Home Explore Help
Sign In
SMusatov
/
offlineIMAP3
mirror of https://github.com/OfflineIMAP/offlineimap3
1
0
Fork 0
Files
Branch: master
Branches Tags
offlineIMAP3
/
docs
/
rfcs
/
rfc2971.IMAP4_ID_extension.txt

rfc2971.IMAP4_ID_extension.txt 14 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451 
  1. 

  2. 

  3. 

  4. 

  5. 

  6. 

  7. Network Working Group                                        T. Showalter
    8. 

  8. Request for Comments: 2971                                Mirapoint, Inc.
    9. 

  9. Category: Standards Track                                    October 2000
    10. 

  10. 

  11. 

  12.                            IMAP4 ID extension
    13. 

  13. 

  14. Status of this Memo
    15. 

  15. 

  16.    This document specifies an Internet standards track protocol for the
    17. 

  17.    Internet community, and requests discussion and suggestions for
    18. 

  18.    improvements.  Please refer to the current edition of the "Internet
    19. 

  19.    Official Protocol Standards" (STD 1) for the standardization state
    20. 

  20.    and status of this protocol.  Distribution of this memo is unlimited.
    21. 

  21. 

  22. Copyright Notice
    23. 

  23. 

  24.    Copyright (C) The Internet Society (2000).  All Rights Reserved.
    25. 

  25. 

  26. Abstract
    27. 

  27. 

  28.    The ID extension to the Internet Message Access Protocol - Version
    29. 

  29.    4rev1 (IMAP4rev1) protocol allows the server and client to exchange
    30. 

  30.    identification information on their implementation in order to make
    31. 

  31.    bug reports and usage statistics more complete.
    32. 

  32. 

  33. 1. Introduction
    34. 

  34. 

  35.    The IMAP4rev1 protocol described in [IMAP4rev1] provides a method for
    36. 

  36.    accessing remote mail stores, but it provides no facility to
    37. 

  37.    advertise what program a client or server uses to provide service.
    38. 

  38.    This makes it difficult for implementors to get complete bug reports
    39. 

  39.    from users, as it is frequently difficult to know what client or
    40. 

  40.    server is in use.
    41. 

  41. 

  42.    Additionally, some sites may wish to assemble usage statistics based
    43. 

  43.    on what clients are used, but in an an environment where users are
    44. 

  44.    permitted to obtain and maintain their own clients this is difficult
    45. 

  45.    to accomplish.
    46. 

  46. 

  47.    The ID command provides a facility to advertise information on what
    48. 

  48.    programs are being used along with contact information (should bugs
    49. 

  49.    ever occur).
    50. 

  50. 

  51. 

  52. 

  53. 

  54. 

  55. 

  56. 

  57. 

  58. Showalter                   Standards Track                     [Page 1]
    59. 

  59. 
    60. 

  60. RFC 2971                   IMAP4 ID extension               October 2000
    61. 

  61. 

  62. 

  63. 2. Conventions Used in this Document
    64. 

  64. 

  65.    The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
    66. 

  66.    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
    67. 

  67.    document are to be interpreted as described in [KEYWORDS].
    68. 

  68. 

  69.    The conventions used in this document are the same as specified in
    70. 

  70.    [IMAP4rev1].  In examples, "C:" and "S:" indicate lines sent by the
    71. 

  71.    client and server respectively.  Line breaks have been inserted for
    72. 

  72.    readability.
    73. 

  73. 

  74. 3. Specification
    75. 

  75. 

  76.    The sole purpose of the ID extension is to enable clients and servers
    77. 

  77.    to exchange information on their implementations for the purposes of
    78. 

  78.    statistical analysis and problem determination.
    79. 

  79. 

  80.    This information is be submitted to a server by any client wishing to
    81. 

  81.    provide information for statistical purposes, provided the server
    82. 

  82.    advertises its willingness to take the information with the atom "ID"
    83. 

