Dear SM,
I have addressed your comments in the attached version.
Barry,
Kindly check this version and share if you have any comments, so that I can
upload it.
Regards,
Jay
-----Original Message-----
From: S Moonesamy [mailto:sm+i...@elandsys.com]
Sent: Tuesday, December 29, 2015 7:00 AM
To: Jayantheesh S B
Cc: draft-ietf-imapapnd-appendlimit-extension....@ietf.org; General Area Review
Team; imap...@ietf.org; Barry Leiba; Peter Yee
Subject: RE: [imapext] FW: Gen-ART LC review of
draft-ietf-imapapnd-appendlimit-extension-07
Hi Jay,
At 16:10 28-12-2015, Jayantheesh S B wrote:
>Thanks Peter. Addressed you comments in the attached version.
I'll consider the comments from the Gen-ART review as addressed [1]. Please
upload at your convenience as the proposed changes have been reviewed.
In Section 2:
"The following example, demonstrates the APPENDLIMIT capability
without any value."
I suggest removing the comma. As a FYI, Barry commented about the nits at
http://www.ietf.org/mail-archive/web/imapext/current/msg05708.html
Regards,
S. Moonesamy (as document shepherd)
1. http://www.ietf.org/mail-archive/web/ietf/current/msg95982.html
Network Working Group Jayantheesh
Internet-Draft Narendra
Intended status: Standards Track Samsung Electronics America
Expires: July 1, 2016 December 29, 2015
The IMAP APPENDLIMIT Extension
draft-ietf-imapapnd-appendlimit-extension-08.txt
Abstract
This document defines an extension to the IMAP service whereby a
server can inform the client about maximum message upload sizes,
allowing the client to avoid sending APPEND commands that will fail
because the messages are too large.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on July 1, 2016.
Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Jayantheesh & Narendra Expires July 1, 2016 [Page 1]
�
Internet-Draft The IMAP APPENDLIMIT Extension December 2015
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Conventions and Terminology . . . . . . . . . . . . . . . 2
2. APPENDLIMIT Extension . . . . . . . . . . . . . . . . . . . . 3
3. Mailbox-specific APPENDLIMIT . . . . . . . . . . . . . . . . 3
3.1. STATUS response to the STATUS command . . . . . . . . . . 4
3.2. STATUS response to the LIST command . . . . . . . . . . . 4
3.3. APPENDLIMIT behaviour . . . . . . . . . . . . . . . . . . 4
4. APPEND response . . . . . . . . . . . . . . . . . . . . . . . 4
5. Formal syntax . . . . . . . . . . . . . . . . . . . . . . . . 5
6. Security Considerations . . . . . . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 6
9.1. Normative References . . . . . . . . . . . . . . . . . . 6
9.2. Informative References . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction
Some IMAP servers have limits for message upload size, and those
limits are not published to the email client. When the email client
APPENDs a message with huge attachments, using non-synchronizing
literals, the APPEND fails because of the upload limit, but the
client has already sent the message data anyway. This results in
unnecessary resource usage. Especially in the mobile device
environment, appending message with huge attachments consumes device
resources like device battery power and mobile data.
The IMAP APPENDLIMIT extension provides an ability to advertise a
maximum upload size allowed by the IMAP server, so that the email
client knows the size limitation beforehand. By implementing this
extension, IMAP server-side processing of huge attachments above the
maximum upload size can be avoided.
1.1. Conventions and Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
In examples, "C:" and "S:" indicate lines sent by the client and
server respectively. If a single "C:" or "S:" label applies to
multiple lines, then the line breaks between those lines are for
editorial clarity only and are not part of the actual protocol
exchange.
Jayantheesh & Narendra Expires July 1, 2016 [Page 2]
�
Internet-Draft The IMAP APPENDLIMIT Extension December 2015
2. APPENDLIMIT Extension
An IMAP server that supports the APPENDLIMIT extension advertises
this by including the name APPENDLIMIT in its capability list in the
authenticated state. The server may also advertise this extension
before the user has logged in. If this capability is omitted, no
information is conveyed about the server's fixed maximum mail upload
size. An IMAP server can publish the APPENDLIMIT capability in two
formats.
