summaryrefslogtreecommitdiff
path: root/imap/docs/rfc/rfc4467.txt
diff options
context:
space:
mode:
Diffstat (limited to 'imap/docs/rfc/rfc4467.txt')
-rw-r--r--imap/docs/rfc/rfc4467.txt1011
1 files changed, 0 insertions, 1011 deletions
diff --git a/imap/docs/rfc/rfc4467.txt b/imap/docs/rfc/rfc4467.txt
deleted file mode 100644
index 83b6516a..00000000
--- a/imap/docs/rfc/rfc4467.txt
+++ /dev/null
@@ -1,1011 +0,0 @@
-
-
-
-
-
-
-Network Working Group M. Crispin
-Request for Comments: 4467 University of Washington
-Updates: 3501 May 2006
-Category: Standards Track
-
-
- Internet Message Access Protocol (IMAP) - URLAUTH Extension
-
-Status of This Memo
-
- This document specifies an Internet standards track protocol for the
- Internet community, and requests discussion and suggestions for
- improvements. Please refer to the current edition of the "Internet
- Official Protocol Standards" (STD 1) for the standardization state
- and status of this protocol. Distribution of this memo is unlimited.
-
-Copyright Notice
-
- Copyright (C) The Internet Society (2006).
-
-Abstract
-
- This document describes the URLAUTH extension to the Internet Message
- Access Protocol (IMAP) (RFC 3501) and the IMAP URL Scheme (IMAPURL)
- (RFC 2192). This extension provides a means by which an IMAP client
- can use URLs carrying authorization to access limited message data on
- the IMAP server.
-
- An IMAP server that supports this extension indicates this with a
- capability name of "URLAUTH".
-
-1. Introduction
-
- In [IMAPURL], a URL of the form imap://fred@example.com/INBOX/;uid=20
- requires authorization as userid "fred". However, [IMAPURL] implies
- that it only supports authentication and confuses the concepts of
- authentication and authorization.
-
- The URLAUTH extension defines an authorization mechanism for IMAP
- URLs to replace [IMAPURL]'s authentication-only mechanism. URLAUTH
- conveys authorization in the URL string itself and reuses a portion
- of the syntax of the [IMAPURL] authentication mechanism to convey the
- authorization identity (which also defines the default namespace in
- [IMAP]).
-
- The URLAUTH extension provides a means by which an authorized user of
- an IMAP server can create URLAUTH-authorized IMAP URLs. A URLAUTH-
- authorized URL conveys authorization (not authentication) to the data
-
-
-
-Crispin Standards Track [Page 1]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
- addressed by that URL. This URL can be used in another IMAP session
- to access specific content on the IMAP server, without otherwise
- providing authorization to any other data (such as other data in the
- mailbox specified in the URL) owned by the authorizing user.
-
- Conceptually, a URLAUTH-authorized URL can be thought of as a "pawn
- ticket" that carries no authentication information and can be
- redeemed by whomever presents it. However, unlike a pawn ticket,
- URLAUTH has optional mechanisms to restrict the usage of a URLAUTH-
- authorized URL. Using these mechanisms, URLAUTH-authorized URLs can
- be usable by:
-
- . anonymous (the "pawn ticket" model)
- . authenticated users only
- . a specific authenticated user only
- . message submission acting on behalf of a specific user only
-
- There is also a mechanism for expiration.
-
- A URLAUTH-authorized URL can be used in the argument to the BURL
- command in message composition, as described in [BURL], for such
- purposes as allowing a client (with limited memory or other
- resources) to submit a message forward or to resend from an IMAP
- mailbox without requiring the client to fetch that message data.
-
- The URLAUTH is generated using an authorization mechanism name and an
- authorization token, which is generated using a secret mailbox access
- key. An IMAP client can request that the server generate and assign
- a new mailbox access key (thus effectively revoking all current URLs
- using URLAUTH with the old mailbox access key) but cannot set the
- mailbox access key to a key of its own choosing.
-
-1.1. Conventions Used in this Document
-
- The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
- in this document are to be interpreted as defined in [KEYWORDS].
