| < draft-gulbrandsen-imap-response-codes-06.txt | draft-gulbrandsen-imap-response-codes-07.txt > | |||
|---|---|---|---|---|
| Network Working Group Arnt Gulbrandsen | Network Working Group Arnt Gulbrandsen | |||
| Internet-Draft Oryx Mail Systems GmbH | Internet-Draft Oryx Mail Systems GmbH | |||
| Intended Status: Proposed Standard December 4, 2008 | Intended Status: Proposed Standard December 15, 2008 | |||
| IMAP Response Codes | IMAP Response Codes | |||
| draft-gulbrandsen-imap-response-codes-06.txt | draft-gulbrandsen-imap-response-codes-07.txt | |||
| Status of this Memo | Status of this Memo | |||
| This Internet-Draft is submitted to IETF in full conformance with the | This Internet-Draft is submitted to IETF in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Copyright (c) 2008 IETF Trust and the persons identified as the | Copyright (c) 2008 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| skipping to change at page 3, line 43 ¶ | skipping to change at page 3, line 43 ¶ | |||
| S: c NO [AUTHORIZATIONFAILED] No such auth-ID | S: c NO [AUTHORIZATIONFAILED] No such auth-ID | |||
| EXPIRED Authentication succeeded or the server didn't have the | EXPIRED Authentication succeeded or the server didn't have the | |||
| necessary data any more, but access is no longer | necessary data any more, but access is no longer | |||
| permitted using that passphrase. The client or user | permitted using that passphrase. The client or user | |||
| should get a new passphrase. | should get a new passphrase. | |||
| C: d login "fred" "foo" | C: d login "fred" "foo" | |||
| S: d NO [EXPIRED] That password isn't valid any more | S: d NO [EXPIRED] That password isn't valid any more | |||
| PRIVACYREQUIRED The operation is not permitted due to a lack of | ||||
| privacy. If TLS is not in use, the client could try | ||||
| STARTTLS (see [RFC3501] section 6.2.1) and then repeat | ||||
| the operation. | ||||
| C: d login "fred" "foo" | ||||
| S: d NO [PRIVACYREQUIRED] Connection offers no privacy | ||||
| C: d select inbox | ||||
| S: d NO [PRIVACYREQUIRED] Connection offers no privacy | ||||
| Internet-draft December 2008 | ||||
| CONTACTADMIN The user should contact the system administrator or | CONTACTADMIN The user should contact the system administrator or | |||
| support desk. | support desk. | |||
| C: e login "fred" "foo" | C: e login "fred" "foo" | |||
| S: e OK [CONTACTADMIN] | S: e OK [CONTACTADMIN] | |||
| NOPERM The access control system (e.g. ACL, see [RFC4314]) does | NOPERM The access control system (e.g. ACL, see [RFC4314]) does | |||
| not permit this user to carry out an operation, such as | not permit this user to carry out an operation, such as | |||
| selecting or creating a mailbox. | selecting or creating a mailbox. | |||
| C: f select "/archive/projects/experiment-iv" | C: f select "/archive/projects/experiment-iv" | |||
| S: f NO [NOPERM] Access denied | S: f NO [NOPERM] Access denied | |||
| Internet-draft December 2008 | ||||
| INUSE An operation has not been carried out because it involves | INUSE An operation has not been carried out because it involves | |||
| sawing off a branch someone else is sitting on. Someone | sawing off a branch someone else is sitting on. Someone | |||
| else may be holding an exclusive lock needed for this | else may be holding an exclusive lock needed for this | |||
| operation, or it may involve deleting a resource someone | operation, or it may involve deleting a resource someone | |||
| else is using, typically a mailbox. | else is using, typically a mailbox. | |||
| The operation may succeed if the client tries again | The operation may succeed if the client tries again | |||
| later. | later. | |||
| C: g delete "/archive/projects/experiment-iv" | C: g delete "/archive/projects/experiment-iv" | |||
| skipping to change at page 4, line 41 ¶ | skipping to change at page 5, line 5 ¶ | |||
| C: i select "/archive/projects/experiment-iv" | C: i select "/archive/projects/experiment-iv" | |||
| S: i NO [CORRUPTION] Cannot open mailbox | S: i NO [CORRUPTION] Cannot open mailbox | |||
