Hi Eric,
I am sorry if I sound pedantic below, but I think your suggestion can be
misinterpreted and thus needs improving:
On 28/03/2013 12:13, Burger Eric wrote:
Rather than guessing all of the bad things that could happen, I would offer it would be better to say what we mean, like:
The IMAP interface MUST NOT provide any IMAP facilities that modify the underlying message and message metadata, such as mailbox, flags, marking for deletion, etc. If the client is authenticated and authorized, the IMAP interface MUST provide per-user marking of the underlying message as read or flagged.
One way to implement this is in an IMAP server is to always fail
commands for modifying message metadata. Another way of implementing
this is to allow them, but ignore (don't persist) results. Both ways
were used in the past and they have different effect on IMAP clients. I
hope the requirement is intended to allow for either.
Another thing to consider is that for IMAP servers that implement IMAP
ACL, the easiest way to meet the intended requirement is by not allowing
unauthorized users to access some commands on a mailbox. Again, a
possible reading of your suggested text is that that is not allowed.
So, my suggestion is to change "MUST NOT provide any IMAP facilities
..." to "MUST disallow any IMAP facilities ...".