-
- The formal syntax uses the Augmented Backus-Naur Form (ABNF) notation
- including the core rules defined in Appendix A of [ABNF].
-
- In examples, "C:" and "S:" indicate lines sent by the client and
- server, respectively. If a single "C:" or "S:" label applies to
- multiple lines, then the line breaks between those lines are for
- editorial clarity only and are not part of the actual protocol
- exchange.
-
-
-
-
-
-
-Crispin Standards Track [Page 2]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-2. Concepts
-
-2.1. URLAUTH
-
- The URLAUTH is a component, appended at the end of a URL, that
- conveys authorization to access the data addressed by that URL. It
- contains an authorized access identifier, an authorization mechanism
- name, and an authorization token. The authorization token is
- generated from the URL, the authorized access identifier, the
- authorization mechanism name, and a mailbox access key.
-
-2.2. Mailbox Access Key
-
- The mailbox access key is a random string with at least 128 bits of
- entropy. It is generated by software (not by the human user) and
- MUST be unpredictable.
-
- Each user has a table of mailboxes and an associated mailbox access
- key for each mailbox. Consequently, the mailbox access key is per-
- user and per-mailbox. In other words, two users sharing the same
- mailbox each have a different mailbox access key for that mailbox,
- and each mailbox accessed by a single user also has a different
- mailbox access key.
-
-2.3. Authorized Access Identifier
-
- The authorized access identifier restricts use of the URLAUTH
- authorized URL to certain users authorized on the server, as
- described in section 3.
-
-2.4. Authorization Mechanism
-
- The authorization mechanism is the algorithm by which the URLAUTH is
- generated and subsequently verified, using the mailbox access key.
-
-2.4.1. INTERNAL Authorization Mechanism
-
- This specification defines the INTERNAL mechanism, which uses a token
- generation algorithm of the server's choosing and does not involve
- disclosure of the mailbox access key to the client.
-
- Note: The token generation algorithm chosen by the server
- implementation should be modern and reasonably secure. At the
- time of the writing of this document, an [HMAC] such as HMAC-SHA1
- is recommended.
-
-
-
-
-
-
-Crispin Standards Track [Page 3]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
- If it becomes necessary to change the token generation algorithm
- of the INTERNAL mechanism (e.g., because an attack against the
- current algorithm has been discovered), all currently existing
- URLAUTH-authorized URLs are invalidated by the change in
- algorithm. Since this would be an unpleasant surprise to
- applications that depend upon the validity of a URLAUTH-authorized
- URL, and there is no good way to do a bulk update of existing
- deployed URLs, it is best to avoid this situation by using a
- secure algorithm as opposed to one that is "good enough".
-
- Server implementations SHOULD consider the possibility of changing
- the algorithm. In some cases, it may be desirable to implement
- the change of algorithm in a way that newly-generated tokens use
- the new algorithm, but that for a limited period of time tokens
- using either the new or old algorithm can be validated.
- Consequently, the server SHOULD incorporate some means of
- identifying the token generation algorithm within the token.
-
- Although this specification is extensible for other mechanisms, none
- are defined in this document. In addition to the mechanism name
- itself, other mechanisms may have mechanism-specific data, which is
- to be interpreted according to the definition of that mechanism.
-
-2.5. Authorization Token
-
- The authorization token is a deterministic string of at least 128
- bits that an entity with knowledge of the secret mailbox access key
- and URL authorization mechanism can use to verify the URL.
-
-3. IMAP URL Extensions
-
- [IMAPURL] is extended by allowing the addition of
- ";EXPIRE=<datetime>" and ";URLAUTH=<access>:<mech>:<token>" to IMAP
- URLs that refer to a specific message or message parts.
-
- The URLAUTH is comprised of ";URLAUTH=<access>:<mech>:<token>" and
- MUST be at the end of the URL.
-
- URLAUTH does not apply to, and MUST NOT be used with, any IMAP URL
- that refers to an entire IMAP server, a list of mailboxes, an entire
- IMAP mailbox, or IMAP search results.