| SERVERBUG The server encountered a bug in itself or violated one of | SERVERBUG The server encountered a bug in itself or violated one of | |||
| its own invariants. | its own invariants. | |||
| C: j select "/archive/projects/experiment-iv" | C: j select "/archive/projects/experiment-iv" | |||
| S: j NO [SERVERBUG] This should not happen | S: j NO [SERVERBUG] This should not happen | |||
| Internet-draft December 2008 | ||||
| CLIENTBUG The server has detected a client bug. This can accompany | CLIENTBUG The server has detected a client bug. This can accompany | |||
| all of OK, NO and BAD, depending on what the client bug | all of OK, NO and BAD, depending on what the client bug | |||
| is. | is. | |||
| C: k1 select "/archive/projects/experiment-iv" | C: k1 select "/archive/projects/experiment-iv" | |||
| [...] | [...] | |||
| S: k1 OK [READ-ONLY] Done | S: k1 OK [READ-ONLY] Done | |||
| C: k2 status "/archive/projects/experiment-iv" (messages) | C: k2 status "/archive/projects/experiment-iv" (messages) | |||
| [...] | [...] | |||
| S: k2 OK [CLIENTBUG] Done | S: k2 OK [CLIENTBUG] Done | |||
| CANNOT The operation violates some invariant of the server and | CANNOT The operation violates some invariant of the server and | |||
| can never succeed. | can never succeed. | |||
| Internet-draft December 2008 | ||||
| C: l create "///////" | C: l create "///////" | |||
| S: l NO [CANNOT] Adjacent slashes is not supported | S: l NO [CANNOT] Adjacent slashes is not supported | |||
| LIMIT The operation ran up against an implementation limit of | LIMIT The operation ran up against an implementation limit of | |||
| some kind, such as the number of flags on a single | some kind, such as the number of flags on a single | |||
| message or number of flags used in a mailbox. | message or number of flags used in a mailbox. | |||
| C: m STORE 42 FLAGS f1 f2 f3 f4 f5 ... f250 | C: m STORE 42 FLAGS f1 f2 f3 f4 f5 ... f250 | |||
| S: m NO [LIMIT] At most 32 flags in one mailbox supported | S: m NO [LIMIT] At most 32 flags in one mailbox supported | |||
| skipping to change at page 5, line 39 ¶ | skipping to change at page 6, line 5 ¶ | |||
| S: n2 OK [OVERQUOTA] You are now over your soft quota | S: n2 OK [OVERQUOTA] You are now over your soft quota | |||
| ALREADYEXISTS The operation attempts to create something which | ALREADYEXISTS The operation attempts to create something which | |||
| already exists, such as when the CREATE or RENAME | already exists, such as when the CREATE or RENAME | |||
| directories attempt to create a mailbox and there is one | directories attempt to create a mailbox and there is one | |||
| of that name. | of that name. | |||
| C: o RENAME this that | C: o RENAME this that | |||
| S: o NO [ALREADYEXISTS] Mailbox "that" already exists | S: o NO [ALREADYEXISTS] Mailbox "that" already exists | |||
| Internet-draft December 2008 | ||||
| NONEXISTENT The operation attempts to delete something which does not | NONEXISTENT The operation attempts to delete something which does not | |||
| exist. Similar to ALREADYEXISTS. | exist. Similar to ALREADYEXISTS. | |||
| C: p RENAME this that | C: p RENAME this that | |||
| S: p NO [NONEXISTENT] No such mailbox | S: p NO [NONEXISTENT] No such mailbox | |||
| 4. Formal Syntax | 4. Formal Syntax | |||
| The following syntax specification uses the Augmented Backus-Naur | The following syntax specification uses the Augmented Backus-Naur | |||
| Form (ABNF) notation as specified in [RFC5234]. [RFC3501] defines the | Form (ABNF) notation as specified in [RFC5234]. [RFC3501] defines the | |||
| non-terminal "resp-text-code". | non-terminal "resp-text-code". | |||
| Except as noted otherwise, all alphabetic characters are case- | Except as noted otherwise, all alphabetic characters are case- | |||
| insensitive. The use of upper or lower case characters to define | insensitive. The use of upper or lower case characters to define | |||
| token strings is for editorial clarity only. | token strings is for editorial clarity only. | |||