(a) APPENDLIMIT=<number>
This indicates that the IMAP server has the same upload limit for all
mailboxes. The following example demonstrates the APPENDLIMIT
capability with the same upload limit for all mailboxes.
C: t1 CAPABILITY
S: * CAPABILITY IMAP4rev1 ID APPENDLIMIT=257890
S: t1 OK foo
(b) APPENDLIMIT
The APPENDLIMIT capability without any value indicates that the IMAP
server supports this extension, and that the client will need to
discover upload limits for each mailbox, which might differ from
mailbox to mailbox. The following example demonstrates the
APPENDLIMIT capability without any value.
C: t1 CAPABILITY
S: * CAPABILITY IMAP4rev1 ID APPENDLIMIT
S: t1 OK foo
In this case the client SHOULD get an APPENDLIMIT value by issuing a
STATUS or LIST command.
An IMAP client SHOULD be able to parse both formats. By looking at
the upload size advertised by the IMAP server, a client MUST NOT try
to APPEND mail more than the advertised limit.
3. Mailbox-specific APPENDLIMIT
An IMAP server can have mailbox-specific APPENDLIMIT values, which
will not be advertised as part of the CAPABILITY response. The IMAP
server can publish specific values for each mailbox, and can publish
"NIL" for a mailbox to convey that there is no APPENDLIMIT for that
mailbox. The following subsections describe the changes to the
STATUS and LIST commands in support of this situation.
Jayantheesh & Narendra Expires July 1, 2016 [Page 3]
�
Internet-Draft The IMAP APPENDLIMIT Extension December 2015
3.1. STATUS response to the STATUS command
A new attribute APPENDLIMIT is added to get the limit set by the
server for a mailbox as part of a STATUS command. An IMAP client
should issue a STATUS command with an APPENDLIMIT item to get the
mailbox-specific upload value. The following example demonstrates
its usage.
C: t1 STATUS INBOX (APPENDLIMIT)
S: * STATUS INBOX (APPENDLIMIT 257890)
S: t1 OK STATUS completed
In the above example APPENDLIMIT represents the maximum upload size
for INBOX.
3.2. STATUS response to the LIST command
If the server advertises the LIST-STATUS capability [RFC5819], the
client can issue LIST in combination with the STATUS return option to
get the mailbox-specific upload value. The following example
demonstrates its usage.
C: t1 LIST "" % RETURN (STATUS (APPENDLIMIT))
S: * LIST () "." "INBOX"
S: * STATUS "INBOX" (APPENDLIMIT 257890)
S: t1 OK List completed.
The IMAP server MUST recognize the APPENDLIMIT attribute and include
an appropriate STATUS response for each matching mailbox. Refer to
Section 5 for the syntax.
If the server does not support the STATUS return option on the LIST
command, then the client should use the STATUS command instead.
3.3. APPENDLIMIT behaviour
Computing the APPENDLIMIT should be fast, and need not take ACLs,
quotas, and other such information into account. The APPENDLIMIT
specifies one part of the policy, but an APPEND command can still
fail due to issues related to ACLs and quotas issues, even if the
message being appended is smaller than the APPENDLIMIT.
4. APPEND response
If a client uploads a message which exceeds the maximum upload size
set for that mailbox, then the server SHALL reject the APPEND command
with a tagged TOOBIG response code. Refer to [RFC4469] Section 4 for
various APPEND response codes and its handling.
Jayantheesh & Narendra Expires July 1, 2016 [Page 4]
�
Internet-Draft The IMAP APPENDLIMIT Extension December 2015
A client SHOULD avoid use of non-synchronizing literals [LITERAL-],
when the maximum upload size supported by the IMAP server is unknown.
Refer to Section 4.2.2.3 of [RFC4549] for usage of non-synchronizing
literals and its risk for disconnected IMAP clients.
5. Formal syntax
The following syntax specification uses the Augmented Backus-Naur
Form (ABNF) notation as specified in [RFC5234] including the core
rules in Appendix B.1. [RFC3501] defines the non-terminals
"capability" and "status-att", and [RFC4466] defines "status-att-
val".