-
- When ";EXPIRE=<datetime>" is used, this indicates the latest date and
- time that the URL is valid. After that date and time, the URL has
- expired, and server implementations MUST reject the URL. If
- ";EXPIRE=<datetime>" is not used, the URL has no expiration, but
- still can be revoked as discussed below.
-
-
-
-
-Crispin Standards Track [Page 4]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
- The URLAUTH takes the form ";URLAUTH=<access>:<mech>:<token>". It is
- composed of three parts. The <access> portion provides the
- authorized access identifiers, which may constrain the operations and
- users that are permitted to use this URL. The <mech> portion
- provides the authorization mechanism used by the IMAP server to
- generate the authorization token that follows. The <token> portion
- provides the authorization token.
-
- The "submit+" access identifier prefix, followed by a userid,
- indicates that only a userid authorized as a message submission
- entity on behalf of the specified userid is permitted to use this
- URL. The IMAP server does not validate the specified userid but does
- validate that the IMAP session has an authorization identity that is
- authorized as a message submission entity. The authorized message
- submission entity MUST validate the userid prior to contacting the
- IMAP server.
-
- The "user+" access identifier prefix, followed by a userid, indicates
- that use of this URL is limited to IMAP sessions that are logged in
- as the specified userid (that is, have authorization identity as that
- userid).
-
- Note: If a SASL mechanism that provides both authorization and
- authentication identifiers is used to authenticate to the IMAP
- server, the "user+" access identifier MUST match the authorization
- identifier.
-
- The "authuser" access identifier indicates that use of this URL is
- limited to IMAP sessions that are logged in as an authorized user
- (that is, have authorization identity as an authorized user) of that
- IMAP server. Use of this URL is prohibited to anonymous IMAP
- sessions.
-
- The "anonymous" access identifier indicates that use of this URL is
- not restricted by session authorization identity; that is, any IMAP
- session in authenticated or selected state (as defined in [IMAP]),
- including anonymous sessions, may issue a URLFETCH using this URL.
-
- The authorization token is represented as an ASCII-encoded
- hexadecimal string, which is used to authorize the URL. The length
- and the calculation of the authorization token depends upon the
- mechanism used; but, in all cases, the authorization token is at
- least 128 bits (and therefore at least 32 hexadecimal digits).
-
-
-
-
-
-
-
-
-Crispin Standards Track [Page 5]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-4. Discussion of URLAUTH Authorization Issues
-
- In [IMAPURL], the userid before the "@" in the URL has two purposes:
-
- 1) It provides context for user-specific mailbox paths such as
- "INBOX".
-
- 2) It specifies that resolution of the URL requires logging in as
- that user and limits use of that URL to only that user.
-
- An obvious limitation of using the same field for both purposes is
- that the URL can only be resolved by the mailbox owner.
-
- URLAUTH overrides the second purpose of the userid in the IMAP URL
- and by default permits the URL to be resolved by any user permitted
- by the access identifier.
-
- The "user+<userid>" access identifier limits resolution of that URL
- to a particular userid, whereas the "submit+<userid>" access
- identifier is more general and simply requires that the session be
- authorized by a user that has been granted a "submit" role within the
- authentication system. Use of either of these access identifiers
- makes it impossible for an attacker, spying on the session, to use
- the same URL, either directly or by submission to a message
- submission entity.
-
- The "authuser" and "anonymous" access identifiers do not have this
- level of protection and should be used with caution. These access
- identifiers are primarily useful for public export of data from an
- IMAP server, without requiring that it be copied to a web or
- anonymous FTP server. Refer to the Security Considerations for more
- details.
-
-5. Generation of URLAUTH-Authorized URLs
-
- A URLAUTH-authorized URL is generated from an initial URL as follows:
-
- An initial URL is built, ending with ";URLAUTH=<access>" but without
- the ":<mech>:<token>" components. An authorization mechanism is
- selected and used to calculate the authorization token, with the
- initial URL as the data and a secret known to the IMAP server as the
- key. The URLAUTH-authorized URL is generated by taking the initial
- URL and appending ":", the URL authorization mechanism name, ":", and
- the ASCII-encoded hexadecimal representation of the authorization
- token.