  83.    included in the list of capabilities returned by the CAPABILITY
    84. 

  84.    command.
    85. 

  85. 

  86.    Implementations MUST NOT make operational changes based on the data
    87. 

  87.    sent as part of the ID command or response.  The ID command is for
    88. 

  88.    human consumption only, and is not to be used in improving the
    89. 

  89.    performance of clients or servers.
    90. 

  90. 

  91.    This includes, but is not limited to, the following:
    92. 

  92. 

  93.       Servers MUST NOT attempt to work around client bugs by using
    94. 

  94.       information from the ID command.  Clients MUST NOT attempt to work
    95. 

  95.       around server bugs based on the ID response.
    96. 

  96. 

  97.       Servers MUST NOT provide features to a client or otherwise
    98. 

  98.       optimize for a particular client by using information from the ID
    99. 

  99.       command.  Clients MUST NOT provide features to a server or
    100. 

  100.       otherwise optimize for a particular server based on the ID
    101. 

  101.       response.
    102. 

  102. 

  103.       Servers MUST NOT deny access to or refuse service for a client
    104. 

  104.       based on information from the ID command.  Clients MUST NOT refuse
    105. 

  105.       to operate or limit their operation with a server based on the ID
    106. 

  106.       response.
    107. 

  107. 

  108. 

  109. 

  110. 

  111. 

  112. 

  113. 

  114. Showalter                   Standards Track                     [Page 2]
    115. 

  115. 
    116. 

  116. RFC 2971                   IMAP4 ID extension               October 2000
    117. 

  117. 

  118. 

  119.    Rationale: It is imperative that this extension not supplant IMAP's
    120. 

  120.    CAPABILITY mechanism with a ad-hoc approach where implementations
    121. 

  121.    guess each other's features based on who they claim to be.
    122. 

  122. 

  123.    Implementations MUST NOT send false information in an ID command.
    124. 

  124. 

  125.    Implementations MAY send less information than they have available or
    126. 

  126.    no information at all.  Such behavior may be useful to preserve user
    127. 

  127.    privacy.  See Security Considerations, section 7.
    128. 

  128. 

  129. 3.1. ID Command
    130. 

  130. 

  131.    Arguments:  client parameter list or NIL
    132. 

  132. 

  133.    Responses:  OPTIONAL untagged response: ID
    134. 

  134. 

  135.    Result:     OK    identification information accepted
    136. 

  136.                BAD   command unknown or arguments invalid
    137. 

  137. 

  138.    Implementation identification information is sent by the client with
    139. 

  139.    the ID command.
    140. 

  140. 

  141.    This command is valid in any state.
    142. 

  142. 

  143.    The information sent is in the form of a list of field/value pairs.
    144. 

  144.    Fields are permitted to be any IMAP4 string, and values are permitted
    145. 

  145.    to be any IMAP4 string or NIL.  A value of NIL indicates that the
    146. 

  146.    client can not or will not specify this information.  The client may
    147. 

  147.    also send NIL instead of the list, indicating that it wants to send
    148. 

  148.    no information, but would still accept a server response.
    149. 

  149. 

  150.    The available fields are defined in section 3.3.
    151. 

  151. 

  152.    Example:  C: a023 ID ("name" "sodr" "version" "19.34" "vendor"
    153. 

  153.                  "Pink Floyd Music Limited")
    154. 

  154.              S: * ID NIL
    155. 

  155.              S: a023 OK ID completed
    156. 

  156. 

  157. 3.2. ID Response
    158. 

  158. 

  159.    Contents:   server parameter list
    160. 

  160. 

  161.    In response to an ID command issued by the client, the server replies
    162. 

  162.    with a tagged response containing information on its implementation.
    163. 

  163.    The format is the same as the client list.
    164. 

  164. 

  165. 

  166. 

  167. 

  168. 

  169. 

  170. Showalter                   Standards Track                     [Page 3]
    171. 

  171. 
    172. 