All alphabetic characters are case-insensitive. The use of upper or
lower case characters to define token strings is for editorial
clarity only. Implementations MUST accept these strings in a case-
insensitive fashion.
capability =/ "APPENDLIMIT" ["=" number]
;; capability is defined in RFC 3501
status-att =/ "APPENDLIMIT"
;; status-att is defined in RFC 3501
status-att-val =/ "APPENDLIMIT" SP (number / nil)
;; status-att-val is defined in RFC 4466
The number indicates the fixed maximum message size in octets that
the server will accept. An APPENDLIMIT number of 0 indicates the
server will not accept any APPEND commands at all for the affected
mailboxes.
6. Security Considerations
The IMAP APPENDLIMIT extension described in this document can
conceivably be used to facilitate Denial-of-Service attacks by
allowing an attacker to home in on a critical value right away. The
attacker might want to send a large data block to the server
repeatedly, forcing the server to process the block, but would not
want to limit the scope of its attack by filling an actual mailbox
with successful appends. Without this extension, the attacker needs
to guess: a too-small guess results in an appended message that takes
up the user's quota, while a far-too-large guess might simply cause
the server to terminate the connection because of suspected abuse.
But with this extension, the attacker can immediately choose a value
that's a little too large, but not so much as to trigger an "abuse"
response, making it easier to mount such an attack. To mitigate this
Jayantheesh & Narendra Expires July 1, 2016 [Page 5]
�
Internet-Draft The IMAP APPENDLIMIT Extension December 2015
extension's input to such an attack, a server might take a harder
line on message sizes that are above the APPENDLIMIT value -- because
the client knows the limit and should not even be trying to send such
commands, a server might consider even a single attempt to be
abusive, and terminate the IMAP connection straight away.
7. IANA Considerations
IANA is asked to add "APPENDLIMIT" to the IMAP Capabilities registry,
using this document as its reference.
8. Acknowledgements
Thanks to Alexey Melnikov, Dave Cridland, Adrien de Croy, Michael M
Slusarz, Timo Sirainen, Chris Newman, Pete Maclean, Jamie Nicolson,
Stu Brandt, Bron Gondwana, Arnt Gulbrandsen, Cyrus Daboo, Jan
Kundrat, Brandon Long, and Barry Leiba for providing valuable
comments.
9. References
9.1. Normative References
[LITERAL-]
Melnikov, A., "IMAP4 non-synchronizing literals,
https://tools.ietf.org/html/draft-ietf-imapapnd-
rfc2088bis-01 (work in progress)", October 2015.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997,
<http://www.rfc-editor.org/info/rfc2119>.
[RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
4rev1", RFC 3501, DOI 10.17487/RFC3501, March 2003,
<http://www.rfc-editor.org/info/rfc3501>.
[RFC4466] Melnikov, A. and C. Daboo, "Collected Extensions to IMAP4
ABNF", RFC 4466, DOI 10.17487/RFC4466, April 2006,
<http://www.rfc-editor.org/info/rfc4466>.
[RFC4469] Resnick, P., "Internet Message Access Protocol (IMAP)
CATENATE Extension", RFC 4469, DOI 10.17487/RFC4469, April
2006, <http://www.rfc-editor.org/info/rfc4469>.
Jayantheesh & Narendra Expires July 1, 2016 [Page 6]
�
Internet-Draft The IMAP APPENDLIMIT Extension December 2015
[RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234,
DOI 10.17487/RFC5234, January 2008,
<http://www.rfc-editor.org/info/rfc5234>.
[RFC5819] Melnikov, A. and T. Sirainen, "IMAP4 Extension for
Returning STATUS Information in Extended LIST", RFC 5819,
DOI 10.17487/RFC5819, March 2010,
<http://www.rfc-editor.org/info/rfc5819>.
9.2. Informative References
[RFC4549] Melnikov, A., Ed., "Synchronization Operations for
Disconnected IMAP4 Clients", RFC 4549,
DOI 10.17487/RFC4549, June 2006,
<http://www.rfc-editor.org/info/rfc4549>.
