Re: [Extra] Review: draft-ietf-extra-imap4rev2-11

Timo Sirainen <timo@sirainen.com> Wed, 29 January 2020 14:21 UTC

Return-Path: <timo@sirainen.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60921120842 for <extra@ietfa.amsl.com>; Wed, 29 Jan 2020 06:21:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VXNoGypG8UuX for <extra@ietfa.amsl.com>; Wed, 29 Jan 2020 06:21:04 -0800 (PST)
Received: from sirainen.com (mail.sirainen.com [94.237.26.55]) by ietfa.amsl.com (Postfix) with ESMTP id B30F5120875 for <extra@ietf.org>; Wed, 29 Jan 2020 06:21:03 -0800 (PST)
Received: from [192.168.10.100] (unknown [91.155.205.240]) by sirainen.com (Postfix) with ESMTPSA id 338982B3C8B; Wed, 29 Jan 2020 14:21:00 +0000 (UTC)
From: Timo Sirainen <timo@sirainen.com>
Message-Id: <872422BE-C8FA-4AA0-8EF1-2ECA79F64926@sirainen.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_7A094FED-0736-4660-85D1-89C686852378"
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.40.2.2.4\))
Date: Wed, 29 Jan 2020 16:20:58 +0200
In-Reply-To: <9fdfa8e8-147d-4248-a0c1-48de171ac675@dogfood.fastmail.com>
Cc: extra@ietf.org, Alexey Melnikov <alexey.melnikov@isode.com>, Barry Leiba <barryleiba@computer.org>
To: Bron Gondwana <brong@fastmailteam.com>
References: <9fdfa8e8-147d-4248-a0c1-48de171ac675@dogfood.fastmail.com>
X-Mailer: Apple Mail (2.3608.40.2.2.4)
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/oZPlj4aOC_33Tm2hdp5u8WLhkdw>
Subject: Re: [Extra] Review: draft-ietf-extra-imap4rev2-11
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jan 2020 14:21:13 -0000

On 29. Jan 2020, at 14.08, Bron Gondwana <brong@fastmailteam.com> wrote:
> 
> 2.2.1 Client protocol
> 
> "A different tag is generated by the client for each command".  There's no "MUST" on this, and certainly I've seen clients which don't.  Do we want to make that more strict in rev2?  It would be a bit of a pain on the commandline where I normally use ".", but it's also annoying as a server author that you can't rely on tag uniqueness.
> 
> Maybe the client SHOULD generate a different tag for every command, but a server MUST accept tag reuse (could restrict concurrency, a tag can only be reused after it's been "returned")

I haven't seen this as a problem, so I don't really care either way.

> 2.3.1.1 UID Attribute
> 
> "The next unique identifier value MUST NOT change unless new messages are added to the mailbox".  I would very much like that first MUST NOT to be weakened to "SHOULD NOT".  My reasoning is that you could have a virtual mailbox which used a global sequence number per message.  It would behave to clients as if a message had been delivered and then immediately expunged.  I'm pretty sure clients don't care - they'll fetch the range, discover that nothing new has appeared, and stay happy.  The second MUST is obviously correct, that the UIDNEXT must increase when messages are delivered.

Agreed.

> 5.1 Mailbox Naming
> 
> This doesn't solve one of my naming bugbears.  The spec says things like "servers MAY accept a de-normalized UTF-8 mailbox name and conver it to Net-Unicode prior to mailbox creation." - there is no clear way to know what the SELECTable name will be after creating a mailbox.
> 
> If I was designing this myself from scratch I would say that "SELECT of the same octets that were passed to CREATE MUST open that same mailbox" or something to that effect.  Since we're messing with how mailbox naming works somewhat for imap4rev2, I'd be keen to add this restriction on server behaviour so that clients don't fall into a "CREATE -> ALREADY EXISTS / SELECT -> DOESN'T EXIST" loop.
> 
> It still doesn't mean that you can reliably tell the correct octets for the matching mailbox from the LIST response though :(

Is it too late to add a new response code? Something like:

* OK [CREATED] TAG "a123" NAME "Denormalized name"

> 6.3.2 SELECT command
> 
> I also saw somewhere that the server can unilaterally send a "* [CLOSED]" response at any point if it's had to close the mailbox (e.g. it got deleted, or IO errors).  I'm not sure if that requires opt-in to IMAP4REV2, since otherwise clients will not be aware to watch for it.  This may need to be clarified.  Current behaviour of our server right now is to drop the connection entirely, which is ugly - but it's rare and all clients already need to handle it cleanly, so it guarantees no messed up data model for the clients.

Yeah, I'd prefer just BYE instead of unilateral CLOSED. I don't think clients are going to implement it correctly since it almost never happens, so nobody tests that code path.

> 6.3.4 and 6.3.5 CREATE and DELETE
> 
> Can we make it illegal to "DELETE" a mailbox with children rather than make it a \NoSelect mailbox pretty pretty please?  I'm just looking at some patches to deal with Outlook misbehaving with this precise situation, and it's all horrible.  Because of mailboxId requirements for JMAP we've been forced to keep these things around as "intermediate" mailboxes anyway, and it's been the source of tons of bugs.

\NoSelect seems to be causing confusion in general, and Dovecot nowadays has options that makes it try to avoid creating them. But I'm not sure if it needs to be made illegal in the RFC itself. I think your server implementation can just decide to reject DELETE if it has children.