  172. RFC 2971                   IMAP4 ID extension               October 2000
    173. 

  173. 

  174. 

  175.    Example:  C: a042 ID NIL
    176. 

  176.              S: * ID ("name" "Cyrus" "version" "1.5" "os" "sunos"
    177. 

  177.                   "os-version" "5.5" "support-url"
    178. 

  178.                   "mailto:cyrus-bugs+@andrew.cmu.edu")
    179. 

  179.              S: a042 OK ID command completed
    180. 

  180. 

  181.    A server MUST send a tagged ID response to an ID command.  However, a
    182. 

  182.    server MAY send NIL in place of the list.
    183. 

  183. 

  184. 3.3. Defined Field Values
    185. 

  185. 

  186.    Any string may be sent as a field, but the following are defined to
    187. 

  187.    describe certain values that might be sent.  Implementations are free
    188. 

  188.    to send none, any, or all of these.  Strings are not case-sensitive.
    189. 

  189.    Field strings MUST NOT be longer than 30 octets.  Value strings MUST
    190. 

  190.    NOT be longer than 1024 octets.  Implementations MUST NOT send more
    191. 

  191.    than 30 field-value pairs.
    192. 

  192. 

  193.      name            Name of the program
    194. 

  194.      version         Version number of the program
    195. 

  195.      os              Name of the operating system
    196. 

  196.      os-version      Version of the operating system
    197. 

  197.      vendor          Vendor of the client/server
    198. 

  198.      support-url     URL to contact for support
    199. 

  199.      address         Postal address of contact/vendor
    200. 

  200.      date            Date program was released, specified as a date-time
    201. 

  201.                        in IMAP4rev1
    202. 

  202.      command         Command used to start the program
    203. 

  203.      arguments       Arguments supplied on the command line, if any
    204. 

  204.                        if any
    205. 

  205.      environment     Description of environment, i.e., UNIX environment
    206. 

  206.                        variables or Windows registry settings
    207. 

  207. 

  208.    Implementations MUST NOT use contact information to submit automatic
    209. 

  209.    bug reports.  Implementations may include information from an ID
    210. 

  210.    response in a report automatically prepared, but are prohibited from
    211. 

  211.    sending the report without user authorization.
    212. 

  212. 

  213.    It is preferable to find the name and version of the underlying
    214. 

  214.    operating system at runtime in cases where this is possible.
    215. 

  215. 

  216.    Information sent via an ID response may violate user privacy.  See
    217. 

  217.    Security Considerations, section 7.
    218. 

  218. 

  219.    Implementations MUST NOT send the same field name more than once.
    220. 

  220. 

  221. 

  222. 

  223. 

  224. 

  225. 

  226. Showalter                   Standards Track                     [Page 4]
    227. 

  227. 
    228. 

  228. RFC 2971                   IMAP4 ID extension               October 2000
    229. 

  229. 

  230. 

  231. 4. Formal Syntax
    232. 

  232. 

  233.    This  syntax is intended to augment the grammar specified in
    234. 

  234.    [IMAP4rev1] in order to provide for the ID command.  This
    235. 

  235.    specification uses the augmented Backus-Naur Form (BNF) notation as
    236. 

  236.    used in [IMAP4rev1].
    237. 

  237. 

  238.      command_any ::= "CAPABILITY" / "LOGOUT" / "NOOP" / x_command / id
    239. 

  239.          ;; adds id command to command_any in [IMAP4rev1]
    240. 

  240. 

  241.      id ::= "ID" SPACE id_params_list
    242. 

  242. 

  243.      id_response ::= "ID" SPACE id_params_list
    244. 

  244. 

  245.      id_params_list ::= "(" #(string SPACE nstring) ")" / nil
    246. 

  246.          ;; list of field value pairs
    247. 

  247. 

  248.      response_data ::= "*" SPACE (resp_cond_state / resp_cond_bye /
    249. 

