[lemonade] URLAUTH draft changes
Mark Crispin <mrc@CAC.Washington.EDU> Thu, 13 April 2006 20:51 UTC
Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FU8mV-0002ql-P8; Thu, 13 Apr 2006 16:51:11 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FU8mU-0002qd-Lp for lemonade@ietf.org; Thu, 13 Apr 2006 16:51:10 -0400
Received: from mxout7.cac.washington.edu ([140.142.32.178]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FU8mT-0003GQ-6P for lemonade@ietf.org; Thu, 13 Apr 2006 16:51:10 -0400
Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout7.cac.washington.edu (8.13.6+UW06.03/8.13.5+UW06.03) with ESMTP id k3DKp8fi002310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <lemonade@ietf.org>; Thu, 13 Apr 2006 13:51:08 -0700
X-Auth-Received: from shiva2.cac.washington.edu (shiva2.cac.washington.edu [140.142.37.173]) (authenticated authid=mrc) by smtp.washington.edu (8.13.6+UW06.03/8.13.6+UW06.03) with ESMTP id k3DKp7nm023605 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <lemonade@ietf.org>; Thu, 13 Apr 2006 13:51:08 -0700
Date: Thu, 13 Apr 2006 13:51:07 -0700
From: Mark Crispin <mrc@CAC.Washington.EDU>
To: lemonade@ietf.org
Message-ID: <Pine.LNX.5.00.0604131342400.21716@shiva2.cac.washington.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a1852b4f554b02e7e4548cc7928acc1f
Subject: [lemonade] URLAUTH draft changes
X-BeenThere: lemonade@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Enhancements to Internet email to support diverse service enivronments <lemonade.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:lemonade@ietf.org>
List-Help: <mailto:lemonade-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=subscribe>
Errors-To: lemonade-bounces@ietf.org
The proposed set of changes to draft-ietf-lemonade-urlauth-08.txt follow. Following each change is a set of comments prefixed with ;;; that explain the change. Assuming that there are no further objections, I will then review the RFC Editor's work and merge these changes. Speak now or forever.... 73c73 < that it only supports authentication, and confuses the concepts --- > that it only supports authentication, and confuses the concepts of ;;; grammar correction 78c78 < conveys authorization in the URL name itself, and reuses a portion of --- > conveys authorization in the URL string itself, and reuses a portion of ;;; precision correction (no such thing as a "URL name") 195c195 < [IMAPURL] is extended by allowing the addition of ;EXPIRE=<datetime>" --- > [IMAPURL] is extended by allowing the addition of ";EXPIRE=<datetime>" ;;; typographic correction: missing open quote. 416,417c416,423 < As a consequence, the iserver rule of [IMAPURL] is modified < so that iuserauth is mandatory. --- > As a consequence, relative URLs are not permitted, and > enc-user is mandatory, in URLAUTH authorized URLs. > > Note: the server component of the URL is generally the > logged in userid and server. If not, then the logged in > userid and server MUST have owner-type access to the > mailbox access key table owned by the userid and server > indicated by the server component of the URL. ;;; per recent discussion regarding the URLAUTH security model. 424,425c430,431 < (4) the server MAY also verify that the Message-ID and/or < second components (if present) are valid. --- > (4) the server MAY also verify that the iuid and/or isection > components (if present) are valid. ;;; per discussion; "Message-ID" and "second" are obvious errors. 478a485,491 > The URLFETCH command effectively executes with the access of the userid > in the server component of the URL (which is generally the userid that > issued the GENURLAUTH). By itself, the URLAUTH does NOT grant access to > the data; once validated, it grants whatever access to the data is held > by the userid in the server component of the URL. That access may have > changed since the GENURLAUTH was done. > ;;; more per recent discussion regarding the URLAUTH security model. 626c639,641 < authimapurl = "imap://" iuserauth "@" hostport "/" imessagepart --- > authimapurl = "imap://" enc-user [iauth] "@" hostport "/" imessagepart > ; replaces "imapurl" and "iserver" rules for URLAUTH > ; authorized URLs ;;; indicate that enc-user is mandatory (it is optional in iuserauth) 633a649,651 > enc-user = 1*achar > ; same as "enc_user" in RFC 2192 > ;;; per underscore vs. hyphen foofaraw 638c656 < access = ("submit+" iuserauth) / ("user+" iuserauth) / --- > access = ("submit+" enc-user) / ("user+" enc-user) / ;;; remove iauth as possible value in these fields. 677a696,702 > Although this specification does not prohibit the theoretical > capability to generate a URL with a server component other than the > logged in userid and server, this capability should only be provided > when the logged in userid/server has been authorized as equivalent to > the server component userid/server, or otherwise has access to that > userid/server mailbox access key table. > ;;; further security caution per recent discussion regarding the URLAUTH ;;; security model. 719,720c744 < Specifications: ABNF", draft-crocker-abnf-rfc2234bis (work < in progress). --- > Specifications: ABNF", RFC 4234, October 2005. ;;; update since RFC now issued (probably will be updated in RFC Editor ;;; version too). 723c747 < draft-newman-lemonade-burl (work in progress). --- > draft-ietf-lemonade-burl (work in progress). ;;; update now that WG draft (probably will be updated in RFC Editor ;;; version too). -- Mark -- http://staff.washington.edu/mrc Science does not emerge from voting, party politics, or public debate. Si vis pacem, para bellum. _______________________________________________ lemonade mailing list lemonade@ietf.org https://www1.ietf.org/mailman/listinfo/lemonade
- [lemonade] URLAUTH draft changes Mark Crispin
- Re: [lemonade] URLAUTH draft changes Randall Gellens
- Re: [lemonade] URLAUTH draft changes Mark Crispin
- Re: [lemonade] URLAUTH draft changes Mark Crispin