IETF Logo Mail Archive

Re: [imapext] AD review of draft-ietf-imapapnd-appendlimit-extension-06 (Section 2)

Alexey Melnikov <alexey.melnikov@isode.com> Fri, 11 December 2015 10:31 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: imapext@ietfa.amsl.com
Delivered-To: imapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E469C1A8784; Fri, 11 Dec 2015 02:31:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qKEZQe6jAEdi; Fri, 11 Dec 2015 02:31:12 -0800 (PST)
Received: from waldorf.isode.com (waldorf.isode.com [62.232.206.188]) by ietfa.amsl.com (Postfix) with ESMTP id 595771A87A0; Fri, 11 Dec 2015 02:31:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1449829861; d=isode.com; s=selector; i=@isode.com; bh=PM0QpgVHK/0gETbDMDe9hE6LzaC89aaDVF2GS9geyuw=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=SOA3aFoxv5/b/zlHAIYFI54jMneNtXfSQcnKeVjbEnVtXOdPMmCt5+qCFFpu3FMtDnfTKp CCEe2c5MaVt6NvyMZ/gh31seL6JyXNneIN0uBnKloKAy/0+4BKfCEB5E6CcrESCAxxWDe9 wjTQ2RPnGYDXtLzbBTjc+NUyGnsjPgU=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by waldorf.isode.com (submission channel) via TCP with ESMTPSA id <Vmql5ABSXL0O@waldorf.isode.com>; Fri, 11 Dec 2015 10:31:01 +0000
To: S Moonesamy <sm+ietf@elandsys.com>, Jayantheesh S B <j.sb@sea.samsung.com>, Naren <narendrasingh.bisht@gmail.com>, imapext@ietf.org
References: <CALaySJLE_6+vbeB-SeMk1VHDAtq2VvS9yKe9dhQ2LTzr4y=oTg@mail.gmail.com> <DEA84B8F15992B4EA87D5CF3D0EC5F98AE4FCFD8@DRTW-EXMB04.telecom.sna.samsung.com> <6.2.5.6.2.20151209223348.0d1a66e0@resistor.net> <CAHC+rVHPmcpLKogQdFrCo+P-GaALoWLLGEw=MeA7hnarQhEYLw@mail.gmail.com> <6.2.5.6.2.20151210080422.10a00dc0@elandnews.com> <CAHC+rVEoexsnruY_uAY7t_S4z3PQs6ff8aX7x=48g==98pU4Vg@mail.gmail.com> <6.2.5.6.2.20151210101014.11999820@elandnews.com> <9790204f556c42eca3dd39549cf85130@SEAMBX01.sea.samsung.com> <6.2.5.6.2.20151210145510.0d521d10@elandnews.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <566AA5C9.7030002@isode.com>
Date: Fri, 11 Dec 2015 10:30:33 +0000
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.2.0
In-Reply-To: <6.2.5.6.2.20151210145510.0d521d10@elandnews.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/imapext/YBYCXHED213WqtKser1RqFf1lUk>
Cc: draft-ietf-imapapnd-appendlimit-extension@ietf.org, Narendra Bisht <ns.bisht@sea.samsung.com>, Barry Leiba <barryleiba@computer.org>
Subject: Re: [imapext] AD review of draft-ietf-imapapnd-appendlimit-extension-06 (Section 2)
X-BeenThere: imapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IMAP extensions <imapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/imapext>, <mailto:imapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/imapext/>
List-Post: <mailto:imapext@ietf.org>
List-Help: <mailto:imapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/imapext>, <mailto:imapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 Dec 2015 10:31:14 -0000

On 10/12/2015 23:11, S Moonesamy wrote:
> Hi Jay, Naren,
> At 13:39 10-12-2015, Jayantheesh S B wrote:
>> [Jay]  One advantage I can think of is.
>>  A server can have a customized APPENDLIMIT for different users 
>> (based on some SLA).
>>  The server advertises a static APPENDLIMIT before user logs in, to 
>> display it support for the extension.
>> After user logged in then server can show the user specific APPENDLIMIT.
>>
>>    (ii) What are the disadvantages of advertising the upload limit 
>> before the
>>         user has logged in?
>>
>> [Jay] I don't see any disadvantage in sending the limit before user 
>> logged in.
>
> I'll quote from 
> http://www.ietf.org/mail-archive/web/imapext/current/msg05657.html
>
>   "If the APPENDLIMIT is known beforehand, it's easy to overwhelm 
> server with
>    huge data which is beyond the APPENDLIMIT.  This might facilitate
>    Denial-of-Service attacks.
>    Makes sense?"
>
> Is that as a disadvantage (question (ii))?  Barry asked why that helps 
> anyone mount an attack.  The above reply says that it is easy to 
> overwhelm the IMAP server if the (APPENDLIMIT) value is known 
> beforehand.  Why should the IMAP server advertise the value before the 
> user logs in when it can easily be used to generate an attack?
Well, in order to use this limit, one has to login first (APPEND is 
unavailable in unauthenticated state). And once you are logged in, you 
are allowed to know this limit anyway. So I don't think this makes a 
difference.

v2.23.0 | Report a Bug | By Email