idnits 2.17.1 draft-ietf-imapext-i18n-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** It looks like you're using RFC 3978 boilerplate. You should update this to the boilerplate described in the IETF Trust License Policy document (see https://trustee.ietf.org/license-info), which is required now. -- Found old boilerplate from RFC 3978, Section 5.1 on line 14. -- Found old boilerplate from RFC 3978, Section 5.5, updated by RFC 4748 on line 747. -- Found old boilerplate from RFC 3979, Section 5, paragraph 1 on line 719. -- Found old boilerplate from RFC 3979, Section 5, paragraph 2 on line 726. -- Found old boilerplate from RFC 3979, Section 5, paragraph 3 on line 732. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 2007) is 6089 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) ** Obsolete normative reference: RFC 3501 (Obsoleted by RFC 9051) ** Obsolete normative reference: RFC 4234 (Obsoleted by RFC 5234) ** Obsolete normative reference: RFC 4646 (Obsoleted by RFC 5646) == Outdated reference: A later version (-20) exists of draft-ietf-imapext-sort-18 == Outdated reference: A later version (-07) exists of draft-crispin-collation-unicasemap-04 -- Obsolete informational reference (is this intentional?): RFC 3490 (Obsoleted by RFC 5890, RFC 5891) -- No information found for draft-daboo-imap- - is the name correct? Summary: 4 errors (**), 0 flaws (~~), 3 warnings (==), 9 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 1 Network Working Group Chris Newman 2 Internet-Draft Sun Microsystems 3 Intended Status: Proposed Standard Arnt Gulbrandsen 4 Oryx Mail Systems GmhH 5 August 2007 7 Internet Message Access Protocol Internationalization 8 draft-ietf-imapext-i18n-12.txt 10 Status of this Memo 11 By submitting this Internet-Draft, each author represents that any 12 applicable patent or other IPR claims of which he or she is aware 13 have been or will be disclosed, and any of which he or she becomes 14 aware will be disclosed, in accordance with Section 6 of BCP 79. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six 22 months and may be updated, replaced, or obsoleted by other documents 23 at any time. It is inappropriate to use Internet-Drafts as 24 reference material or to cite them other than as "work in progress". 26 The list of current Internet-Drafts can be accessed at 27 http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet- 28 Draft Shadow Directories can be accessed at 29 http://www.ietf.org/shadow.html. 31 This Internet-Draft expires in February 2008. 33 Copyright Notice 35 Copyright (C) The IETF Trust (2007). 37 Abstract 39 Internet Message Access Protocol (IMAP) version 4rev1 has basic 40 support for non-ASCII characters in mailbox names and search 41 substrings. It also supports non-ASCII message headers and content 42 encoded as specified by Multipurpose Internet Mail Extensions 43 (MIME). This specification defines a collection of IMAP extensions 44 which improve international support including comparator negotiation 45 for search, sort and thread, language negotiation for international 47 Internet-draft August 2007 49 error text, and translations for namespace prefixes. 51 Table of Contents 53 1. Conventions Used in this Document . . . . . . . . . . . . . . 2 54 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 55 3. LANGUAGE Extension . . . . . . . . . . . . . . . . . . . . . 3 56 3.1 LANGUAGE Extension Requirements . . . . . . . . . . . . . . . 3 57 3.2 LANGUAGE Command . . . . . . . . . . . . . . . . . . . . . . 4 58 3.3 LANGUAGE Response . . . . . . . . . . . . . . . . . . . . . . 6 59 3.4 TRANSLATION Extension to the NAMESPACE Response . . . . . . . 6 60 3.5 Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 6 61 4. COMPARATOR Extension . . . . . . . . . . . . . . . . . . . . 7 62 4.1 COMPARATOR Extension Requirements . . . . . . . . . . . . . . 8 63 4.2 Comparators and Charsets . . . . . . . . . . . . . . . . . . 9 64 4.3 COMPARATOR Command . . . . . . . . . . . . . . . . . . . . . 