Re: [Extra] draft-ietf-extra-imap4rev2-04 review

"Chris Newman" <chris.newman@oracle.com> Wed, 30 October 2019 15:03 UTC

Return-Path: <chris.newman@oracle.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66BBD120CAB for <extra@ietfa.amsl.com>; Wed, 30 Oct 2019 08:03:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=oracle.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jFr3f9M2r3Jl for <extra@ietfa.amsl.com>; Wed, 30 Oct 2019 08:03:01 -0700 (PDT)
Received: from userp2130.oracle.com (userp2130.oracle.com [156.151.31.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29C7F120C52 for <extra@ietf.org>; Wed, 30 Oct 2019 08:02:57 -0700 (PDT)
Received: from pps.filterd (userp2130.oracle.com [127.0.0.1]) by userp2130.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x9UF1pH5018674; Wed, 30 Oct 2019 15:02:56 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type : content-transfer-encoding; s=corp-2019-08-05; bh=NHS+szRlMrinwF4yjktfJL8mHUfhHwVt0b8ySETLz/E=; b=WUvu2yJ9KobT7c30ugb5lWEzvHUW520NNZDAKV2Kvu/drtRAsotbTv0ZNh/QdMs9Zj2a 2PR8Rv0vA5uOei3TejzVlLFrbzi8upj+CUBxcr5jyrLGiRtm0830n5BZMBPzjwIl5Z9H sErhpdI+V1RsfZRwk6OQ79rnmvQudohK5mhklDWprTxOwiTJJVI7enO1RVG3O65fXVNj BPN4MONy1vZwan9KpbYWQz0xTrmqsiKo/yGFX474oobkrlGEYwRqUK8hv92xYVg9trlE oyFrNs9almRhoMGje38/GKL0FF5p2jFWOckli281gyabvCS9nTgh8Is3Ru5sB/siQL/A 4A==
Received: from userp3020.oracle.com (userp3020.oracle.com [156.151.31.79]) by userp2130.oracle.com with ESMTP id 2vxwhfmvsp-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Oct 2019 15:02:56 +0000
Received: from pps.filterd (userp3020.oracle.com [127.0.0.1]) by userp3020.oracle.com (8.16.0.27/8.16.0.27) with SMTP id x9UF0TVf134932; Wed, 30 Oct 2019 15:00:55 GMT
Received: from aserv0122.oracle.com (aserv0122.oracle.com [141.146.126.236]) by userp3020.oracle.com with ESMTP id 2vxwj9eqbx-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 30 Oct 2019 15:00:53 +0000
Received: from abhmp0023.oracle.com (abhmp0023.oracle.com [141.146.116.29]) by aserv0122.oracle.com (8.14.4/8.14.4) with ESMTP id x9UExFYr027038; Wed, 30 Oct 2019 14:59:15 GMT
Received: from [10.159.251.45] (/10.159.251.45) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Wed, 30 Oct 2019 14:59:15 +0000
From: "Chris Newman" <chris.newman@oracle.com>
To: "Alexey Melnikov" <alexey.melnikov@isode.com>
Cc: "Ned Freed" <ned.freed@oracle.com>, extra@ietf.org, "Timo Sirainen" <tss@iki.fi>
Date: Wed, 30 Oct 2019 07:59:14 -0700
X-Mailer: MailMate (1.13r5655)
Message-ID: <92BA4444-11D2-4DE7-B938-F1E72F509705@oracle.com>
In-Reply-To: <f38d8f91-065a-be29-4f85-a693b7b940c0@isode.com>
References: <44234C00-7A5D-4B41-9E85-4CF839B48214@iki.fi> <D7C76954-8685-42EB-A0CE-6C5A57D0731E@oracle.com> <01R4QZ1O8F8G000051@mauve.mrochek.com> <3ACD6BFE-2936-4F12-8159-BCEEFC965CBE@oracle.com> <f38d8f91-065a-be29-4f85-a693b7b940c0@isode.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format=flowed
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9425 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=903 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910300141
X-Proofpoint-Virus-Version: vendor=nai engine=6000 definitions=9425 signatures=668685
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=981 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1908290000 definitions=main-1910300141
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/y1mcwPUdPgV8vSNxjfc-v30nE9Q>
Subject: Re: [Extra] draft-ietf-extra-imap4rev2-04 review
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Oct 2019 15:03:07 -0000


On 30 Oct 2019, at 3:58, Alexey Melnikov wrote:

> On 26/03/2019 15:42, Chris Newman wrote:
>
>> On 26 Mar 2019, at 15:13, Ned Freed wrote:
>>>> On 25 Mar 2019, at 13:04, Timo Sirainen wrote:
>>>> >> 3.4.  Logout State
>>>> >>
>>>> >
>>>> >>    A server MUST NOT unilaterally close the connection 
>>>> without
>>>> >> sending
>>>> >>    an untagged BYE response that contains the reason for 
>>>> having done
>>>> >> so.
>>>> >
>>>> > Also already in RFC 3501, but this MUST NOT has to be violated
>>>> > sometimes. For example otherwise it would allow client to FETCH a
>>>> > large message and keep reading it very very slowly over days, and
>>>> > server wouldn't be allowed to disconnect it, because it can't 
>>>> send BYE
>>>> > in the middle of the large mail literal.
>>>
>>>> Another example is if a client gets hung up (or goes silently 
>>>> offline)
>>>> during a TLS negotiation. The server has to eventually timeout the
>>>> connection but it would be semantically wrong to send a "* BYE" 
>>>> since
>>>> there's no data channel. One case where this happened was when our 
>>>> SSL
>>>> stack dropped support for an SSLv2-compatible hello (allowed by RFC
>>>> 6176), but some very old client kept sending such a hello 
>>>> (prohibited by
>>>> RFC 6176). Incidentally, SSLv2 is completely incompatible with 
>>>> SSLv3 so
>>>> the client sends something that's not sufficient to complete an 
>>>> SSLv3
>>>> packet so both ends get stuck waiting until one side hangs up.
>>>
>>> There was a suggestion (I think) during the meeting that this should 
>>> be handled
>>> by sending the TLS equivalent of "* BYE". Which sounds fine in 
>>> theory, but as
>>> said at the time, I'm skeptical that many/most TLS implementations 
>>> provide
>>> implementors with the means to conveniently do that.
>>
>> I didn't hear such a suggestion. I made the observation that a wedged 
>> TLS negotiation is a scenario where sending "* BYE" shouldn't be 
>> done. It was suggested that example be mentioned in the document. I 
>> did not mention the fact that TLS has it's own alert syntax that 
>> could be used instead of "* BYE" -- I agree discussing that would be 
>> a bad idea.
>
> To followup on this: I've changed "MUST NOT unilaterally close the 
> connection without sending BYE" to "SHOULD NOT ...". Do people think 
> this is sufficient?

Works for me.

		- Chris