Re: [Extra] Roman Danyliw's Discuss on draft-ietf-extra-imap-fetch-preview-03: (with DISCUSS and COMMENT)

"Alexey Melnikov" <> Wed, 10 April 2019 12:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id EA80D12032D; Wed, 10 Apr 2019 05:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=mMJGp53L; dkim=pass (2048-bit key) header.b=vExEqjrz
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id gtaaBB3kSQUi; Wed, 10 Apr 2019 05:46:31 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2A709120072; Wed, 10 Apr 2019 05:46:31 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 1C51A21EEB; Wed, 10 Apr 2019 08:46:30 -0400 (EDT)
Received: from imap1 ([]) by compute7.internal (MEProxy); Wed, 10 Apr 2019 08:46:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type:content-transfer-encoding; s=fm2; bh=5NQ35 +Xjopa1FpkjdcofpvwM+HzK3A5KxvYEJjbilA8=; b=mMJGp53LpJN2DyUx3mq6E ZsnNwuMFtYH5CQbHBhQsH2V3Fose4xws80ygb5zIanZ1oj1dMpKF42aE/3EDZB1/ Pge3dm8efBSjRcZA6LsCpnFX2Q6JTU0AwuYeZutO3EdZ23tquYbzwGMtM0rfT2qc Z5KC5hQC/XEAsPDMYPiWePZy/LGpO3iHiVRleDw2JEeaNR0QuDu6iXDDJoqrpFgh Djx/r/PM+dbFhU56UWprd+leSiokw/Ul+We8Z0QD30v6hwN3+ci9icJGpl2FJSfx uExwy1ThJUSEO10oYyDy7MyeoHjVsVsaw80xU3xfhaEKp9YLj7TtKjuJloFP0JlJ w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=5NQ35+Xjopa1FpkjdcofpvwM+HzK3A5KxvYEJjbil A8=; b=vExEqjrzjnPRvPOFINrvZ5Vshm5FcPu201QL8oJIu1Lr1DLo+Q9wO/x96 eUK/DodhbWW3yv9zYLdWb37rlTPoO3vkoC+jFxJHaIt3XObNgGcQ1wE/79XYhYPs ZasydQW2sAQRrFajDos5RcPZVQ0sOjfnmLLgkozTtQKaKUyB2afBddYI5MdNYEf+ 8A8bOpXSonbsdicnZFHDqh4ISL6SpVeirrqjwKnPv+wP3urwUKLEtqIKmRih+6sf npj8uAfjVaCMubHyTiiLlxRFXXcVDPi4aEH50pVSsw6VFMzQZ4kb5Kc/ES/zr5NR sDpR6vg0uKqoyp1fMH7o3szIcIkgQ==
X-ME-Sender: <xms:peWtXBDGOtyuMVTyab3414CSFSJW9KMZThIDgCiP_cU9FSFh4Q0NIg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrudejgdehjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdetlhgv gigvhicuofgvlhhnihhkohhvfdcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrd hfmheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrrghmvghlnhhikhhovhesfhgrshht mhgrihhlrdhfmhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:peWtXL2hY8uR2b7cT1GvCvaR7iFBmSk_OAVohv8cnr8X7ndmU3EK2Q> <xmx:peWtXPW09ivMi4yBxXCiyuUAlGYrZd4OH4rUlfPCCWFCZeXB_I4fhg> <xmx:peWtXNnJDn9C9_LqtPZoOcwPEafEpyXiVyruQFJ2VlZAH4tCN3n-0w> <xmx:puWtXPDayVogs0nICwhSbSXGpF_QgjHIV42bo2TBl3bQaGZGG8gGGQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C2F20D48AF; Wed, 10 Apr 2019 08:46:29 -0400 (EDT)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-329-gf4aae99-fmstable-20190329v1
Mime-Version: 1.0
X-Me-Personality: 21611513
Message-Id: <>
In-Reply-To: <>
References: <> <>
Date: Wed, 10 Apr 2019 08:46:15 -0400
From: "Alexey Melnikov" <>
To: "Barry Leiba" <>, "Roman D. Danyliw" <>
Cc:, "Bron Gondwana" <>, "The IESG" <>,,
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <>
Subject: Re: [Extra] =?utf-8?q?Roman_Danyliw=27s_Discuss_on_draft-ietf-extra-?= =?utf-8?q?imap-fetch-preview-03=3A_=28with_DISCUSS_and_COMMENT=29?=
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 10 Apr 2019 12:46:33 -0000


On Wed, Apr 3, 2019, at 9:38 PM, Barry Leiba wrote:
> Hi, Roman.
> > (1) Retention practices of cached previews
> > Section 1 says “Using server generated previews allows global generation once
> > per message, and then cached indefinitely”.  Why cache indefinitely, especially
> > if the source messages has been expunged?  For privacy reasons, couldn’t this
> > caching be consistent with the retention of the email.
> "Indefinitely" doesn't mean forever... it means that the time period
> is not definite.
> That said, your suggested change makes sense, and I think we should make it..

This might be obvious for IMAP server implementors, because this is a state associated with a message and once the message is gone there is no way to retrieve it.

But agree that the text can be improved here.

> > (2) Protection of previews at rest
> > In Section 9, Security Considerations, there needs to be discussion about the
> > potential sensitivity of these previews and the need to protect them.  Perhaps
> > text like: “Just as the messages they summarize, previews may contain sensitive
> > information.  When stored, these previews MUST be protected with equivalent
> > authorization and confidentiality controls as the source message.”
> This also makes sense and should be made.


Best Regards,