9 65 4.4 COMPARATOR Response . . . . . . . . . . . . . . . . . . . . . 10 66 4.5 Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 10 67 5. Other IMAP Internationalization Issues . . . . . . . . . . . 11 68 5.1 UTF-8 Userids and Passwords . . . . . . . . . . . . . . . . . 11 69 5.2 UTF-8 Mailbox Names . . . . . . . . . . . . . . . . . . . . . 11 70 5.3 UTF-8 Domains, Addresses and Mail Headers . . . . . . . . . . 11 71 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 72 7. Security Considerations . . . . . . . . . . . . . . . . . . . 12 73 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 12 74 9. Relevant Standards for i18n IMAP Implementations . . . . . . 13 75 Normative References . . . . . . . . . . . . . . . . . . . . 13 76 Informative References . . . . . . . . . . . . . . . . . . . 14 77 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 15 78 Intellectual Property and Copyright Statements . . . . . . . 16 80 Conventions Used in This Document 82 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 83 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 84 document are to be interpreted as described in [RFC2119]. 86 The formal syntax use the Augmented Backus-Naur Form (ABNF) 87 [RFC4234] notation including the core rules defined in Appendix A. 88 The UTF8-related productions are defined in [RFC3629]. 90 In examples, "C:" and "S:" indicate lines sent by the client and 91 server respectively. If a single "C:" or "S:" label applies to 92 multiple lines, then the line breaks between those lines are for 93 editorial clarity only and are not part of the actual protocol 94 exchange. 96 Internet-draft August 2007 98 2. Introduction 100 This specification defines two IMAP4rev1 [RFC3501] extensions to 101 enhance international support. These extensions can be advertised 102 and implemented separately. 104 The LANGUAGE extension allows the client to request a suitable 105 language for protocol error messages and in combination with the 106 NAMESPACE extension [RFC2342] enables namespace translations. 108 The COMPARATOR extension allows the client to request a suitable 109 collation which will modify the behavior of the base specification's 110 SEARCH command as well as the SORT and THREAD extensions [SORT]. 111 This leverages the collation registry [RFC4790]. 113 3. LANGUAGE Extension 115 IMAP allows server responses to include human-readable text that in 116 many cases needs to be presented to the user. But that text is 117 limited to US-ASCII by the IMAP specification [RFC3501] in order to 118 preserve backwards compatibility with deployed IMAP implementations. 119 This section specifies a way for an IMAP client to negotiate which 120 language the server should use when sending human-readable text. 122 The LANGUAGE extension only provides a mechanism for altering fixed 123 server strings such as response text and NAMESPACE folder names. 124 Assigning localized language aliases to shared mailboxes would be 125 done with a separate mechanism such as the proposed METADATA 126 extension (see [METADATA]). 128 3.1 LANGUAGE Extension Requirements 130 IMAP servers that support this extension MUST list the keyword 131 LANGUAGE in their CAPABILITY response as well as in the greeting 132 CAPABILITY data. 134 A server that advertises this extension MUST use the language "i- 135 default" as described in [RFC2277] as its default language until 136 another supported language is negotiated by the client. A server 137 MUST include "i-default" as one of its supported languages. 139 Clients and servers that support this extension MUST also support 140 the NAMESPACE extension [RFC2342]. 142 The LANGUAGE command is valid in all states. Clients are urged to 143 issue LANGUAGE before authentication, since some servers send 145 Internet-draft August 2007 147 valuable user information as part of authentication (e.g. "password 148 is correct, but expired"). 150 3.2 LANGUAGE Command 152 Arguments: Optional language range arguments. 154 Response: A possible LANGUAGE response (see section 3.3). 