Authors' Addresses
Jayantheesh S B
Samsung Electronics America
685 US Highway 202/206
Bridgewater, NJ 08807
USA
Email: jayantheesh...@gmail.com
Narendra Singh Bisht
Samsung Electronics America
685 US Highway 202/206
Bridgewater, NJ 08807
USA
Email: narendrasingh.bi...@gmail.com
Jayantheesh & Narendra Expires July 1, 2016 [Page 7]
<?xml version="1.0" encoding="us-ascii"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd" [
<!ENTITY rfc2119 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY rfc3501 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.3501.xml'>
<!ENTITY rfc5234 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5234.xml'>
<!ENTITY rfc5819 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5819.xml'>
<!ENTITY rfc4469 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4469.xml'>
<!ENTITY rfc4549 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4549.xml'>
<!ENTITY rfc4466 PUBLIC '' 'http://xml.resource.org/public/rfc/bibxml/reference.RFC.4466.xml'>
]>
<rfc category="std" ipr="trust200902" docName="draft-ietf-imapapnd-appendlimit-extension-08.txt">
<?xml-stylesheet href="rfc5162_files/rfc2629.htm" type="text/xsl"?>
<?rfc strict="yes" ?>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc iprnotified="no" ?>
<?rfc strict="yes" ?>
<?rfc comments="yes" ?>
<?rfc inline="yes" ?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<front>
<title>The IMAP APPENDLIMIT Extension</title>
<author initials="" surname="Jayantheesh" fullname="Jayantheesh S B">
<organization>Samsung Electronics America</organization>
<address>
<postal>
<street>685 US Highway 202/206</street>
<city>Bridgewater</city>
<region>NJ</region>
<code>08807</code>
<country>USA</country>
</postal>
<email>jayantheesh...@gmail.com</email>
</address>
</author>
<author initials="" surname="Narendra" fullname="Narendra Singh Bisht">
<organization>Samsung Electronics America</organization>
<address>
<postal>
<street>685 US Highway 202/206</street>
<city>Bridgewater</city>
<region>NJ</region>
<code>08807</code>
<country>USA</country>
</postal>
<email>narendrasingh.bi...@gmail.com</email>
</address>
</author>
<date year="2015"/>
<keyword>IMAP</keyword>
<keyword>APPENDLIMIT</keyword>
<abstract>
<t>
This document defines an extension to the IMAP service whereby a server can
inform the client about maximum message upload sizes, allowing the client
to avoid sending APPEND commands that will fail because the messages are
too large.
</t>
</abstract>
</front>
<middle>
<section title="Introduction">
<t>
Some IMAP servers have limits for message upload size, and those limits
are not published to the email client. When the email client APPENDs
a message with huge attachments, using non-synchronizing literals,
the APPEND fails because of the upload limit, but the client has
already sent the message data anyway. This results in unnecessary resource
usage. Especially in the mobile device environment, appending message with
huge attachments consumes device resources like device battery power and
mobile data.
</t>
<t>
The IMAP APPENDLIMIT extension provides an ability to advertise a maximum
upload size allowed by the IMAP server, so that the email client knows the
size limitation beforehand. By implementing this extension, IMAP server-side
processing of huge attachments above the maximum upload size can be avoided.
</t>
<section title="Conventions and Terminology">
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY",
and "OPTIONAL" in this document are to be interpreted as
described in <xref target="RFC2119"/>.
</t>
<t>In examples, "C:" and "S:" indicate lines sent by
the client and server respectively. If a single "C:" or "S:"
label applies to multiple lines, then the line breaks between
those lines are for editorial clarity only and are not part
of the actual protocol exchange.
</t>
</section>
</section>
<section title="APPENDLIMIT Extension">
<t>
An IMAP server that supports the APPENDLIMIT extension advertises this by
including the name APPENDLIMIT in its capability list in the authenticated
state. The server may also advertise this extension before the user has
logged in. If this capability is omitted, no information is conveyed about
the server's fixed maximum mail upload size. An IMAP server can publish the
APPENDLIMIT capability in two formats.