It sounds like your issues are with \NoSelect mailboxes in general, not just this specific way of creating them with DELETE? For example CREATE a/b could create "a" se \NoSelect also.

> 6.3.6 RENAME 
> 
> I thought we had agreed to strongly recommend against clients using RENAME INBOX Other, but maybe I've forgotten.  I don't see it in the minutes, so maybe it's just my wishful thinking.

Dovecot doesn't allow RENAME INBOX in some configurations. I don't remember people complaining.

> We definitely have an option in Cyrus IMAP to make subscriptions follow RENAME.  It's one of the warts (largely due to Thunderbird showing greyed out folders and confusing people).

We haven't needed to do this yet. I think the \NoSelect folders have been more of a reason for Thunderbird confusion.

> 6.3.7 SUBSCRIBE
> 
> Speak of the devil.  Lots of sites violate the MUST NOT unilaterally remove rule.  Should we weaken it to SHOULD?  The justification for the MUST is "the server site might choose to do X" - well, if the server site is doing that, then maybe they SHOULDN'T unilaterally remove the subscriptions, but otherwise it's a better user experience and what people want.
> 
> (also: by enabling a non-default break the rules config, it's what our server does!)

The original use case for not auto-removing a subscription is rather ancient already. I'd be fine with changing subscriptions to follow deletes and renames in the rev2 mode (but better not change behavior in rev1 mode).

> 6.3.8 UNSUBSCRIBE
> 
> This command returns a tagged OK response only if the unsubscription is successful. - this is not clear on what happens if the mailbox is not currently subscribed - does it silently succeed, or is there an expected error?
> 
> For what it's worth, our server just says "OK Completed" even if it's already been unsubscrbed - and likewise for subscribe if it's already subscribed it just say "yep, all good".

Same with Dovecot. I think should keep the OK behavior, since that's what is commonly been done.

> 6.3.10 NAMESPACE
> 
> We've created a conflict here.  The NAMESPACE command contains prefix strings for the individual namespaces, and says:
> 
>    The prefix string allows a client to do things such as automatically
>    creating personal mailboxes or LISTing all available mailboxes within
>    a namespace.
> 
> Which contradicts the advice we gave back in the LIST command not to use prefix.  Perhaps we should change the LIST advice to be "only use the empty prefix or prefixes given in the NAMESPACE response"?

I think you're mixing "namespace prefixes" with "list references"? I don't think the above sentence advocates using LIST reference parameter, just using the namespace prefix for listing e.g. LIST "" ns-prefix/*

Anyway, I see lots and lots of text is still preserved for the LIST reference parameter explanation, even though it shouldn't be used. Couldn't we just decide to get rid of it entirely in rev2 and say the reference MUST be empty? Or say only that is is implementation-defined and refer to IMAP4rev1 if anyone wants to see how it used to be implemented?

> 6.3.11 STATUS
> 
>       Note: The STATUS command is intended to access the status of
>       mailboxes other than the currently selected mailbox.  Because the
>       STATUS command can cause the mailbox to be opened internally, and
>       because this information is available by other means on the
>       selected mailbox, the STATUS command SHOULD NOT be used on the
>       currently selected mailbox.
> 
> This advice is all well and good, but it says nothing about what the server may or may not do when it gets one of these STATUS commands.  This is particularly relevant in the context of LIST RETURN STATUS, where it's hard to construct list patterns which explicitly avoid the currently selected mailbox.
> 
> Likewise with the: MUST NOT be used as a "check for new messages in the selected mailbox" assertion.  Plenty of clients will do a STATUS run across folders and if they're doing LIST RETURN STATUS they're gonna find out about the new messages if the server returns it.  Clients can not rely on it working is a more honest representation of what happens.
> 
> I'd like to see that IMAP4REV2 servers MUST implement STATUS of the currently selected mailbox.  Yes, it's a special codepath - but if you're already testing if it's the currently open mailbox then you're at exactly the right place to do the right thing:

Also this is the only way to get the current UIDNEXT of the selected mailbox (since it might be higher than last message's UID).

The main ambiguity though is whether STATUS on the current mailbox is expected to check for new changes. Dovecot implements it in a way that it doesn't check for changes. I think there used to be even a good reason for that.

> 6.4.4.1 SAVE Result
> 
> I'm not sure I understand the interaction here with closing and re-opening a mailbox.  I would expect that closing a mailbox would wipe the SAVED result,

I think it practically says that, since it says that SELECT/EXAMINE resets it to empty sequence. It's not really relevant whether it happens when the mailbox is closed or when the next mailbox is opened, because you can't use it in non-selected state anyway..

> and that trying to use a SAVED result when there isn't one should return an error.

It says that the default is an empty sequence. So it won't result in an error, just a non-matching set. I'm fine with this behavior, especially since it's easier to implement and I don't really see much of a downside.

> Speaking of which, Example 5 is wrong: It says that the second search command leads to the variable containing no messages, but the second search command did not contain the RETURN SAVE option, so it should not have altered the variable.

Right. And even if it did contain RETURN SAVE option it still shouldn't have altered the variable, because:

"""
   Any of the following SEARCH commands MUST NOT change the search
   result variable:

      a SEARCH command that caused the server to return the BAD tagged
      response,
"""


> 7.4.2 FETCH Response
> 
> I remember past bugs with UID in "unsolicited" FLAGS responses.  Do we need to require that including UID only happen after ENABLE IMAP4REV2 (as it is for ENABLE QRESYNC)?

Might be useful to require UID for any untagged FETCH reply. It can simplify client behavior.