Re: [imapext] AD review of draft-ietf-imapapnd-appendlimit-extension-06 (Section 2)
Jayantheesh S B <j.sb@sea.samsung.com> Thu, 10 December 2015 23:26 UTC
Return-Path: <j.sb@sea.samsung.com>
X-Original-To: imapext@ietfa.amsl.com
Delivered-To: imapext@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94EC81B2E47; Thu, 10 Dec 2015 15:26:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MCykucJ3YXdZ; Thu, 10 Dec 2015 15:26:28 -0800 (PST)
Received: from wguard02.sdsamerica.net (bware2.sdsamerica.net [206.67.236.192]) by ietfa.amsl.com (Postfix) with ESMTP id 0D28B1B2E60; Thu, 10 Dec 2015 15:26:06 -0800 (PST)
From: Jayantheesh S B <j.sb@sea.samsung.com>
To: S Moonesamy <sm+ietf@elandsys.com>, Naren <narendrasingh.bisht@gmail.com>, "imapext@ietf.org" <imapext@ietf.org>
Thread-Topic: [imapext] AD review of draft-ietf-imapapnd-appendlimit-extension-06 (Section 2)
Thread-Index: AQHRM6BGVb4RGwNjmU62iZImhdgMhp7E27Iw
Date: Thu, 10 Dec 2015 23:26:04 +0000
Message-ID: <ea2d5839cd894b52b8a24285599f13fd@SEAMBX01.sea.samsung.com>
References: <CALaySJLE_6+vbeB-SeMk1VHDAtq2VvS9yKe9dhQ2LTzr4y=oTg@mail.gmail.com> <DEA84B8F15992B4EA87D5CF3D0EC5F98AE4FCFD8@DRTW-EXMB04.telecom.sna.samsung.com> <6.2.5.6.2.20151209223348.0d1a66e0@resistor.net> <CAHC+rVHPmcpLKogQdFrCo+P-GaALoWLLGEw=MeA7hnarQhEYLw@mail.gmail.com> <6.2.5.6.2.20151210080422.10a00dc0@elandnews.com> <CAHC+rVEoexsnruY_uAY7t_S4z3PQs6ff8aX7x=48g==98pU4Vg@mail.gmail.com> <6.2.5.6.2.20151210101014.11999820@elandnews.com> <9790204f556c42eca3dd39549cf85130@SEAMBX01.sea.samsung.com> <6.2.5.6.2.20151210145510.0d521d10@elandnews.com>
In-Reply-To: <6.2.5.6.2.20151210145510.0d521d10@elandnews.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Received-SPF: none
Archived-At: <http://mailarchive.ietf.org/arch/msg/imapext/vChGnzDqH3aNR5vF4oLDD6AMEgE>
Cc: "draft-ietf-imapapnd-appendlimit-extension@ietf.org" <draft-ietf-imapapnd-appendlimit-extension@ietf.org>, Narendra Bisht <ns.bisht@sea.samsung.com>, Barry Leiba <barryleiba@computer.org>
Subject: Re: [imapext] AD review of draft-ietf-imapapnd-appendlimit-extension-06 (Section 2)
X-BeenThere: imapext@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Discussion of IMAP extensions <imapext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/imapext>, <mailto:imapext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/imapext/>
List-Post: <mailto:imapext@ietf.org>
List-Help: <mailto:imapext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/imapext>, <mailto:imapext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Dec 2015 23:26:29 -0000
Dear SM, Please find our response inline. Regards, Jay -----Original Message----- From: S Moonesamy [mailto:sm+ietf@elandsys.com] Sent: Thursday, December 10, 2015 6:12 PM To: Jayantheesh S B; Naren; imapext@ietf.org Cc: Narendra Bisht; draft-ietf-imapapnd-appendlimit-extension@ietf.org; Barry Leiba Subject: RE: [imapext] AD review of draft-ietf-imapapnd-appendlimit-extension-06 (Section 2) Hi Jay, Naren, At 13:39 10-12-2015, Jayantheesh S B wrote: >[Jay] One advantage I can think of is. > A server can have a customized APPENDLIMIT for different users >(based on some SLA). > The server advertises a static APPENDLIMIT before user logs in, to >display it support for the extension. >After user logged in then server can show the user specific APPENDLIMIT. > > (ii) What are the disadvantages of advertising the upload limit before the > user has logged in? > >[Jay] I don't see any disadvantage in sending the limit before user logged in. I'll quote from http://www.ietf.org/mail-archive/web/imapext/current/msg05657.html "If the APPENDLIMIT is known beforehand, it's easy to overwhelm server with huge data which is beyond the APPENDLIMIT. This might facilitate Denial-of-Service attacks. Makes sense?" Is that as a disadvantage (question (ii))? Barry asked why that helps anyone mount an attack. The above reply says that it is easy to overwhelm the IMAP server if the (APPENDLIMIT) value is known beforehand. Why should the IMAP server advertise the value before the user logs in when it can easily be used to generate an attack? [Jay] Yes, what you say is correct. But, even if user knows the APPENDLIMIT before log-in, user needs to be in authenticated state to perform any APPEND related operations for any potential attack. Regards, S. Moonesamy (as document shepherd)
- [imapext] AD review of draft-ietf-imapapnd-append… Barry Leiba
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Barry Leiba
- [imapext] Referencing RFC 2088 (was: AD review of… S Moonesamy
- Re: [imapext] Referencing RFC 2088 Alexey Melnikov
- Re: [imapext] Referencing RFC 2088 (was: AD revie… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Narendra Bisht
- Re: [imapext] Referencing RFC 2088 S Moonesamy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] Referencing RFC 2088 (was: AD revie… Naren
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… S Moonesamy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Naren
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… S Moonesamy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Naren
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… S Moonesamy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Barry Leiba
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… S Moonesamy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… S Moonesamy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Stu Brandt
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Stu Brandt
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Arnt Gulbrandsen
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Dave Cridland
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Dave Cridland
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Arnt Gulbrandsen
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Barry Leiba
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Bron Gondwana
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Barry Leiba
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Narendra Bisht
- Re: [imapext] AD review draft-ietf-imapapnd-appen… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Barry Leiba
- Re: [imapext] AD review draft-ietf-imapapnd-appen… Stu Brandt
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review draft-ietf-imapapnd-appen… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review draft-ietf-imapapnd-appen… S Moonesamy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Barry Leiba
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Adrien de Croy
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Barry Leiba
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review draft-ietf-imapapnd-appen… Dave Cridland
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Alexey Melnikov
- Re: [imapext] AD review draft-ietf-imapapnd-appen… Alexey Melnikov
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Jayantheesh S B
- Re: [imapext] AD review of draft-ietf-imapapnd-ap… Barry Leiba