On 4/2/13 4:54 AM, Alexey Melnikov wrote:
Hi Eric,
I am sorry if I sound pedantic below, but I think your suggestion can
be misinterpreted and thus needs improving:
On 28/03/2013 12:13, Burger Eric wrote:
Rather than guessing all of the bad things that could happen, I would
offer it would be better to say what we mean, like:
The IMAP interface MUST NOT provide any IMAP facilities that
modify the underlying message and message metadata, such as mailbox,
flags, marking for deletion, etc. If the client is authenticated and
authorized, the IMAP interface MUST provide per-user marking of the
underlying message as read or flagged.
One way to implement this is in an IMAP server is to always fail
commands for modifying message metadata. Another way of implementing
this is to allow them, but ignore (don't persist) results. Both ways
were used in the past and they have different effect on IMAP clients.
I hope the requirement is intended to allow for either.
Another thing to consider is that for IMAP servers that implement IMAP
ACL, the easiest way to meet the intended requirement is by not
allowing unauthorized users to access some commands on a mailbox.
Again, a possible reading of your suggested text is that that is not
allowed.
So, my suggestion is to change "MUST NOT provide any IMAP facilities
..." to "MUST disallow any IMAP facilities ...".
I think I found a way to say this that strikes a good balance in -06.
Let me know what you think.