  249.          mailbox_data / message_data / capability_data / id_response)
    250. 

  250. 

  251. 5. Use of the ID extension with Firewalls and Other Intermediaries
    252. 

  252. 

  253.    There exist proxies, firewalls, and other intermediary systems that
    254. 

  254.    can intercept an IMAP session and make changes to the data exchanged
    255. 

  255.    in the session.  Such intermediaries are not anticipated by the IMAP4
    256. 

  256.    protocol design and are not within the scope of the IMAP4 standard.
    257. 

  257.    However, in order for the ID command to be useful in the presence of
    258. 

  258.    such intermediaries, those intermediaries need to take special note
    259. 

  259.    of the ID command and response.  In particular, if an intermediary
    260. 

  260.    changes any part of the IMAP session it must also change the ID
    261. 

  261.    command to advertise its presence.
    262. 

  262. 

  263.    A firewall MAY act to block transmission of specific information
    264. 

  264.    fields in the ID command and response that it believes reveal
    265. 

  265.    information that could expose a security vulnerability.  However, a
    266. 

  266.    firewall SHOULD NOT disable the extension, when present, entirely,
    267. 

  267.    and SHOULD NOT unconditionally remove either the client or server
    268. 

  268.    list.
    269. 

  269. 

  270.    Finally, it should be noted that a firewall, when handling a
    271. 

  271.    CAPABILITY response, MUST NOT allow the names of extensions to be
    272. 

  272.    returned to the client that the firewall has no knowledge of.
    273. 

  273. 

  274. 

  275. 

  276. 

  277. 

  278. 

  279. 

  280. 

  281. 

  282. Showalter                   Standards Track                     [Page 5]
    283. 

  283. 
    284. 

  284. RFC 2971                   IMAP4 ID extension               October 2000
    285. 

  285. 

  286. 

  287. 6. References
    288. 

  288. 

  289.    [KEYWORDS]  Bradner, S., "Key words for use in RFCs to Indicate
    290. 

  290.                Requirement Levels", RFC 2119, March 1997.
    291. 

  291. 

  292.    [IMAP4rev1] Crispin, M., "Internet Message Access Protocol - Version
    293. 

  293.                4rev1", RFC 2060, October 1996.
    294. 

  294. 

  295.    [RFC-822]   Crocker, D., "Standard for the Format of ARPA Internet
    296. 

  296.                Text Messages", STD 11, RFC 822, August 1982.
    297. 

  297. 

  298. 7. Security Considerations
    299. 

  299. 

  300.    This extension has the danger of violating the privacy of users if
    301. 

  301.    misused.  Clients and servers should notify users that they implement
    302. 

  302.    and enable the ID command.
    303. 

  303. 

  304.    It is highly desirable that implementations provide a method of
    305. 

  305.    disabling ID support, perhaps by not sending ID at all, or by sending
    306. 

  306.    NIL as the argument to the ID command or response.
    307. 

  307. 

  308.    Implementors must exercise extreme care in adding fields sent as part
    309. 

  309.    of an ID command or response.  Some fields, including a processor ID
    310. 

  310.    number, Ethernet address, or other unique (or mostly unique)
    311. 

  311.    identifier allow tracking of users in ways that violate user privacy
    312. 

  312.    expectations.
    313. 

  313. 

  314.    Having implementation information of a given client or server may
    315. 

  315.    make it easier for an attacker to gain unauthorized access due to
    316. 

  316.    security holes.
    317. 

  317. 

  318.    Since this command includes arbitrary data and does not require the
    319. 

  319.    user to authenticate, server implementations are cautioned to guard
    320. 

  320.    against an attacker sending arbitrary garbage data in order to fill
    321. 

  321.    up the ID log.  In particular, if a server naively logs each ID
    322. 

  322.    command to disk without inspecting it, an attacker can simply fire up
    323. 

