Re: [Extra] draft-ietf-extra-imap4rev2-04 review

Alexey Melnikov <alexey.melnikov@isode.com> Wed, 30 October 2019 10:58 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E5AC120104 for <extra@ietfa.amsl.com>; Wed, 30 Oct 2019 03:58:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Vx_uasJN-uvC for <extra@ietfa.amsl.com>; Wed, 30 Oct 2019 03:58:11 -0700 (PDT)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id B83C81200CE for <extra@ietf.org>; Wed, 30 Oct 2019 03:58:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1572433091; d=isode.com; s=june2016; i=@isode.com; bh=WPByXJlXAsxumXfKylRykhoGz2+Suhm7tJbUvEyv+ao=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=YnCuikumZrtEpHmCj5H7s/H25qdnIDDSYqgTFMRwLuJZPofED/8cFmmX8W8vFEEUaT/vOm YmJfUb07GOZponSfkpFAfBbSGKQBSxLXGEM0TswpEYHXlOwv0mIV9xHwdYhEj0jhfHpdJW MbXbwSS9vQzAn4F8/TCt8km6abxAe4M=;
Received: from [192.168.0.7] (cpc121086-nmal24-2-0-cust54.19-2.cable.virginm.net [77.97.145.55]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <XblswQBbd1vP@waldorf.isode.com>; Wed, 30 Oct 2019 10:58:10 +0000
To: Chris Newman <chris.newman@oracle.com>, Ned Freed <ned.freed@oracle.com>
Cc: extra@ietf.org, Timo Sirainen <tss@iki.fi>
References: <44234C00-7A5D-4B41-9E85-4CF839B48214@iki.fi> <D7C76954-8685-42EB-A0CE-6C5A57D0731E@oracle.com> <01R4QZ1O8F8G000051@mauve.mrochek.com> <3ACD6BFE-2936-4F12-8159-BCEEFC965CBE@oracle.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <f38d8f91-065a-be29-4f85-a693b7b940c0@isode.com>
Date: Wed, 30 Oct 2019 10:58:11 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.2.0
In-Reply-To: <3ACD6BFE-2936-4F12-8159-BCEEFC965CBE@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-GB
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/rafltLXzvCwhMYTe0eG78IkJvrI>
Subject: Re: [Extra] draft-ietf-extra-imap4rev2-04 review
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 10:58:13 -0000

On 26/03/2019 15:42, Chris Newman wrote:

> On 26 Mar 2019, at 15:13, Ned Freed wrote:
>>> On 25 Mar 2019, at 13:04, Timo Sirainen wrote:
>>> >> 3.4.  Logout State
>>> >>
>>> >
>>> >>    A server MUST NOT unilaterally close the connection without
>>> >> sending
>>> >>    an untagged BYE response that contains the reason for having done
>>> >> so.
>>> >
>>> > Also already in RFC 3501, but this MUST NOT has to be violated
>>> > sometimes. For example otherwise it would allow client to FETCH a
>>> > large message and keep reading it very very slowly over days, and
>>> > server wouldn't be allowed to disconnect it, because it can't send 
>>> BYE
>>> > in the middle of the large mail literal.
>>
>>> Another example is if a client gets hung up (or goes silently offline)
>>> during a TLS negotiation. The server has to eventually timeout the
>>> connection but it would be semantically wrong to send a "* BYE" since
>>> there's no data channel. One case where this happened was when our SSL
>>> stack dropped support for an SSLv2-compatible hello (allowed by RFC
>>> 6176), but some very old client kept sending such a hello 
>>> (prohibited by
>>> RFC 6176). Incidentally, SSLv2 is completely incompatible with SSLv3 so
>>> the client sends something that's not sufficient to complete an SSLv3
>>> packet so both ends get stuck waiting until one side hangs up.
>>
>> There was a suggestion (I think) during the meeting that this should 
>> be handled
>> by sending the TLS equivalent of "* BYE". Which sounds fine in 
>> theory, but as
>> said at the time, I'm skeptical that many/most TLS implementations 
>> provide
>> implementors with the means to conveniently do that.
>
> I didn't hear such a suggestion. I made the observation that a wedged 
> TLS negotiation is a scenario where sending "* BYE" shouldn't be done. 
> It was suggested that example be mentioned in the document. I did not 
> mention the fact that TLS has it's own alert syntax that could be used 
> instead of "* BYE" -- I agree discussing that would be a bad idea.

To followup on this: I've changed "MUST NOT unilaterally close the 
connection without sending BYE" to "SHOULD NOT ...". Do people think 
this is sufficient?

Best Regards,

Alexey