155 A possible NAMESPACE response (see section 3.4). 157 Result: OK - Command completed 158 NO - Could not complete command 159 BAD - arguments invalid 161 The LANGUAGE command requests that human-readable text emitted by 162 the server be localized to a language matching one of the language 163 range argument as described by section 2 of [RFC4647]. 165 If the command succeeds, the server will return human-readable 166 responses in the first supported language specified. These 167 responses will be in UTF-8 [RFC3629]. The server MUST send a 168 LANGUAGE response specifying the language used, and the change takes 169 effect immediately after the LANGUAGE response. 171 If the command fails, the server continues to return human-readable 172 responses in the language it was previously using. 174 The special "default" language range argument indicates a request to 175 use a language designated as preferred by the server administrator. 176 The preferred language MAY vary based on the currently active user. 178 If a language range does not match a known language tag exactly but 179 does match a language by the rules of [RFC4647], the server MUST 180 send an untagged LANGUAGE response indicating the language selected. 182 If there aren't any arguments, the server SHOULD send an untagged 183 LANGUAGE response listing the languages it supports. If the server 184 is unable to enumerate the list of languages it supports it MAY 185 return a tagged NO response to the enumeration request. 187 < The server defaults to using English i-default responses until 188 the user explicitly changes the language. > 190 C: A001 LOGIN KAREN PASSWORD 191 S: A001 OK LOGIN completed 193 < Client requested MUL language, which no server supports. > 195 Internet-draft August 2007 197 C: A002 LANGUAGE MUL 198 S: A002 NO Unsupported language MUL 200 < A LANGUAGE command with no arguments is a request to enumerate 201 the list of languages the server supports. > 203 C: A003 LANGUAGE 204 S: * LANGUAGE (EN DE IT i-default) 205 S: A003 OK Supported languages have been enumerated 207 C: B001 LANGUAGE 208 S: B001 NO Server is unable to enumerate supported languages 210 < Once the client changes the language, all responses will be in 211 that language starting after the LANGUAGE response. Note that 212 this includes the NAMESPACE response. Because RFCs are in US- 213 ASCII, this document uses an ASCII transcription rather than 214 UTF-8 text, e.g. ue in the word "ausgefuehrt" > 216 C: C001 LANGUAGE DE 217 S: * LANGUAGE (DE) 218 S: * NAMESPACE (("" "/")) (("Other Users/" "/" "TRANSLATION" 219 ("Andere Ben&APw-tzer/"))) (("Public Folders/" "/" 220 "TRANSLATION" ("Gemeinsame Mailboxen/"))) 221 S: C001 OK Sprachwechsel durch LANGUAGE-Befehl ausgefuehrt 223 < If a server does not support the requested primary language, 224 responses will continue to be returned in the current language 225 the server is using. > 227 C: D001 LANGUAGE FR 228 S: D001 NO Diese Sprache ist nicht unterstuetzt 229 C: D002 LANGUAGE DE-IT 230 S: * LANGUAGE (DE-IT) 231 S: * NAMESPACE (("" "/"))(("Other Users/" "/" "TRANSLATION" 232 ("Andere Ben&APw-tzer/"))) (("Public Folders/" "/" 233 "TRANSLATION" ("Gemeinsame Mailboxen/"))) 234 S: D002 OK Sprachwechsel durch LANGUAGE-Befehl ausgefuehrt 235 C: D003 LANGUAGE "default" 236 S: * LANGUAGE (DE) 237 S: D003 OK Sprachwechsel durch LANGUAGE-Befehl ausgefuehrt 239 < Server does not speak French, but does speak English. User 240 speaks Canadian French and Canadian English. > 242 C: E001 LANGUAGE FR-CA EN-CA 243 S: * LANGUAGE (EN) 244 S: E001 OK Now speaking English 246 Internet-draft August 2007 248 3.3 LANGUAGE Response 250 Contents: A list of one or more language tags. 252 The LANGUAGE response occurs as a result of a LANGUAGE command. A 253 LANGUAGE response with a list containing a single language tag 254 indicates that the server is now using that language. A LANGUAGE 255 response with a list containing multiple language tags indicates the 256 server is communicating a list of available languages to the client, 257 and no change in the active language has been made. 259 3.4 TRANSLATION Extension to the NAMESPACE Response 261 If localized representations of the namespace prefixes are available 262 in the selected language, the server SHOULD include these in the 263 TRANSLATION extension to the NAMESPACE response. 