  323.    thousands of connections and send a few kilobytes of random data.
    324. 

  324.    Servers have to guard against this.  Methods include truncating
    325. 

  325.    abnormally large responses; collating responses by storing only a
    326. 

  326.    single copy, then keeping a counter of the number of times that
    327. 

  327.    response has been seen; keeping only particularly interesting parts
    328. 

  328.    of responses; and only logging responses of users who actually log
    329. 

  329.    in.
    330. 

  330. 

  331.    Security is affected by firewalls which modify the IMAP protocol
    332. 

  332.    stream; see section 5, Use of the ID Extension with Firewalls and
    333. 

  333.    Other Intermediaries, for more information.
    334. 

  334. 

  335. 

  336. 

  337. 

  338. Showalter                   Standards Track                     [Page 6]
    339. 

  339. 
    340. 

  340. RFC 2971                   IMAP4 ID extension               October 2000
    341. 

  341. 

  342. 

  343. 8. Author's Address
    344. 

  344. 

  345.    Tim Showalter
    346. 

  346.    Mirapoint, Inc.
    347. 

  347.    909 Hermosa Ct.
    348. 

  348.    Sunnyvale, CA 94095
    349. 

  349. 

  350.    EMail: tjs@mirapoint.com
    351. 

  351. 

  352. 

  353. 

  354. 

  355. 

  356. 

  357. 

  358. 

  359. 

  360. 

  361. 

  362. 

  363. 

  364. 

  365. 

  366. 

  367. 

  368. 

  369. 

  370. 

  371. 

  372. 

  373. 

  374. 

  375. 

  376. 

  377. 

  378. 

  379. 

  380. 

  381. 

  382. 

  383. 

  384. 

  385. 

  386. 

  387. 

  388. 

  389. 

  390. 

  391. 

  392. 

  393. 

  394. Showalter                   Standards Track                     [Page 7]
    395. 

  395. 
    396. 

  396. RFC 2971                   IMAP4 ID extension               October 2000
    397. 

  397. 

  398. 

  399. 9.  Full Copyright Statement
    400. 

  400. 

  401.    Copyright (C) The Internet Society (2000).  All Rights Reserved.
    402. 

  402. 

  403.    This document and translations of it may be copied and furnished to
    404. 

  404.    others, and derivative works that comment on or otherwise explain it
    405. 

  405.    or assist in its implementation may be prepared, copied, published
    406. 

  406.    and distributed, in whole or in part, without restriction of any
    407. 

  407.    kind, provided that the above copyright notice and this paragraph are
    408. 

  408.    included on all such copies and derivative works.  However, this
    409. 

  409.    document itself may not be modified in any way, such as by removing
    410. 

  410.    the copyright notice or references to the Internet Society or other
    411. 

  411.    Internet organizations, except as needed for the purpose of
    412. 

  412.    developing Internet standards in which case the procedures for
    413. 

  413.    copyrights defined in the Internet Standards process must be
    414. 

  414.    followed, or as required to translate it into languages other than
    415. 

  415.    English.
    416. 

  416. 

  417.    The limited permissions granted above are perpetual and will not be
    418. 

  418.    revoked by the Internet Society or its successors or assigns.
    419. 

  419. 

  420.    This document and the information contained herein is provided on an
    421. 

  421.    "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
    422. 

  422.    TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
    423. 

  423.    BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
    424. 

  424.    HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
    425. 

  425.    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
    426. 

  426. 

  427. Acknowledgement
    428. 

  428. 

  429.    Funding for the RFC Editor function is currently provided by the
    430. 

  430.    Internet Society.
    431. 

  431. 

  432. 

  433. 

  434. 

  435. 

  436. 

  437. 

  438. 

  439. 

  440. 

  441. 

  442. 

  443. 

  444. 

  445. 

  446. 

  447. 

  448. 

  449. 

  450. Showalter                   Standards Track                     [Page 8]
    451. 

  451. 
    452.