want.
>>
>> (also: by enabling a non-default break the rules config, it's what 
>> our server does!)
>
> The original use case for not auto-removing a subscription is rather 
> ancient already. I'd be fine with changing subscriptions to follow 
> deletes and renames in the rev2 mode (but better not change behavior 
> in rev1 mode).

I think I would rather weaken this to SHOULD and I would rather not 
require change in behaviour for servers that already comply with the 
MUST NOT.
>
>> *6.3.8 UNSUBSCRIBE*
>>
>> /This command returns a tagged OK response only if the unsubscription 
>> is successful./- this is not clear on what happens if the mailbox is 
>> not currently subscribed - does it silently succeed, or is there an 
>> expected error?
>>
>> For what it's worth, our server just says "OK Completed" even if it's 
>> already been unsubscrbed - and likewise for subscribe if it's already 
>> subscribed it just say "yep, all good".
>
> Same with Dovecot. I think should keep the OK behavior, since that's 
> what is commonly been done.

I think returning OK if not subscribed would be a better behaviour for 
clients. (I have lots of comments in my client asking what should be 
done if UNSUBSCRIBE fails, for example.) So I would be happy to change 
the text.
>
>> *6.3.10 NAMESPACE*
>>
>> We've created a conflict here.  The NAMESPACE command contains prefix 
>> strings for the individual namespaces, and says:
>>
>>     The prefix string allows a client to do things such as automatically
>>     creating personal mailboxes or LISTing all available mailboxes within
>>     a namespace.
>>
>> Which contradicts the advice we gave back in the LIST command not to 
>> use prefix.  Perhaps we should change the LIST advice to be "only use 
>> the empty prefix or prefixes given in the NAMESPACE response"?
>
> I think you're mixing "namespace prefixes" with "list references"? I 
> don't think the above sentence advocates using LIST reference 
> parameter, just using the namespace prefix for listing e.g. LIST "" 
> ns-prefix/*

Exactly.
>
> Anyway, I see lots and lots of text is still preserved for the LIST 
> reference parameter explanation, even though it shouldn't be used. 
> Couldn't we just decide to get rid of it entirely in rev2 and say the 
> reference MUST be empty? Or say only that is is implementation-defined 
> and refer to IMAP4rev1 if anyone wants to see how it used to be 
> implemented?

I kept the text because non empty reference is still allowed. I think I 
would rather allow it and mark the text as recommended server behaviour 
if non empty reference parameter is supplied. Maybe move it to a 
separate section for clarity?
>
>> *6.3.11 STATUS
>> *
>>
>>        Note: The STATUS command is intended to access the status of
>>        mailboxes other than the currently selected mailbox.  Because the
>>        STATUS command can cause the mailbox to be opened internally, and
>>        because this information is available by other means on the
>>        selected mailbox, the STATUS command SHOULD NOT be used on the
>>        currently selected mailbox.
>>
>> This advice is all well and good, but it says nothing about what the 
>> server may or may not do when it gets one of these STATUS commands.  
>> This is particularly relevant in the context of LIST RETURN STATUS, 
>> where it's hard to construct list patterns which explicitly avoid the 
>> currently selected mailbox.

Good point. I think this should be allowed on the selected mailbox.

>>
>> Likewise with the:/MUST NOT be used as a "check for new messages in 
>> the selected mailbox"/assertion. Plenty of clients will do a STATUS 
>> run across folders and if they're doing LIST RETURN STATUS they're 
>> gonna find out about the new messages if the server returns it.  
>> Clients can not rely on it working is a more honest representation of 
>> what happens.

>>
>> I'd like to see that IMAP4REV2 servers MUST implement STATUS of the 
>> currently selected mailbox.  Yes, it's a special codepath - but if 
>> you're already testing if it's the currently open mailbox then you're 
>> at exactly the right place to do the right thing:
>
> Also this is the only way to get the current UIDNEXT of the selected 
> mailbox (since it might be higher than last message's UID).
>
> The main ambiguity though is whether STATUS on the current mailbox is 
> expected to check for new changes. Dovecot implements it in a way that 
> it doesn't check for changes. I think there used to be even a good 
> reason for that.

I am ambivalent on what server behaviour should be in this case. I am Ok 
with saying that the client can’t expect the server to check for changes.
>
>> 6.4.4.1 SAVE Result
>>
>> I'm not sure I understand the interaction here with closing and 
>> re-opening a mailbox.  I would expect that closing a mailbox would 
>> wipe the SAVED result,
>
> I think it practically says that, since it says that SELECT/EXAMINE 
> resets it to empty sequence. It's not really relevant whether it 
> happens when the mailbox is closed or when the next mailbox is opened, 
> because you can't use it in non-selected state anyway..

Exactly :-).
>
>> and that trying to use a SAVED result when there isn't one should 
>> return an error.
>
> It says that the default is an empty sequence. So it won't result in 
> an error, just a non-matching set. I'm fine with this behavior, 
> especially since it's easier to implement and I don't really see much 
> of a downside.

Same here. That was the intent.
>
>> Speaking of which, Example 5 is wrong: It says that the second search 
>> command leads to the variable containing no messages, but the second 
>> search command did not contain the RETURN SAVE option, so it should 
>> not have altered the variable.
>
> Right. And even if it did contain RETURN SAVE option it still 
> shouldn't have altered the variable, because:
>
> """
>    Any of the following SEARCH commands MUST NOT change the search
>    result variable:
>
>       a SEARCH command that caused the server to return the BAD tagged
>       response,
> """

Ok, I will recheck the example.

>
>> *7.4.2 FETCH Response*
>>
>> I remember past bugs with UID in "unsolicited" FLAGS responses.  Do 
>> we need to require that including UID only happen after ENABLE 
>> IMAP4REV2 (as it is for ENABLE QRESYNC)?
>
> Might be useful to require UID for any untagged FETCH reply. It can 
> simplify client behavior.

I think we agreed to this. I think I mention this for IDLE, but didn’t 
say it in this section. What is the best place for this text? At the top 
of the section describing FETCH response?

Best Regards,
Alexey