265 The TRANSLATION extension to the NAMESPACE response returns a single 266 string, containing the modified UTF-7 [RFC3501] encoded translation 267 of the namespace prefix. It is the responsibility of the client to 268 convert between the namespace prefix and the translation of the 269 namespace prefix when presenting mailbox names to the user. 271 In this example a server supports the IMAP4 NAMESPACE command. It 272 uses no prefix to the user's Personal Namespace, a prefix of "Other 273 Users" to its Other Users' Namespace and a prefix of "Public 274 Folders" to its only Shared Namespace. Since a client will often 275 display these prefixes to the user, the server includes a 276 translation of them that can be presented to the user. 278 C: A001 LANGUAGE DE-IT 279 S: * NAMESPACE (("" "/")) (("Other Users/" "/" "TRANSLATION" 280 ("Andere Ben&APw-tzer/"))) (("Public Folders/" "/" 281 "TRANSLATION" ("Gemeinsame Mailboxen/"))) 282 S: A001 OK LANGUAGE-Befehl ausgefuehrt 284 3.5 Formal Syntax 286 The following syntax specification inherits ABNF [RFC4234] rules 287 from IMAP4rev1 [RFC3501], IMAP4 Namespace [RFC2342], Tags for the 288 Identifying Languages [RFC4646], UTF-8 [RFC3629] and Collected 289 Extensions to IMAP4 ABNF [RFC4466]. 291 command-any =/ language-cmd 292 ; LANGUAGE command is valid in all states 294 Internet-draft August 2007 296 language-cmd = "LANGUAGE" *(SP lang-range-quoted) 298 response-payload =/ language-data 300 language-data = "LANGUAGE" SP "(" lang-tag-quoted *(SP 301 lang-tag-quoted) ")" 303 namespace-trans = SP DQUOTE "TRANSLATION" DQUOTE SP "(" string ")" 304 ; the string is encoded in Modified UTF-7. 305 ; this is a subset of the syntax permitted by 306 ; the Namespace-Response-Extension rule in [RFC4466] 308 lang-range-quoted = astring 309 ; Once any literal wrapper or quoting is removed, this 310 ; follows the language-range rule in [RFC4647] 312 lang-tag-quoted = astring 313 ; Once any literal wrapper or quoting is removed, this follows 314 ; the Language-Tag rule in [RFC4646] 316 resp-text = ["[" resp-text-code "]" SP ] UTF8-TEXT-CHAR 317 *(UTF8-TEXT-CHAR / "[") 318 ; After the server is changed to a language other than 319 ; i-default, this resp-text rule replaces the resp-text 320 ; rule from [RFC3501]. 322 UTF8-TEXT-CHAR = %x20-5A / %x5C-7E / UTF8-2 / UTF8-3 / UTF8-4 323 ; UTF-8 excluding 7-bit control characters and "[" 325 4. COMPARATOR Extension 327 IMAP4rev1 [RFC3501] includes the SEARCH command which can be used to 328 locate messages matching criteria including human-readable text. 329 The SORT extension [SORT] to IMAP allows the client to ask the 330 server to determine the order of messages based on criteria 331 including human-readable text. These mechanisms require the ability 332 to support non-English search and sort functions. 334 This section defines an IMAP extension to negotiate use of 335 comparators [RFC4790] to internationalize IMAP SEARCH, SORT and 336 THREAD. The IMAP extension consists of a new command to determine 337 or change the active comparator and a new response to indicate the 338 active comparator and possibly other available comparators. 340 The term "default comparator" refers to the comparator which is used 341 by SEARCH and SORT absent any negotiation using the COMPARATOR 342 command. The term "active comparator" refers to the comparator 344 Internet-draft August 2007 346 which will be used within a session e.g. by SEARCH and SORT. The 347 COMPARATOR command is used to change the active comparator. 