IETF Logo Mail Archive

[lemonade] URLAUTH draft changes

Mark Crispin <mrc@CAC.Washington.EDU> Thu, 13 April 2006 20:51 UTC

Received: from [127.0.0.1] (helo=stiedprmman1.va.neustar.com) by megatron.ietf.org with esmtp (Exim 4.43) id 1FU8mV-0002ql-P8; Thu, 13 Apr 2006 16:51:11 -0400
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FU8mU-0002qd-Lp for lemonade@ietf.org; Thu, 13 Apr 2006 16:51:10 -0400
Received: from mxout7.cac.washington.edu ([140.142.32.178]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FU8mT-0003GQ-6P for lemonade@ietf.org; Thu, 13 Apr 2006 16:51:10 -0400
Received: from smtp.washington.edu (smtp.washington.edu [140.142.33.9]) by mxout7.cac.washington.edu (8.13.6+UW06.03/8.13.5+UW06.03) with ESMTP id k3DKp8fi002310 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <lemonade@ietf.org>; Thu, 13 Apr 2006 13:51:08 -0700
X-Auth-Received: from shiva2.cac.washington.edu (shiva2.cac.washington.edu [140.142.37.173]) (authenticated authid=mrc) by smtp.washington.edu (8.13.6+UW06.03/8.13.6+UW06.03) with ESMTP id k3DKp7nm023605 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <lemonade@ietf.org>; Thu, 13 Apr 2006 13:51:08 -0700
Date: Thu, 13 Apr 2006 13:51:07 -0700
From: Mark Crispin <mrc@CAC.Washington.EDU>
To: lemonade@ietf.org
Message-ID: <Pine.LNX.5.00.0604131342400.21716@shiva2.cac.washington.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"; format="flowed"
X-Uwash-Spam: Gauge=IIIIIII, Probability=7%, Report='__CP_URI_IN_BODY 0, __CT 0, __CT_TEXT_PLAIN 0, __HAS_MSGID 0, __MIME_TEXT_ONLY 0, __MIME_VERSION 0, __SANE_MSGID 0'
X-Spam-Score: 0.0 (/)
X-Scan-Signature: a1852b4f554b02e7e4548cc7928acc1f
Subject: [lemonade] URLAUTH draft changes
X-BeenThere: lemonade@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Enhancements to Internet email to support diverse service enivronments <lemonade.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:lemonade@ietf.org>
List-Help: <mailto:lemonade-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=subscribe>
Errors-To: lemonade-bounces@ietf.org

The proposed set of changes to draft-ietf-lemonade-urlauth-08.txt follow. 
Following each change is a set of comments prefixed with ;;; that 
explain the change.

Assuming that there are no further objections, I will then review the RFC 
Editor's work and merge these changes.

Speak now or forever....



73c73
<    that it only supports authentication, and confuses the concepts
---
>    that it only supports authentication, and confuses the concepts of

;;; grammar correction

78c78
<    conveys authorization in the URL name itself, and reuses a portion of
---
>    conveys authorization in the URL string itself, and reuses a portion of

;;; precision correction (no such thing as a "URL name")

195c195
<    [IMAPURL] is extended by allowing the addition of ;EXPIRE=<datetime>"
---
>    [IMAPURL] is extended by allowing the addition of ";EXPIRE=<datetime>"

;;; typographic correction: missing open quote.


416,417c416,423
<           As a consequence, the iserver rule of [IMAPURL] is modified
<           so that iuserauth is mandatory.
---
>           As a consequence, relative URLs are not permitted, and
>           enc-user is mandatory, in URLAUTH authorized URLs.
>
>              Note: the server component of the URL is generally the
>              logged in userid and server.  If not, then the logged in
>              userid and server MUST have owner-type access to the
>              mailbox access key table owned by the userid and server
>              indicated by the server component of the URL.

;;; per recent discussion regarding the URLAUTH security model.


424,425c430,431
<       (4) the server MAY also verify that the Message-ID and/or
<           second components (if present) are valid.
---
>       (4) the server MAY also verify that the iuid and/or isection
>           components (if present) are valid.

;;; per discussion; "Message-ID" and "second" are obvious errors.


478a485,491
>    The URLFETCH command effectively executes with the access of the userid
>    in the server component of the URL (which is generally the userid that
>    issued the GENURLAUTH).  By itself, the URLAUTH does NOT grant access to
>    the data; once validated, it grants whatever access to the data is held
>    by the userid in the server component of the URL.  That access may have
>    changed since the GENURLAUTH was done.
>

;;; more per recent discussion regarding the URLAUTH security model.


626c639,641
< authimapurl     = "imap://" iuserauth "@" hostport "/" imessagepart
---
> authimapurl     = "imap://" enc-user [iauth] "@" hostport "/" imessagepart
>                    ; replaces "imapurl" and "iserver" rules for URLAUTH
>                    ; authorized URLs

;;; indicate that enc-user is mandatory (it is optional in iuserauth)


633a649,651
> enc-user        = 1*achar
>                    ; same as "enc_user" in RFC 2192
>

;;; per underscore vs. hyphen foofaraw


638c656
< access          = ("submit+" iuserauth) / ("user+" iuserauth) /
---
> access          = ("submit+" enc-user) / ("user+" enc-user) /

;;; remove iauth as possible value in these fields.


677a696,702
>    Although this specification does not prohibit the theoretical
>    capability to generate a URL with a server component other than the
>    logged in userid and server, this capability should only be provided
>    when the logged in userid/server has been authorized as equivalent to
>    the server component userid/server, or otherwise has access to that
>    userid/server mailbox access key table.
>

;;; further security caution per recent discussion regarding the URLAUTH
;;; security model.


719,720c744
<               Specifications: ABNF", draft-crocker-abnf-rfc2234bis (work
<               in progress).
---
>               Specifications: ABNF", RFC 4234, October 2005.

;;; update since RFC now issued (probably will be updated in RFC Editor
;;; version too).


723c747
<               draft-newman-lemonade-burl (work in progress).
---
>               draft-ietf-lemonade-burl (work in progress).

;;; update now that WG draft (probably will be updated in RFC Editor
;;; version too).

-- Mark --

http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.

_______________________________________________
lemonade mailing list
lemonade@ietf.org
https://www1.ietf.org/mailman/listinfo/lemonade

v2.23.0 | Report a Bug | By Email