-
-
-
-
-
-
-Crispin Standards Track [Page 6]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
- Note: ASCII-encoded hexadecimal is used instead of BASE64 because
- a BASE64 representation may have "=" padding characters, which
- would be problematic in a URL.
-
- In the INTERNAL mechanism, the mailbox access key for that mailbox is
- the secret known to the IMAP server, and a server-selected algorithm
- is used as described in section 2.4.1.
-
-6. Validation of URLAUTH-authorized URLs
-
- A URLAUTH-authorized URL is validated as follows:
-
- The URL is split at the ":" that separates "<access>" from
- "<mech>:<token>" in the ";URLAUTH=<access>:<mech>:<token>" portion of
- the URL. The "<mech>:<token>" portion is first parsed and saved as
- the authorization mechanism and the authorization token. The URL is
- truncated, discarding the ":" described above, to create a "rump URL"
- (the URL minus the ":" and the "<mech>:<token>" portion). The rump
- URL is then analyzed to identify the mailbox.
-
- If the mailbox cannot be identified, an authorization token is
- calculated on the rump URL, using random "plausible" keys (selected
- by the server) as needed, before returning a validation failure.
- This prevents timing attacks aimed at identifying mailbox names.
-
- If the mailbox can be identified, the authorization token is
- calculated on the rump URL and a secret known to the IMAP server
- using the given URL authorization mechanism. Validation is
- successful if, and only if, the calculated authorization token for
- that mechanism matches the authorization token supplied in
- ";URLAUTH=<access>:<mech>:<token>".
-
- Removal of the ":<mech>:<token>" portion of the URL MUST be the only
- operation applied to the URLAUTH-authorized URL to get the rump URL.
- In particular, URL percent escape decoding and case-folding
- (including to the domain part of the URL) MUST NOT occur.
-
- In the INTERNAL mechanism, the mailbox access key for that mailbox is
- used as the secret known to the IMAP server, and the same server-
- selected algorithm used for generating URLs is used to calculate the
- authorization token for verification.
-
-
-
-
-
-
-
-
-
-
-Crispin Standards Track [Page 7]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-7. Additional Commands
-
- These commands are extensions to the [IMAP] base protocol.
-
- The section headings of these commands are intended to correspond
- with where they would be located in the base protocol document if
- they were part of that document.
-
-BASE.6.3.RESETKEY. RESETKEY Command
-
- Arguments: optional mailbox name
- optional mechanism name(s)
-
- Responses: none other than in result
-
- Result: OK - RESETKEY completed, URLMECH containing new data
- NO - RESETKEY error: can't change key of that mailbox
- BAD - command unknown or arguments invalid
-
- The RESETKEY command has two forms.
-
- The first form accepts a mailbox name as an argument and generates a
- new mailbox access key for the given mailbox in the user's mailbox
- access key table, replacing any previous mailbox access key (and
- revoking any URLs that were authorized with a URLAUTH using that key)
- in that table. By default, the mailbox access key is generated for
- the INTERNAL mechanism; other mechanisms can be specified with the
- optional mechanism argument.
-
- The second form, with no arguments, removes all mailbox access keys
- in the user's mailbox access key table, revoking all URLs currently
- authorized using URLAUTH by the user.
-
- Any current IMAP session logged in as the user that has the mailbox
- selected will receive an untagged OK response with the URLMECH status
- response code (see section BASE.7.1.URLMECH for more details about
- the URLMECH status response code).
-
- Example:
-
- C: a31 RESETKEY
- S: a31 OK All keys removed
- C: a32 RESETKEY INBOX
- S: a32 OK [URLMECH INTERNAL] mechs
- C: a33 RESETKEY INBOX XSAMPLE
- S: a33 OK [URLMECH INTERNAL XSAMPLE=P34OKhO7VEkCbsiYY8rGEg==] done
-
-
-
-
-
-Crispin Standards Track [Page 8]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-BASE.6.3.GENURLAUTH. GENURLAUTH Command
-
- Argument: one or more URL/mechanism pairs
-
- Response: untagged response: GENURLAUTH
-
- Result: OK - GENURLAUTH completed
- NO - GENURLAUTH error: can't generate a URLAUTH
- BAD - command unknown or arguments invalid
-
- The GENURLAUTH command requests that the server generate a URLAUTH-
- authorized URL for each of the given URLs using the given URL
- authorization mechanism.