349 The active comparator applies to the following SEARCH keys: "BCC", 350 "BODY", "CC", "FROM", "SUBJECT", "TEXT", "TO" and "HEADER". If the 351 server also advertises the "SORT" extension, then the active 352 comparator applies to the following SORT keys: "CC", "FROM", 353 "SUBJECT" and "TO". If the server advertises THREAD=ORDEREDSUBJECT, 354 then the active comparator applies to the ORDEREDSUBJECT threading 355 algorithm. If the server advertises THREAD=REFERENCES, then the 356 active comparator applies to the subject field comparisons done by 357 REFERENCES threading algorithm. Future extensions may choose to 358 apply the active comparator to their SEARCH keys. 360 For SORT and THREAD, the pre-processing necessary to extract the 361 base subject text from a Subject header occurs prior to the 362 application of a comparator. 364 4.1 COMPARATOR Extension Requirements 366 IMAP servers that support this extension MUST list the keyword 367 COMPARATOR in their CAPABILITY data once IMAP enters authenticated 368 state, and MAY list that keyword in other states. 370 A server that advertises this extension MUST implement the i;ascii- 371 casemap and i;octet comparators, as defined in [RFC4790]. A server 372 intended to be deployed globally MUST implement the i;unicode- 373 casemap comparator, as defined in [UCM]. 375 A server that advertises this extension SHOULD use i;ascii-casemap 376 as the default comparator. The selection of the default comparator 377 MAY be adjustable by the server administrator, and MAY be sensitive 378 to the current user. Once the IMAP connection enters authenticated 379 state, the default comparator MUST remain static for the remainder 380 of that connection. 382 A server that advertises this extension MUST support UTF-8 as a 383 SEARCH charset. 385 The COMPARATOR command is valid in authenticated and selected 386 states. 388 Note that since SEARCH uses the substring operation, IMAP servers 389 can only implement collations that offer the substring operation 390 (see [RFC4790 section 4.2.2). Since SORT uses ordering operation 391 (and by implication equality), IMAP servers which advertise the SORT 392 extension can only implement collations that offer all three 394 Internet-draft August 2007 396 operations (see [RFC4790] sections 4.2.2-4). 398 If the active collation does not provide the operations needed by an 399 IMAP command, the server MUST respond with a tagged BAD. 401 4.2 Comparators and Character Encodings 403 When SEARCH, SORT, THREAD or another command needs to perform 404 collation operations on messages (or on the command's arguments), 405 the server MUST remove MIME encoding (see [RFC2047] for headers and 406 [RFC2045] for bodyparts) and convert character encodings compatibly 407 before doing the collation operation. 409 Strings encoded using unknown character encodings should sort 410 together with invalid input (as defined by the active collation) for 411 the SORT and THREAD commands. 413 4.3 COMPARATOR Command 415 Arguments: Optional comparator order arguments. 417 Response: A possible COMPARATOR response (see Section 4.4). 419 Result: OK - Command completed 420 NO - No matching comparator found 421 BAD - arguments invalid 423 The COMPARATOR command is used to determine or change the active 424 comparator. When issued with no arguments, it results in a 425 COMPARATOR response indicating the currently active comparator. 427 When issued with one or more comparator argument, it changes the 428 active comparator as directed. (If more than one installed 429 comparator is matched by an argument, the first argument wins.) The 430 COMPARATOR response lists all matching comparators if more than one 431 matches the specified patterns. 433 The argument "default" refers to the server's default comparator. 434 Otherwise each argument is an collation specification as defined in 435 the Internet Application Protocol Comparator Registry [RFC4790]. 437 < The client requests activating a Czech comparator if possible, 438 or else a generic international comparator which it considers 439 suitable for Czech. The server picks the first supported 440 comparator. > 442 Internet-draft August 2007 444 C: A001 COMPARATOR "cz;*" i;basic 445 S: * COMPARATOR i;basic 446 S: A001 OK Will use i;basic for collation 448 4.4 COMPARATOR Response 450 Contents: The active comparator. 