| Internet-draft December 2008 | resp-text-code =/ "UNAVAILABLE" / "AUTHENTICATIONFAILED" / | |||
| resp-text-code =/ "UNAVAILABLE" / "AUTHENTICATIONFAILED" / | ||||
| "AUTHORIZATIONFAILED" / "EXPIRED" / | "AUTHORIZATIONFAILED" / "EXPIRED" / | |||
| "CONTACTADMIN" / "NOPERM" / "INUSE" / | "PRIVACYREQUIRED" / "CONTACTADMIN" / "NOPERM" / | |||
| "EXPUNGEISSUED" / "CORRUPTION" / "SERVERBUG" / | "INUSE" / "EXPUNGEISSUED" / "CORRUPTION" / | |||
| "CLIENTBUG" / "CANNOT" / "LIMIT" / "OVERQUOTA" | "SERVERBUG" / "CLIENTBUG" / "CANNOT" / "LIMIT" | |||
| / "ALREADYEXISTS" / "NONEXISTENT" | / "OVERQUOTA" / "ALREADYEXISTS" / "NONEXISTENT" | |||
| 5. Security considerations | 5. Security considerations | |||
| Revealing information about a passphrase to unauthenticated IMAP | Revealing information about a passphrase to unauthenticated IMAP | |||
| clients has bad karma. | clients has bad karma. | |||
| Response codes are easier to parse than human-readable text. This can | Response codes are easier to parse than human-readable text. This can | |||
| amplify the consequences of an information leak. For example, | amplify the consequences of an information leak. For example, | |||
| selecting a mailbox can fail because the mailbox doesn't exist, | selecting a mailbox can fail because the mailbox doesn't exist, | |||
| because the user doesn't have the "l" right (right to know the | because the user doesn't have the "l" right (right to know the | |||
| mailbox exists) or "r" (right to read the mailbox). If the server | mailbox exists) or "r" (right to read the mailbox). If the server | |||
| sent different responses in the first two cases in the past, only | sent different responses in the first two cases in the past, only | |||
| malevolent clients would discover it. With response codes it's | malevolent clients would discover it. With response codes it's | |||
| possible, perhaps probable, that benevolent clients forward the | possible, perhaps probable, that benevolent clients forward the | |||
| leaked information to the user. Server authors are encouraged to be | leaked information to the user. Server authors are encouraged to be | |||
| particularly careful with the NOPERM and authentication-related | particularly careful with the NOPERM and authentication-related | |||
| responses. | responses. | |||
| Internet-draft December 2008 | ||||
| 6. IANA considerations | 6. IANA considerations | |||
| The IANA is requested to create a new registry, tentatively named | The IANA is requested to create a new registry, tentatively named | |||
| imap-response-codes, and populate it as follows: | imap-response-codes, and populate it as follows: | |||
| REFERRAL RFC 2221 | REFERRAL RFC 2221 | |||
| ALERT RFC 3501 | ALERT RFC 3501 | |||
| BADCHARSET RFC 3501 | BADCHARSET RFC 3501 | |||
| PARSE RFC 3501 | PARSE RFC 3501 | |||
| PERMANENTFLAGS RFC 3501 | PERMANENTFLAGS RFC 3501 | |||
| skipping to change at page 7, line 4 ¶ | skipping to change at page 7, line 29 ¶ | |||
| TRYCREATE RFC 3501 | TRYCREATE RFC 3501 | |||
| UIDNEXT RFC 3501 | UIDNEXT RFC 3501 | |||
| UIDVALIDITY RFC 3501 | UIDVALIDITY RFC 3501 | |||
| UNSEEN RFC 3501 | UNSEEN RFC 3501 | |||
| UNKNOWN-CTE RFC 3516 | UNKNOWN-CTE RFC 3516 | |||
| UIDNOTSTICKY RFC 4315 | UIDNOTSTICKY RFC 4315 | |||
| APPENDUID RFC 4315 | APPENDUID RFC 4315 | |||
| COPYUID RFC 4315 | COPYUID RFC 4315 | |||
| URLMECH RFC 4467 | URLMECH RFC 4467 | |||
| TOOBIG RFC 4469 | TOOBIG RFC 4469 | |||
| Internet-draft December 2008 | ||||
| BADURL RFC 4469 | BADURL RFC 4469 | |||
| HIGHESTMODSEQ RFC 4551 | HIGHESTMODSEQ RFC 4551 | |||
| NOMODSEQ RFC 4551 | NOMODSEQ RFC 4551 | |||
| MODIFIED RFC 4551 | MODIFIED RFC 4551 | |||
| COMPRESSIONACTIVE RFC 4978 | COMPRESSIONACTIVE RFC 4978 | |||
| CLOSED RFC 5162 | CLOSED RFC 5162 | |||
| BADCOMPARATOR RFC 5255 | BADCOMPARATOR RFC 5255 | |||
| ANNOTATE RFC 5257 | ANNOTATE RFC 5257 | |||
| METADATA RFC (draft-daboo-imap-annotatemore-16.txt) | METADATA RFC (draft-daboo-imap-annotatemore-16.txt) | |||