</t>
<t>
(a) APPENDLIMIT=<![CDATA[<number>]]>
</t>
<t>
This indicates that the IMAP server has the same upload limit for all
mailboxes. The following example demonstrates the APPENDLIMIT
capability with the same upload limit for all mailboxes.
</t>
<t>
C: t1 CAPABILITY<vspace />
S: * CAPABILITY IMAP4rev1 ID APPENDLIMIT=257890<vspace />
S: t1 OK foo<vspace />
</t>
<t>
(b) APPENDLIMIT
</t>
<t>
The APPENDLIMIT capability without any value indicates that
the IMAP server supports this extension, and that the client
will need to discover upload limits for each mailbox, which
might differ from mailbox to mailbox. The following
example demonstrates the APPENDLIMIT capability without any value.
</t>
<t>
C: t1 CAPABILITY<vspace />
S: * CAPABILITY IMAP4rev1 ID APPENDLIMIT<vspace />
S: t1 OK foo<vspace />
</t>
<t>
In this case the client SHOULD get an APPENDLIMIT value by issuing
a STATUS or LIST command.
</t>
<t>
An IMAP client SHOULD be able to parse both formats. By looking
at the upload size advertised by the IMAP server, a client MUST NOT try
to APPEND mail more than the advertised limit.
</t>
</section>
<section title="Mailbox-specific APPENDLIMIT">
<t>
An IMAP server can have mailbox-specific APPENDLIMIT values, which
will not be advertised as part of the CAPABILITY response. The IMAP
server can publish specific values for each mailbox, and can publish
"NIL" for a mailbox to convey that there is no APPENDLIMIT for that
mailbox. The following subsections describe the changes to the STATUS
and LIST commands in support of this situation.
</t>
<section title="STATUS response to the STATUS command">
<t>
A new attribute APPENDLIMIT is added to get the limit set by the server
for a mailbox as part of a STATUS command. An IMAP client should issue a STATUS
command with an APPENDLIMIT item to get the mailbox-specific upload value.
The following example demonstrates its usage.
</t>
<t>
C: t1 STATUS INBOX (APPENDLIMIT)<vspace />
S: * STATUS INBOX (APPENDLIMIT 257890)<vspace />
S: t1 OK STATUS completed<vspace />
</t>
<t>
In the above example APPENDLIMIT represents the maximum upload size for
INBOX.
</t>
</section>
<section title="STATUS response to the LIST command">
<t>
If the server advertises the LIST-STATUS capability <xref target="RFC5819"/>,
the client can issue LIST in combination with the STATUS return option
to get the mailbox-specific upload value. The following example demonstrates
its usage.
</t>
<t>
C: t1 LIST "" % RETURN (STATUS (APPENDLIMIT))<vspace />
S: * LIST () "." "INBOX"<vspace />
S: * STATUS "INBOX" (APPENDLIMIT 257890)<vspace />
S: t1 OK List completed.<vspace />
</t>
<t>
The IMAP server MUST recognize the APPENDLIMIT attribute and include an
appropriate STATUS response for each matching mailbox. Refer to
<xref target="for_synx" /> for the syntax.
</t>
<t>
If the server does not support the STATUS return option on the LIST
command, then the client should use the STATUS command instead.
</t>
</section>
<section title="APPENDLIMIT behaviour">
<t>
Computing the APPENDLIMIT should be fast, and need not take ACLs, quotas,
and other such information into account. The APPENDLIMIT specifies one part
of the policy, but an APPEND command can still fail due to issues related
to ACLs and quotas issues, even if the message being appended is smaller
than the APPENDLIMIT.
</t>
</section>
</section>
<section title="APPEND response">
<t>
If a client uploads a message which exceeds the maximum upload size set
for that mailbox, then the server SHALL reject the APPEND command with a
tagged TOOBIG response code. Refer to <xref target="RFC4469"/> Section 4 for various
APPEND response codes and its handling.
</t>
<t>
A client SHOULD avoid use of non-synchronizing literals <xref target="LITERAL-"/>,
when the maximum upload size supported by the IMAP server is unknown.
Refer to Section 4.2.2.3 of <xref target="RFC4549" /> for usage of
non-synchronizing literals and its risk for disconnected IMAP clients.