451 An optional list of available matching comparators 453 The COMPARATOR response occurs as a result of a COMPARATOR command. 454 The first argument in the comparator response is the name of the 455 active comparator. The second argument is a list of comparators 456 which matched any of the arguments to the COMPARATOR command and is 457 present only if more than one match is found. 459 4.5 Formal Syntax 461 The following syntax specification inherits ABNF [RFC4234] rules 462 from IMAP4rev1 [RFC3501], and Internet Application Protocol 463 Comparator Registry [RFC4790]. 465 command-auth =/ comparator-cmd 467 resp-text-code =/ "BADCOMPARATOR" / "BADMATCH" 469 comparator-cmd = "COMPARATOR" *(SP comp-order-quoted) 471 response-payload =/ comparator-data 473 comparator-data = "COMPARATOR" SP comp-sel-quoted [SP "(" 474 comp-id-quoted *(SP comp-id-quoted) ")"] 476 comp-id-quoted = astring 477 ; Once any literal wrapper or quoting is removed, this 478 ; follows the collation-id rule from [RFC4790] 480 comp-order-quoted = astring 481 ; Once any literal wrapper or quoting is removed, this 482 ; follows the collation-order rule from [RFC4790] 484 comp-sel-quoted = astring 485 ; Once any literal wrapper or quoting is removed, this 486 ; follows the collation-selected rule from [RFC4790] 488 Internet-draft August 2007 490 5. Other IMAP Internationalization Issues 492 The following sections provide an overview of various other IMAP 493 internationalization issues. These issues are not resolved by this 494 specification, but could be resolved by other standards work, such 495 as that being done by the EAI group (see [IMAP-EAI]). 497 5.1 Unicode Userids and Passwords 499 IMAP4rev1 presently restricts the userid and password fields of the 500 LOGIN command to US-ASCII. The "userid" and "password" fields of the 501 IMAP LOGIN command are restricted to US-ASCII only until a future 502 standards track RFC states otherwise. Servers are encouraged to 503 validate both fields to make sure they conform to the formal syntax 504 of UTF-8 and to reject the LOGIN command if that syntax is violated. 505 Servers MAY reject the use of any 8-bit in the "userid" or 506 "password" field. 508 When AUTHENTICATE is used, some servers may support userids and 509 passwords in Unicode [RFC3490] since SASL (see [RFC4422]) allows 510 that. However, such userids cannot be used as part of email 511 addresses. 513 5.2 UTF-8 Mailbox Names 515 The modified UTF-7 mailbox naming convention described in section 516 5.1.3 of RFC 3501 is best viewed as an transition from the status 517 quo in 1996 when modified UTF-7 was first specified. At that time, 518 there was widespread unofficial use of local character sets such as 519 ISO-8859-1 and Shift-JIS for non-ASCII mailbox names, with resultant 520 non-interoperability. 522 The requirements in section 5.1 of RFC 3501 are very important if 523 we're ever going to be able to deploy UTF-8 mailbox names. Servers 524 are encouraged to enforce them. 526 5.3 UTF-8 Domains, Addresses and Mail Headers 528 There is now an IETF standard for Internationalizing Domain Names in 529 Applications [RFC3490]. While IMAP clients are free to support this 530 standard, an argument can be made that it would be helpful to simple 531 clients if the IMAP server could perform this conversion (the same 532 argument would apply to MIME header encoding [RFC2047]). However, 534 Internet-draft August 2007 536 it would be unwise to move forward with such work until the work in 537 progress to define the format of international email addresses is 538 complete. 540 6. IANA Considerations 542 The IANA is requested to add LANGUAGE and COMPARATOR to the IMAP4 543 Capabilities Registry. [Note to IANA: 544 http://www.iana.org/assignments/imap4-capabilities] 546 7. Security Considerations 548 The LANGUAGE extension makes a new command available in "Not 549 Authenticated" state in IMAP. Some IMAP implementations run with 550 root privilege when the server is in "Not Authenticated" state and 551 do not revoke that privilege until after authentication is complete. 