[EAI] AD review of draft-ietf-eai-pop-06

Alexey Melnikov <alexey.melnikov@isode.com> Sat, 18 July 2009 20:28 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: ima@core3.amsl.com
Delivered-To: ima@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D24CA3A6B79 for <ima@core3.amsl.com>; Sat, 18 Jul 2009 13:28:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.937
X-Spam-Level:
X-Spam-Status: No, score=-1.937 tagged_above=-999 required=5 tests=[AWL=0.662, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kt3-sCPZxCqd for <ima@core3.amsl.com>; Sat, 18 Jul 2009 13:28:21 -0700 (PDT)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id AFB663A6B85 for <ima@ietf.org>; Sat, 18 Jul 2009 13:28:20 -0700 (PDT)
Received: from [92.40.162.39] (92.40.162.39.sub.mbb.three.co.uk [92.40.162.39]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SmIvGAAe-WNt@rufus.isode.com>; Sat, 18 Jul 2009 21:22:49 +0100
Message-ID: <4A622ED5.2050602@isode.com>
Date: Sat, 18 Jul 2009 21:21:41 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: EAI WG <ima@ietf.org>
References: <4A5B2FBA.9080908@alvestrand.no>
In-Reply-To: <4A5B2FBA.9080908@alvestrand.no>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Subject: [EAI] AD review of draft-ietf-eai-pop-06
X-BeenThere: ima@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "EAI \(Email Address Internationalization\)" <ima.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ima>
List-Post: <mailto:ima@ietf.org>
List-Help: <mailto:ima-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ima>, <mailto:ima-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jul 2009 20:28:21 -0000

I am sorry I haven't followed Harald's request to post each issue in a 
separare message, but it is actually easier for me as an AD to track all 
issues in one place.

The document is in a good shape. I have mostly minor comments:

In Section 2:

>   The LANG command requests that human-readable text included in all
>   subsequent +OK and -ERR responses be localized to a language matching
>   the language range argument as described by [RFC4647].
>
I think this text needs to be clearer that it means "Basic Language 
Range" as defined in section 2.1 of RFC 4647.

> 3.1. The UTF8 Command
>
>    The octet count (size) of a message reported in a response to the
>    LIST command SHOULD match the actual number of octets sent in a RETR
>    response.  Sizes reported elsewhere, such as in STAT responses and
>    non-standardized free-form text in positive status indicators
>    (following "+OK") need not be accurate, but it is preferable if they
>    are.

I would like to hear some justification for returning inaccurate sizes 
(and for the SHOULD instead of a MUST).

> 3.2. USER Argument to UTF8 Capability
>
>    If the USER argument is included with this capability, it indicates
>    that the server accepts UTF-8 user names and passwords and applies
>    SASLprep [RFC4013] to the arguments of the AUTH, USER, PASS and APOP
>    commands.  A client that supports APOP and permits UTF-8 in user
>    names or passwords MUST also implement SASLprep [RFC4013] on the user
>    name and password used to compute the APOP digest.

I think the last sentence should read:

  A client that supports APOP and permits UTF-8 in user
   names or passwords MUST apply SASLprep [RFC4013] to the user
   name and password used to compute the APOP digest.

Also, the document is missing a statement about what should be done 
about Unicode characters disallowed by SASLPrep.
So, I would recommend adding the following sentence:

   The server MUST reject UTF-8 user names/password which fails to comply
   with the formal syntax in RFC 3629 [RFC3629] or if it encounters a 
Unicode
   characters listed in section 2.3 of RFC 4013 [RFC4013].

>    The client does not need to issue the UTF8 command prior to using
>    UTF8 in authentication.  However, clients MUST NOT use UTF8 in USER,
>    PASS, or APOP commands unless the USER argument is included with the
>    UTF8 capability.
>
>    Use of UTF8 in the AUTH command is governed by the SASL mechanism.

Should this have an Informative reference to RFC 4422?

As a side note: UTF-8 was always allowed in AUTH command, as support for 
it is required by SASL.