| UNAVAILABLE RFC (this) | UNAVAILABLE RFC (this) | |||
| AUTHENTICATIONFAILED RFC (this) | AUTHENTICATIONFAILED RFC (this) | |||
| AUTHORIZATIONFAILED RFC (this) | AUTHORIZATIONFAILED RFC (this) | |||
| EXPIRED RFC (this) | EXPIRED RFC (this) | |||
| PRIVACYREQUIRED RFC (this) | ||||
| CONTACTADMIN RFC (this) | CONTACTADMIN RFC (this) | |||
| NOPERM RFC (this) | NOPERM RFC (this) | |||
| INUSE RFC (this) | INUSE RFC (this) | |||
| EXPUNGEISSUED RFC (this) | EXPUNGEISSUED RFC (this) | |||
| CORRUPTION RFC (this) | CORRUPTION RFC (this) | |||
| SERVERBUG RFC (this) | SERVERBUG RFC (this) | |||
| CLIENTBUG RFC (this) | CLIENTBUG RFC (this) | |||
| CANNOT RFC (this) | CANNOT RFC (this) | |||
| LIMIT RFC (this) | LIMIT RFC (this) | |||
| OVERQUOTA RFC (this) | OVERQUOTA RFC (this) | |||
| ALREADYEXISTS RFC (this) | ALREADYEXISTS RFC (this) | |||
| NONEXISTENT RFC (this) | NONEXISTENT RFC (this) | |||
| Internet-draft December 2008 | ||||
| The RFC editor is requested to delete this entire text, and insert a | The RFC editor is requested to delete this entire text, and insert a | |||
| sentence or two mentioning the registry's URL instead. | sentence or two mentioning the registry's URL instead. | |||
| The new registry should only be extended by publishing an RFC. The | The new registry should only be extended by publishing an RFC. The | |||
| IANA may to add placeholders for internet-drafts at its discretion. | IANA may to add placeholders for internet-drafts at its discretion. | |||
| 7. Acknowledgements | 7. Acknowledgements | |||
| Peter Coates, Mark Crispin, Philip Guenther, Philip Van Hoof, Alexey | Peter Coates, Mark Crispin, Philip Guenther, Philip Van Hoof, Alexey | |||
| Melnikov, Ken Murchison, Chris Newman, Timo Sirainen, Dale Wiggins | Melnikov, Ken Murchison, Chris Newman, Timo Sirainen, Dale Wiggins | |||
| skipping to change at page 8, line 5 ¶ | skipping to change at page 8, line 28 ¶ | |||
| 8. Normative References | 8. Normative References | |||
| [RFC3501] Crispin, "Internet Message Access Protocol - Version | [RFC3501] Crispin, "Internet Message Access Protocol - Version | |||
| 4rev1", RFC 3501, University of Washington, June 2003. | 4rev1", RFC 3501, University of Washington, June 2003. | |||
| [RFC5234] Crocker, Overell, "Augmented BNF for Syntax | [RFC5234] Crocker, Overell, "Augmented BNF for Syntax | |||
| Specifications: ABNF", RFC 5234, Brandenburg | Specifications: ABNF", RFC 5234, Brandenburg | |||
| Internetworking, THUS plc, January 2008. | Internetworking, THUS plc, January 2008. | |||
| Internet-draft December 2008 | ||||
| 9. Informative References | 9. Informative References | |||
| [RFC2087] Myers, "IMAP4 QUOTA extension", RFC 2087, Carnegie Mellon, | [RFC2087] Myers, "IMAP4 QUOTA extension", RFC 2087, Carnegie Mellon, | |||
| January 1997. | January 1997. | |||
| [RFC2180] Gahrns, "IMAP4 Multi-Accessed Mailbox Practice", RFC 2180, | [RFC2180] Gahrns, "IMAP4 Multi-Accessed Mailbox Practice", RFC 2180, | |||
| Microsoft, July 1997. | Microsoft, July 1997. | |||
| [RFC4314] Melnikov, "IMAP4 Access Control List (ACL) Extension", RFC | [RFC4314] Melnikov, "IMAP4 Access Control List (ACL) Extension", RFC | |||
| 4314, December 2005. | 4314, December 2005. | |||
| skipping to change at line 462 ¶ | skipping to change at page 11, line 10 ¶ | |||
| - Added METADATA, which I had overlooked. | - Added METADATA, which I had overlooked. | |||
| - Turned ANNOTATE <VARIOUS> into just ANNOTATE, added METADATA | - Turned ANNOTATE <VARIOUS> into just ANNOTATE, added METADATA | |||
| <VARIOUS> in the same way. | <VARIOUS> in the same way. | |||
| Internet-draft December 2008 | Internet-draft December 2008 | |||
| Changes since -05 | Changes since -05 | |||
| - Fix typo (by rewriting the sentence) | - Fix typo (by rewriting the sentence) | |||
| Changes since -06 | ||||
| - added PRIVACYREQUIRED | ||||
| - Random formatting, since this now close to RFC | ||||
| End of changes. 15 change blocks. | ||||
| 18 lines changed or deleted | 29 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||