-
- The server MUST validate each supplied URL as follows:
-
- (1) The mailbox component of the URL MUST refer to an existing
- mailbox.
-
- (2) The server component of the URL MUST contain a valid userid
- that identifies the owner of the mailbox access key table that
- will be used to generate the URLAUTH-authorized URL. As a
- consequence, the iserver rule of [IMAPURL] is modified so that
- iuserauth is mandatory.
-
- Note: the server component of the URL is generally the
- logged in userid and server. If not, then the logged in
- userid and server MUST have owner-type access to the
- mailbox access key table owned by the userid and server
- indicated by the server component of the URL.
-
- (3) There is a valid access identifier that, in the case of
- "submit+" and "user+", will contain a valid userid. This
- userid is not necessarily the same as the owner userid
- described in (2).
-
- (4) The server MAY also verify that the iuid and/or isection
- components (if present) are valid.
-
- If any of the above checks fail, the server MUST return a tagged BAD
- response with the following exception. If an invalid userid is
- supplied as the mailbox access key owner and/or as part of the access
- identifier, the server MAY issue a tagged OK response with a
- generated mailbox key that always fails validation when used with a
- URLFETCH command. This exception prevents an attacker from
- validating userids.
-
-
-
-
-
-Crispin Standards Track [Page 9]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
- If there is currently no mailbox access key for the given mailbox in
- the owner's mailbox access key table, one is automatically generated.
- That is, it is not necessary to use RESETKEY prior to first-time use
- of GENURLAUTH.
-
- If the command is successful, a GENURLAUTH response code is returned
- listing the requested URLs as URLAUTH-authorized URLs.
-
- Examples:
-
- C: a775 GENURLAUTH "imap://joe@example.com/INBOX/;uid=20/
- ;section=1.2" INTERNAL
- S: a775 BAD missing access identifier in supplied URL
- C: a776 GENURLAUTH "imap://example.com/Shared/;uid=20/
- ;section=1.2;urlauth=submit+fred" INTERNAL
- S: a776 BAD missing owner username in supplied URL
- C: a777 GENURLAUTH "imap://joe@example.com/INBOX/;uid=20/
- ;section=1.2;urlauth=submit+fred" INTERNAL
- S: * GENURLAUTH "imap://joe@example.com/INBOX/;uid=20/;section=1.2
- ;urlauth=submit+fred:internal:91354a473744909de610943775f92038"
- S: a777 OK GENURLAUTH completed
-
-BASE.6.3.URLFETCH. URLFETCH Command
-
- Argument: one or more URLs
-
- Response: untagged response: URLFETCH
-
- Result: OK - urlfetch completed
- NO - urlfetch failed due to server internal error
- BAD - command unknown or arguments invalid
-
- The URLFETCH command requests that the server return the text data
- associated with the specified IMAP URLs, as described in [IMAPURL]
- and extended by this document. The data is returned for all
- validated URLs, regardless of whether or not the session would
- otherwise be able to access the mailbox containing that data via
- SELECT or EXAMINE.
-
- Note: This command does not require that the URL refer to the
- selected mailbox; nor does it require that any mailbox be
- selected. It also does not in any way interfere with any selected
- mailbox.
-
-
-
-
-
-
-
-
-Crispin Standards Track [Page 10]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
- The URLFETCH command effectively executes with the access of the
- userid in the server component of the URL (which is generally the
- userid that issued the GENURLAUTH). By itself, the URLAUTH does NOT
- grant access to the data; once validated, it grants whatever access
- to the data is held by the userid in the server component of the URL.
- That access may have changed since the GENURLAUTH was done.
-
- The URLFETCH command MUST return an untagged URLFETCH response and a
- tagged OK response to any URLFETCH command that is syntactically
- valid. A NO response indicates a server internal failure that may be
- resolved on later retry.
