IETF Logo Mail Archive

Re: [Extra] Benjamin Kaduk's No Objection on draft-ietf-extra-imap4rev2-27: (with COMMENT)

Barry Leiba <barryleiba@computer.org> Thu, 04 February 2021 14:34 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B1953A152C; Thu, 4 Feb 2021 06:34:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e31Kw0Mibhoo; Thu, 4 Feb 2021 06:34:14 -0800 (PST)
Received: from mail-lf1-f49.google.com (mail-lf1-f49.google.com [209.85.167.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D91463A15FB; Thu, 4 Feb 2021 06:33:26 -0800 (PST)
Received: by mail-lf1-f49.google.com with SMTP id v5so2629051lft.13; Thu, 04 Feb 2021 06:33:26 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=WrIZmltovRMg58ATIW3ICA0bTMMID33IZrs8MHCwncs=; b=gNHpE7wzuNonJxg5soMIgmPHBEwx7QAuiCCTc3sG2UXrD1Cs5IPkZE6ePeOFhHShry dyn/IsFOd1d6LQk98LzlMQp4EkZNF05iwGFM9M2w1Kdvrcbdpvd+I5qjf0Rw4f8iagRD +7UKGAU+FxUBkMvwDwIgXjtAth6tCa0KQNa5ztTroGusslwxALAI6ekgE0ioSEh3Z//g lyOm2HeRECROQUhIWykRVRUE26z2Id/j0EomSu7qLz/CjWStioEtoN8H82NQ1rqsS7w0 razrkSCzNocgxBCx3/Egq5XcUTxc/suUnujvY5kQaErKS/tX6xB9OWltxbG21eC/5cFx 1XNQ==
X-Gm-Message-State: AOAM533RGFNrpKRufmZAVw+chkq3VPaiEmOOautEwLd1Xih94xS9Qwex AzEPfcnPpxYTNpyDLdqmGtKIA7suZTp+49YQJQE=
X-Google-Smtp-Source: ABdhPJzJESES6TV1FGEeTo92FBZxG+9tcu3Caju8SbUQe0rCJQTKs5bvANWx/y8i4Y20RRuqITX5fwHEoPrD8huAG5c=
X-Received: by 2002:a05:6512:31c1:: with SMTP id j1mr4943563lfe.313.1612449204743; Thu, 04 Feb 2021 06:33:24 -0800 (PST)
MIME-Version: 1.0
References: <161243121159.6909.2386107317688674630@ietfa.amsl.com>
In-Reply-To: <161243121159.6909.2386107317688674630@ietfa.amsl.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Thu, 4 Feb 2021 09:33:13 -0500
Message-ID: <CALaySJL4c2BQVf3eU57k+51EUHYGmbL-inhJNy=Xtt_SyWzHtg@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, draft-ietf-extra-imap4rev2@ietf.org, extra-chairs@ietf.org, extra@ietf.org, Bron Gondwana <brong@fastmailteam.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/qGiygaaLOVSpyf58X-B1hzmElhM>
Subject: Re: [Extra] Benjamin Kaduk's No Objection on draft-ietf-extra-imap4rev2-27: (with COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2021 14:34:16 -0000

Thanks, Ben, for the usual good comments.  Just responses on a couple here:

> Section 2.2.1
>
>       response, and reads another response from the server.  In all
>       cases, the client MUST send a complete command (including
>       receiving all command continuation request responses and command
>       continuations for the command) before initiating a new command.
>
> To check my understanding: the "command continuations for the command"
> are things that the client sends, right?  Adding a word or two might
> help clarify.

Yes, it should say "and sending command continuations"; the word
"sending" is missing.

> Section 2.3.1.1
>
>                                          A good UIDVALIDITY value to use
>    is a 32-bit representation of the current date/time when the value is
>    assigned: this ensures that the value is unique and always increases.
>    Another possible alternative is a global counter that gets
>    incremented every time a mailbox is created.
>
> In light of the discussion in draft-gont-numeric-ids-sec-considerations,
> I wonder if these are truly the most recommended options, as either
> option has potential to leak some information about rate or time of
> mailbox creation.  Leaking the time of mailbox creation to the user who
> created it is, of course, not an issue, but not all IMAP mailboxes are
> single-user-access.  A 32-bit PRP (e.g., block cipher) applied to either
> option would provide some level of obfuscation while preserving the
> uniqueness properties.

It would obfuscate and preserve uniqueness, but it would not preserve
the monotonicity: a new UIDVALIDITY must always be greater than the
previous ones.  Do you have a good suggestion for that, which still
takes care of the privacy leak?

> Section 2.3.2
>
>    $Junk  The user (or a delivery agent on behalf of the user) may
>       choose to mark a message as definitely containing junk ($Junk; see
>       also the related keyword $NotJunk).  The $Junk keyword can be used
>       to mark (and potentially move/delete messages later), group or
>       hide undesirable messages.  See [IMAP-KEYWORDS-REG] for more
>       information.
>
> I'm not entirely sure what additional information I'm supposed to get
> from [IMAP-KEYWORDS-REG]; the registry page is fairly short on
> commentary.  (Applies throughout.)

It's meant to send you to the reference doc, but, yes, the reader
already has that anyway.  It might simply be better to say that the
registration is recorded in IMAP-KEYWORDS-REG.

> Section 6.4.8
>
>    Because of the similarity of MOVE to COPY, extensions that affect
>    COPY affect MOVE in the same way.  Response codes listed in
>    Section 7.1, as well as those defined by extensions, are sent as
>    appropriate.
>
> Who decides what is "appropriate"?  Will everyone come to the same
> conclusion?

It means that the same responses are sent for MOVE as for COPY, under
the corresponding conditions.  Yes, we'd expect that to be evident.
We can try rephrasing it if you think that's unclear.  Is what I said
two sentences ago clearer?  Do you have other suggestions?

Barry

v2.8.7 | Report a Bug | By Email