The IESG has approved the following document: - 'IMAP URL Scheme ' <draft-ietf-lemonade-rfc2192bis-09.txt> as a Proposed Standard This document is the product of the Enhancements to Internet email to Support Diverse Service Environments Working Group. The IESG contact persons are Lisa Dusseault and Chris Newman. A URL of this Internet-Draft is: http://www.ietf.org/internet-drafts/draft-ietf-lemonade-rfc2192bis-09.txt Technical Summary IMAP (RFC 3501) is a rich protocol for accessing remote message stores. It provides an ideal mechanism for accessing public mailing list archives as well as private and shared message stores. This document defines a URL scheme for referencing objects on an IMAP server. This document obsoletes RFC 2192 and updates RFC 4467. Working Group Summary This document removed support for IMAP URLs for listing the contents of a mailbox. There was a clear consensus that this feature (originally described in RFC 2192) was never implemented. Some of the changes to the document were a result of the Lemonade interoperability event of October 2006 held in London, England. Protocol Quality The document received several positive reviews. In particular it is worth noting Ted Hardie and Zoltan Ordogh have done detailed reviews of the document. This document addresses all issues raised. Eric Burger shepherds this document on behalf of Lisa Dusseault, the responsible Area Director. Lisa and Eric reviewed this document and believe it is ready for forwarding to the IESG for publication. Note to RFC Editor In section 6.1.1.1, first paragraph, last sentence: OLD: The authorization token is generated from the URL, the authorized access identifer, authoriza- ^^^^^^^^^ tion mechanism name, and a mailbox access key. NEW: The authorization token is generated from the URL, the authorized access identifier, autho- ^^^^^^^^^^ rization mechanism name, and a mailbox access key. (typo in the word "identifier") In section 6.1.1.2, replace the first paragraph: OLD: The mailbox access key is a random string with at least 128 bits of entropy. It is generated by software (not by the human user), and MUST be unpredictable. NEW: The mailbox access key is an unpredictable, random string. To ensure unpredictability, the random string with at least 128 bits of entropy is generated by software or hardware (not by the human user). In section 9.1, 9th paragraph: OLD: The following edge case example demostrates that the ;UIDVALIDITY= ^^^^^^^^^^^ modifier is a part of the mailbox name as far as relative URI reso- lution is concerned: NEW: The following edge case example demonstrates that the ;UIDVALIDITY= ^^^^^^^^^^^^ modifier is a part of the mailbox name as far as relative URI reso- lution is concerned: typo: demonstrates In section 10.1, first paragraph, replace the last sentence: OLD: Use of either of these access identi- fiers makes it impossible for an attacker, spying on the session, to use the same URL, either directly or by submission to a message submission entity. NEW: Use of either of these mechanisms limits the scope of the URL. An attacker who cannot authenticate using the appropriate credentials cannot make use of the URL. In section 12.1, 13th paragraph: OLD: A widely deployed IMAP client Netscape Mail (and possibly Mozilla/ Thubderbird/Seamonkey) use a different imap: scheme inter- ^ ^ nally. NEW: A widely deployed IMAP client Netscape Mail (and possibly Mozilla/Thunderbird/Seamonkey) use a different imap: scheme inter- ^ ^ nally. (typo in Thunderbird, also remove an extra space) In Appendix D, third paragraph, add: OLD: Editors would like to thank Mark Crispin, Ken Murchison, Ted Hardie, Zoltan Ordogh, Dave Cridland, Kjetil Torgrim Homme, Lisa Dusseault, Spencer Dawkins, Filip Navara and Shawn M. Emery for the ^^^ time they devoted to reviewing of this document and/or for the com- ments received. NEW: Editors would like to thank Mark Crispin, Ken Murchison, Ted Hardie, Zoltan Ordogh, Dave Cridland, Kjetil Torgrim Homme, Lisa Dusseault, Spencer Dawkins, Filip Navara, Shawn M. Emery, Sam Hartman, ^ ^^^^^^^^^^^^^ Russ Housley and Lars Eggert for the time they devoted to ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ reviewing of this document and/or for the comments received. _______________________________________________ IETF-Announce@ietf.org https://www1.ietf.org/mailman/listinfo/ietf-announce