-
- Note: The possibility of a NO response is to accommodate
- implementations that would otherwise have to issue an untagged BYE
- with a fatal error due to an inability to respond to a valid
- request. In an ideal world, a server SHOULD NOT issue a NO
- response.
-
- The server MUST return NIL for any IMAP URL that references an entire
- IMAP server, a list of mailboxes, an entire IMAP mailbox, or IMAP
- search results.
-
- Example:
-
- Note: For clarity, this example uses the LOGIN command, which
- SHOULD NOT be used over a non-encrypted communication path.
-
- This example is of a submit server, obtaining a message segment
- for a message that it has already validated was submitted by
- "fred".
-
- S: * OK [CAPABILITY IMAP4REV1 URLAUTH] example.com IMAP server
- C: a001 LOGIN submitserver secret
- S: a001 OK submitserver logged in
- C: a002 URLFETCH "imap://joe@example.com/INBOX/;uid=20/
- ;section=1.2;urlauth=submit+fred:internal
- :91354a473744909de610943775f92038"
- S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;section=1.2
- ;urlauth=submit+fred:internal
- :91354a473744909de610943775f92038" {28}
- S: Si vis pacem, para bellum.
- S:
- S: a002 OK URLFETCH completed
-
-
-
-
-
-
-
-
-Crispin Standards Track [Page 11]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-8. Additional Responses
-
- These responses are extensions to the [IMAP] base protocol.
-
- The section headings of these responses are intended to correspond
- with where they would be located in the base protocol document if
- they were part of that document.
-
-BASE.7.1.URLMECH. URLMECH Status Response Code
-
- The URLMECH status response code is followed by a list of URL
- authorization mechanism names. Mechanism names other than INTERNAL
- may be appended with an "=" and BASE64-encoded form of mechanism-
- specific data.
-
- This status response code is returned in an untagged OK response in
- response to a RESETKEY, SELECT, or EXAMINE command. In the case of
- the RESETKEY command, this status response code can be sent in the
- tagged OK response instead of requiring a separate untagged OK
- response.
-
- Example:
-
- C: a33 RESETKEY INBOX XSAMPLE
- S: a33 OK [URLMECH INTERNAL XSAMPLE=P34OKhO7VEkCbsiYY8rGEg==] done
-
- In this example, the server supports the INTERNAL mechanism and an
- experimental mechanism called XSAMPLE, which also holds some
- mechanism-specific data (the name "XSAMPLE" is for illustrative
- purposes only).
-
-BASE.7.4.GENURLAUTH. GENURLAUTH Response
-
- Contents: One or more URLs
-
- The GENURLAUTH response returns the URLAUTH-authorized URL(s)
- requested by a GENURLAUTH command.
-
- Example:
-
- C: a777 GENURLAUTH "imap://joe@example.com/INBOX/;uid=20/
- ;section=1.2;urlauth=submit+fred" INTERNAL
- S: * GENURLAUTH "imap://joe@example.com/INBOX/;uid=20/;section=1.2
- ;urlauth=submit+fred:internal:91354a473744909de610943775f92038"
- S: a777 OK GENURLAUTH completed
-
-
-
-
-
-
-Crispin Standards Track [Page 12]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-BASE.7.4.URLFETCH. URLFETCH Response
-
- Contents: One or more URL/nstring pairs
-
- The URLFETCH response returns the message text data associated with
- one or more IMAP URLs, as described in [IMAPURL] and extended by this
- document. This response occurs as the result of a URLFETCH command.
-
- The returned data string is NIL if the URL is invalid for any reason
- (including validation failure). If the URL is valid, but the IMAP
- fetch of the body part returned NIL (this should not happen), the
- returned data string should be the empty string ("") and not NIL.
-
- Note: This command does not require that the URL refer to the
- selected mailbox; nor does it require that any mailbox be
- selected. It also does not in any way interfere with any selected
- mailbox.
-
- Example:
-
- C: a002 URLFETCH "imap://joe@example.com/INBOX/;uid=20/
- ;section=1.2;urlauth=submit+fred:internal
- :91354a473744909de610943775f92038"
- S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;section=1.2
- ;urlauth=submit+fred:internal
- :91354a473744909de610943775f92038" {28}
- S: Si vis pacem, para bellum.