552 Such implementations are particularly vulnerable to buffer overflow 553 security errors at this stage and need to implement parsing of this 554 command with extra care. 556 A LANGUAGE command issued prior to activation of a security layer is 557 subject to an active attack which suppresses or modifies the 558 negotiation and thus makes STARTTLS or authentication error messages 559 more difficult to interpret. This is not a new attack as the error 560 messages themselves are subject to active attack. Clients MUST re- 561 issue the LANGUAGE command once a security layer is active, so this 562 does not impact subsequent protocol operations. 564 Both the LANGUAGE and COMPARATOR extensions use the UTF-8 charset, 565 thus the security considerations for UTF-8 [RFC3629] are relevent. 566 However, neither uses UTF-8 for identifiers so the most serious 567 concerns do not apply. 569 8. Acknowledgements 571 The LANGUAGE extension is based on a previous Internet draft by Mike 572 Gahrns and Alexey Melnikov, a substantial portion of the text in 573 that section was written by them. Many people have participated in 574 discussions about an IMAP Language extension in the various fora of 575 the IETF and Internet working groups, so any list of contributors is 576 bound to be incomplete. However, the authors would like to thank 577 Andrew McCown for early work on the original proposal, John Myers 578 for suggestions regarding the namespace issue, along with Jutta 579 Degener, Mark Crispin, Mark Pustilnik, Larry Osterman, Cyrus Daboo 580 and Martin Duerst for their many suggestions that have been 582 Internet-draft August 2007 584 incorporated into this document. 586 Initial discussion of the COMPARATOR extension involved input from 587 Mark Crispin and other participants of the IMAP Extensions WG. 589 9. Relevant Standards for i18n IMAP Implementations 591 This is a non-normative list of standards to consider when 592 implementing i18n aware IMAP software. 594 o The LANGUAGE and COMPARATOR extensions to IMAP (this 595 specification). 596 o The 8-bit rules for mailbox naming in section 5.1 of RFC 3501. 597 o The Mailbox International Naming Convention in section 5.1.3 of 598 RFC 3501. 599 o MIME [RFC2045] for message bodies. 600 o MIME header encoding [RFC2047] for message headers. 601 o The IETF EAI working group. 602 o MIME Parameter Value and Encoded Word Extensions [RFC2231] for 603 filenames. Quality IMAP server implementations will 604 automatically combine multipart parameters when generating the 605 BODYSTRUCTURE. There is also some deployed non-standard use of 606 MIME header encoding inside double-quotes for filenames. 607 o IDNA [RFC3490] and punycode [RFC3492] for domain names 608 (presently only relevant to IMAP clients). 609 o The UTF-8 charset [RFC3629]. 610 o The IETF policy on Character Sets and Languages [RFC2277]. 612 Normative References 614 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 615 Requirement Levels", BCP 14, RFC 2119, March 1997. 617 [RFC2277] Alvestrand, "IETF Policy on Character Sets and 618 Languages", BCP 18, RFC 2277, January 1998. 620 [RFC2342] Gahrns, Newman, "IMAP4 Namespace", RFC 2342, May 1998. 622 [RFC3501] Crispin, "INTERNET MESSAGE ACCESS PROTOCOL - VERSION 623 4rev1", RFC 3501, March 2003. 625 [RFC3629] Yergeau, "UTF-8, a transformation format of ISO 10646", 626 STD 63, RFC 3629, November 2003. 628 [RFC4234] Crocker, Overell, "Augmented BNF for Syntax 629 Specifications: ABNF", RFC 4234, Brandenburg 631 Internet-draft August 2007 633 Internetworking, Demon Internet Ltd, October 2005. 635 [RFC4422] Melnikov, Zeilenga, "Simple Authentication and Security 636 Layer (SASL)", RFC 4422, June 2006. 638 [RFC4466] Melnikov, Daboo, "Collected Extensions to IMAP4 ABNF", 639 RFC 4466, Isode Ltd., April 2006. 641 [RFC4646] Philips, Davis, "Tags for Identifying Languages", BCP 47, 642 RFC 4646, September 2006. 