</t>
</section>
<section title="Formal syntax" anchor="for_synx">
<t>
The following syntax specification uses the Augmented Backus-Naur
Form (ABNF) notation as specified in <xref target="RFC5234"/> including the core
rules in Appendix B.1. <xref target="RFC3501"/> defines the non-terminals
"capability" and "status-att", and <xref target="RFC4466"/> defines "status-att-val".
</t>
<t>
All alphabetic characters are case-insensitive. The use of upper or
lower case characters to define token strings is for editorial clarity only.
Implementations MUST accept these strings in a case-insensitive fashion.
</t>
<figure>
<artwork><![CDATA[
capability =/ "APPENDLIMIT" ["=" number]
;; capability is defined in RFC 3501
status-att =/ "APPENDLIMIT"
;; status-att is defined in RFC 3501
status-att-val =/ "APPENDLIMIT" SP (number / nil)
;; status-att-val is defined in RFC 4466
]]>
</artwork>
</figure>
<t>
The number indicates the fixed maximum message size in octets that
the server will accept. An APPENDLIMIT number of 0 indicates the
server will not accept any APPEND commands at all for the affected mailboxes.
</t>
</section>
<section title="Security Considerations">
<t>
The IMAP APPENDLIMIT extension described in this document can
conceivably be used to facilitate Denial-of-Service attacks by allowing
an attacker to home in on a critical value right away. The attacker
might want to send a large data block to the server repeatedly,
forcing the server to process the block, but would not want to limit
the scope of its attack by filling an actual mailbox with successful
appends. Without this extension, the attacker needs to guess: a
too-small guess results in an appended message that takes up the
user's quota, while a far-too-large guess might simply cause the
server to terminate the connection because of suspected abuse.
But with this extension, the attacker can immediately choose a
value that's a little too large, but not so much as to trigger an "abuse"
response, making it easier to mount such an attack.
To mitigate this extension's input to such an attack, a server might
take a harder line on message sizes that are above the APPENDLIMIT
value -- because the client knows the limit and should not even be
trying to send such commands, a server might consider even a single
attempt to be abusive, and terminate the IMAP connection straight
away.
</t>
</section>
<section title="IANA Considerations">
<t>
IANA is asked to add "APPENDLIMIT" to the IMAP Capabilities
registry, using this document as its reference.
</t>
</section>
<section title="Acknowledgements">
<t>Thanks to Alexey Melnikov, Dave Cridland, Adrien de Croy,
Michael M Slusarz, Timo Sirainen, Chris Newman,
Pete Maclean, Jamie Nicolson, Stu Brandt, Bron Gondwana,
Arnt Gulbrandsen, Cyrus Daboo, Jan Kundrat, Brandon Long,
and Barry Leiba for providing valuable comments.
</t>
</section>
</middle>
<back>
<references title="Normative References">
&rfc4466;
&rfc2119;
&rfc3501;
&rfc5234;
&rfc5819;
&rfc4469;
<reference anchor="LITERAL-">
<front>
<title>IMAP4 non-synchronizing literals, https://tools.ietf.org/html/draft-ietf-imapapnd-rfc2088bis-01 (work in progress)</title>
<author initials="A." surname="Melnikov" fullname="Alexey Melnikov">
<organization>Isode Ltd</organization>
</author>
<date year="2015" month="October"/>
<abstract>
<t>
The Internet Message Access Protocol (RFC 3501) contains the
"literal" syntactic construct for communicating strings. When
sending a literal from client to server, IMAP requires the client to
wait for the server to send a command continuation request between
sending the octet count and the string data. This document specifies
an alternate form of literal which does not require this network
round trip
</t>
<t>
This document specifies 2 IMAP extensions: LITERAL+ and LITERAL-.
The former allows the alternate form of literals in all IMAP command.
The latter is the same as LITERAL+, but disallow the alternate form
in IMAP APPEND, unless they are 4096 bytes or less.
</t>
</abstract>
</front>
</reference>
</references>
<references title="Informative References">
&rfc4549;
</references>
</back>
</rfc>_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www.ietf.org/mailman/listinfo/gen-art