- S:
- S: a002 OK URLFETCH completed
-
-9. Formal Syntax
-
- The following syntax specification uses the Augmented Backus-Naur
- Form (ABNF) notation as specified in [ABNF].
-
- The following modifications are made to the Formal Syntax in [IMAP]:
-
-resetkey = "RESETKEY" [SP mailbox *(SP mechanism)]
-
-capability =/ "URLAUTH"
-
-command-auth =/ resetkey / genurlauth / urlfetch
-
-resp-text-code =/ "URLMECH" SP "INTERNAL" *(SP mechanism ["=" base64])
-
-genurlauth = "GENURLAUTH" 1*(SP url-rump SP mechanism)
-
-genurlauth-data = "*" SP "GENURLAUTH" 1*(SP url-full)
-
-
-
-Crispin Standards Track [Page 13]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-url-full = astring
- ; contains authimapurlfull as defined below
-
-url-rump = astring
- ; contains authimapurlrump as defined below
-
-urlfetch = "URLFETCH" 1*(SP url-full)
-
-urlfetch-data = "*" SP "URLFETCH" 1*(SP url-full SP nstring)
-
- The following extensions are made to the Formal Syntax in [IMAPURL]:
-
-authimapurl = "imap://" enc-user [iauth] "@" hostport "/"
- imessagepart
- ; replaces "imapurl" and "iserver" rules for
- ; URLAUTH authorized URLs
-
-authimapurlfull = authimapurl iurlauth
-
-authimapurlrump = authimapurl iurlauth-rump
-
-enc-urlauth = 32*HEXDIG
-
-enc-user = 1*achar
- ; same as "enc_user" in RFC 2192
-
-iurlauth = iurlauth-rump ":" mechanism ":" enc-urlauth
-
-iurlauth-rump = [expire] ";URLAUTH=" access
-
-access = ("submit+" enc-user) / ("user+" enc-user) /
- "authuser" / "anonymous"
-
-expire = ";EXPIRE=" date-time
- ; date-time defined in [DATETIME]
-
-mechanism = "INTERNAL" / 1*(ALPHA / DIGIT / "-" / ".")
- ; case-insensitive
- ; new mechanisms MUST be registered with IANA
-
-
-
-
-
-
-
-
-
-
-
-
-Crispin Standards Track [Page 14]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-10. Security Considerations
-
- Security considerations are discussed throughout this memo.
-
- The mailbox access key SHOULD have at least 128 bits of entropy
- (refer to [RANDOM] for more details) and MUST be unpredictable.
-
- The server implementation of the INTERNAL mechanism SHOULD consider
- the possibility of needing to change the token generation algorithm,
- and SHOULD incorporate some means of identifying the token generation
- algorithm within the token.
-
- The URLMECH status response code may expose sensitive data in the
- mechanism-specific data for mechanisms other than INTERNAL. A server
- implementation MUST implement a configuration that will not return a
- URLMECH status response code unless some mechanism is provided that
- protects the session from snooping, such as a TLS or SASL security
- layer that provides confidentiality protection.
-
- The calculation of an authorization token with a "plausible" key if
- the mailbox can not be identified is necessary to avoid attacks in
- which the server is probed to see if a particular mailbox exists on
- the server by measuring the amount of time taken to reject a known
- bad name versus some other name.
-
- To protect against a computational denial-of-service attack, a server
- MAY impose progressively longer delays on multiple URL requests that
- fail validation.
-
- The decision to use the "authuser" access identifier should be made
- with caution. An "authuser" access identifier can be used by any
- authorized user of the IMAP server; therefore, use of this access
- identifier should be limited to content that may be disclosed to any
- authorized user of the IMAP server.
-
- The decision to use the "anonymous" access identifier should be made
- with extreme caution. An "anonymous" access identifier can be used
- by anyone; therefore, use of this access identifier should be limited
- to content that may be disclosed to anyone. Many IMAP servers do not
- permit anonymous access; in this case, the "anonymous" access
- identifier is equivalent to "authuser", but this MUST NOT be relied
- upon.