644 [RFC4647] Philips, Davis, "Matching of Language Tags", BCP 47, RFC 645 4647, September 2006. 647 [RFC4790] Newman, Duerst, Gulbrandsen, "Internet Application 648 Protocol Comparator Registry", RFC 4790, February 2007 650 [SORT] Crispin, M. and K. Murchison, "INTERNET MESSAGE ACCESS 651 PROTOCOL - SORT AND THREAD EXTENSION", draft-ietf- 652 imapext-sort-18 (work in progress), November 2006. 654 [UCM] Crispin, "i;unicode-casemap - Simple Unicode Collation 655 Algorithm", draft-crispin-collation-unicasemap-04.txt, 656 May 2007. 658 Informative References 660 [RFC2045] Freed, Borenstein, "Multipurpose Internet Mail Extensions 661 (MIME) Part One: Format of Internet Message Bodies", RFC 662 2045, November 1996. 664 [RFC2047] Moore, "MIME (Multipurpose Internet Mail Extensions) Part 665 Three: Message Header Extensions for Non-ASCII Text", RFC 666 2047, November 1996. 668 [RFC2231] Freed, Moore, "MIME Parameter Value and Encoded Word 669 Extensions: Character Sets, Languages, and 670 Continuations", RFC 2231, November 1997. 672 [RFC3490] Faltstrom, Hoffman, Costello, "Internationalizing Domain 673 Names in Applications (IDNA)", RFC 3490, March 2003. 675 [RFC3492] Costello, "Punycode: A Bootstring encoding of Unicode for 676 Internationalized Domain Names in Applications (IDNA)", 677 RFC 3492, March 2003. 679 [METADATA] Daboo, C., "IMAP METADATA Extension", draft-daboo-imap- 681 Internet-draft August 2007 683 annotatemore-10 (work in progress), November 2006. 685 [IMAP-EAI] Resnick, Newman, "IMAP Support for UTF-8", draft-ietf- 686 eai-imap-utf8 (work in progress), May 2006. 688 Authors' Addresses 690 Chris Newman 691 Sun Microsystems 692 3401 Centrelake Dr., Suite 410 693 Ontario, CA 91761 694 US 696 Email: chris.newman@sun.com 698 Arnt Gulbrandsen 699 Oryx Mail Systems GmbH 700 Schweppermannstr. 8 701 D-81671 Muenchen 702 Germany 704 Email: arnt@oryx.com 706 Fax: +49 89 4502 9758 708 Internet-draft August 2007 710 Intellectual Property Statement 712 The IETF takes no position regarding the validity or scope of any 713 Intellectual Property Rights or other rights that might be claimed 714 to pertain to the implementation or use of the technology described 715 in this document or the extent to which any license under such 716 rights might or might not be available; nor does it represent that 717 it has made any independent effort to identify any such rights. 718 Information on the procedures with respect to rights in RFC 719 documents can be found in BCP 78 and BCP 79. 721 Copies of IPR disclosures made to the IETF Secretariat and any 722 assurances of licenses to be made available, or the result of an 723 attempt made to obtain a general license or permission for the use 724 of such proprietary rights by implementers or users of this 725 specification can be obtained from the IETF on-line IPR repository 726 at http://www.ietf.org/ipr. 728 The IETF invites any interested party to bring to its attention any 729 copyrights, patents or patent applications, or other proprietary 730 rights that may cover technology that may be required to implement 731 this standard. Please address the information to the IETF at ietf- 732 ipr@ietf.org. 734 Full Copyright Statement 736 Copyright (C) The IETF Trust (2007). This document is subject to 737 the rights, licenses and restrictions contained in BCP 78, and 738 except as set forth therein, the authors retain all their rights. 740 This document and the information contained herein are provided on 741 an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE 742 REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE 743 IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL 744 WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY 745 WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE 746 ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS 747 FOR A PARTICULAR PURPOSE. 749 Acknowledgment 751 Funding for the RFC Editor function is currently provided by the 752 Internet Society.