-
- Although this specification does not prohibit the theoretical
- capability to generate a URL with a server component other than the
- logged in userid and server, this capability should only be provided
-
-
-
-
-
-Crispin Standards Track [Page 15]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
- when the logged in userid/server has been authorized as equivalent to
- the server component userid/server, or otherwise has access to that
- userid/server mailbox access key table.
-
-11. IANA Considerations
-
- This document constitutes registration of the URLAUTH capability in
- the imap4-capabilities registry.
-
- URLAUTH authorization mechanisms are registered by publishing a
- standards track or IESG-approved experimental RFC. The registry is
- currently located at:
-
-http://www.iana.org/assignments/urlauth-authorization-mechanism-registry
-
- This registry is case-insensitive.
-
- This document constitutes registration of the INTERNAL URLAUTH
- authorization mechanism.
-
- IMAP URLAUTH Authorization Mechanism Registry
-
- Mechanism Name Reference
- -------------- ---------
- INTERNAL [RFC4467]
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-Crispin Standards Track [Page 16]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-12. Normative References
-
- [ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
- Specifications: ABNF", RFC 4234, October 2005.
-
- [BURL] Newman, C., "Message Submission BURL Extension", RFC 4468,
- May 2006.
-
- [DATETIME] Klyne, G. and C. Newman, "Date and Time on the Internet:
- Timestamps", RFC 3339, July 2002.
-
- [IMAP] Crispin, M., "Internet Message Access Protocol - Version
- 4rev1", RFC 3501, March 2003.
-
- [IMAPURL] Newman, C., "IMAP URL Scheme", RFC 2192, September 1997.
-
- [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
- Requirement Levels", BCP 14, RFC 2119, March 1997.
-
-13. Informative References
-
- [HMAC] Krawczyk, H., Bellare, M., and R. Canetti, "HMAC: Keyed-
- Hashing for Message Authentication", RFC 2104, February
- 1997.
-
- [RANDOM] Eastlake, D., 3rd, Schiller, J., and S. Crocker,
- "Randomness Requirements for Security", BCP 106, RFC 4086,
- June 2005.
-
-Author's Address
-
- Mark R. Crispin
- Networks and Distributed Computing
- University of Washington
- 4545 15th Avenue NE
- Seattle, WA 98105-4527
-
- Phone: (206) 543-5762
- EMail: MRC@CAC.Washington.EDU
-
-
-
-
-
-
-
-
-
-
-
-
-Crispin Standards Track [Page 17]
-
-RFC 4467 IMAP - URLAUTH Extension May 2006
-
-
-Full Copyright Statement
-
- Copyright (C) The Internet Society (2006).
-
- This document is subject to the rights, licenses and restrictions
- contained in BCP 78, and except as set forth therein, the authors
- retain all their rights.
-
- This document and the information contained herein are provided on an
- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
- ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
- INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
- INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
-
-Intellectual Property
-
- The IETF takes no position regarding the validity or scope of any
- Intellectual Property Rights or other rights that might be claimed to
- pertain to the implementation or use of the technology described in
- this document or the extent to which any license under such rights
- might or might not be available; nor does it represent that it has
- made any independent effort to identify any such rights. Information
- on the procedures with respect to rights in RFC documents can be
- found in BCP 78 and BCP 79.
-
- Copies of IPR disclosures made to the IETF Secretariat and any
- assurances of licenses to be made available, or the result of an
- attempt made to obtain a general license or permission for the use of
- such proprietary rights by implementers or users of this
- specification can be obtained from the IETF on-line IPR repository at
- http://www.ietf.org/ipr.
-
- The IETF invites any interested party to bring to its attention any
- copyrights, patents or patent applications, or other proprietary
- rights that may cover technology that may be required to implement
- this standard. Please address the information to the IETF at
- ietf-ipr@ietf.org.
-
-Acknowledgement
-
- Funding for the RFC Editor function is provided by the IETF
- Administrative Support Activity (IASA).
-
-
-
-
-
-
-
-Crispin Standards Track [Page 18]
-
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-07-01 15:51:18 +0000