[Docs] [txt|pdf] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 RFC 5524

Network Working Group                                        D. Cridland
Internet-Draft                                             Isode Limited
Expires: August 10, 2008                                February 7, 2008


            Extended URLFETCH for binary and converted parts
                   draft-cridland-urlfetch-binary-01

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on August 10, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2008).

Abstract

   The URLFETCH command defined as part of URLAUTH provides a mechanism
   for third-parties to gain access to data held within messages in a
   user's private store, however, this data is sent verbatim, which is
   not suitable for a number of applications.  This memo specifies a
   method for obtaining data in forms suitable for non-mail
   applications.






Cridland                 Expires August 10, 2008                [Page 1]

Internet-Draft               URLFETCH BINARY               February 2008


Table of Contents

   1.  Conventions used in this document . . . . . . . . . . . . . . . 3
   2.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   3.  Extended URLFETCH . . . . . . . . . . . . . . . . . . . . . . . 3
     3.1.  Command Parameters  . . . . . . . . . . . . . . . . . . . . 3
     3.2.  Response Metadata . . . . . . . . . . . . . . . . . . . . . 4
   4.  Example Exchanges . . . . . . . . . . . . . . . . . . . . . . . 4
   5.  Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 6
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
   7.  Security Considerations . . . . . . . . . . . . . . . . . . . . 7
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 7
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 7
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 7
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 8
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . . . 8
   Intellectual Property and Copyright Statements  . . . . . . . . . . 9


































Cridland                 Expires August 10, 2008                [Page 2]

Internet-Draft               URLFETCH BINARY               February 2008


1.  Conventions used in this document

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [KEYWORDS].

   Protocol examples are line-wrapped for clarity.  Protocol strings are
   prefixed with C: and S: for client and server respectively, and
   elided data is represented by [...].  Implementors should note these
   notations are for editorial clarity only.


2.  Introduction

   Although [URLAUTH] provides a URLFETCH command which can be used to
   dereference a URL and return the body part data, it does so by
   returning the encoded form, without sufficient data to decode.  This
   is suitable for use in mail applications such as [BURL], where the
   encoded form is suitable, but not where access to the actual content
   is required, such as [STREAMING].

   This memo specifies a mechanism which returns additional metadata
   about the part, such as its media type, as well as removing any
   content transfer encoding used on the body part.


3.  Extended URLFETCH

   This extension is available in any IMAP server implementation which
   includes URLAUTH=BINARY within its capability string.

   Such servers accept additional, per-URL, parameters to the URLFETCH
   command, and will provide, upon request, additional data for each URL
   dereferenced.

3.1.  Command Parameters

   The URLFETCH command is extended by the provision of optional
   parameters.  The extended URLFETCH command is distinct by enclosing
   each URL and associated parameters in a parenthesized list.  The
   absence of any parameters, or if the URL is sent unenclosed, causes
   the command to behave precisely as specified in [URLAUTH].

   Note that the content itself is always returned, with or without
   transfer encoding, as the client has requested.

   Available parameters are:




Cridland                 Expires August 10, 2008                [Page 3]

Internet-Draft               URLFETCH BINARY               February 2008


   BODYPARTSTRUCTURE
      Provide a BODYPARTSTRUCTURE in additional to the data itself.

      BODYPARTSTRUCTURE is defined in [CONVERT].

   BINARY
      Remove any Content-Transfer-Encoding.

      In particular, this means that the data MAY contain NUL octets,
      and not be formed from textual lines.  Data containing NUL octets
      MUST be transferred using the literal8 syntax defined in [BINARY].


3.2.  Response Metadata

   In order to carry any requested metadata and provide additional
   information to the consumer, the URLFETCH response is similarly
   extended.

   Following the URL itself, servers will include a series of
   parenthesized metadata elements.  Defined metadata elements are as
   follows:
   BODYPARTSTRUCTURE
      The BODYPARTSTRUCTURE provides information about the data
      contained in the response, as it has been returned.  It will
      reflect any conversions or decoding that have taken place.


   Note that unlike [CONVERT], BODYPARTSTRUCTURE is not appended with
   the part specifier, as this is implicit in the URL.


4.  Example Exchanges

   A client requests the data with no content transfer encoding.

   C: A001 URLFETCH  ("imap://joe@example.com/INBOX/;uid=20/;
      section=1.2;urlauth=anonymous:internal:
      91354a473744909de610943775f92038" BINARY)
   S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
      section=1.2;urlauth=anonymous:internal:
      91354a473744909de610943775f92038" {28}
   S: Si vis pacem, para bellum.
   S:
   S: A001 OK URLFETCH completed

   Note that the data here does not contain a NUL octet, therefore a
   literla - not literal8 - syntax has been used.



Cridland                 Expires August 10, 2008                [Page 4]

Internet-Draft               URLFETCH BINARY               February 2008


   A client again requests data with no content transfer encoding, but
   this time requests the body structure.

   C: A001 URLFETCH  ("imap://joe@example.com/INBOX/;uid=20/;
      section=1.3;urlauth=anonymous:internal:
      ae354a473744909de610943775f92038" BINARY BODYPARTSTRUCTURE)
   S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
      section=1.3;urlauth=anonymous:internal:
      ae354a473744909de610943775f92038" ((BODYPARTSTRUCTURE
      ("IMAGE" "PNG" () NIL NIL "BINARY" 123))) ~{123}
   S: [123 octets of data, some of which is NUL]
   S: A001 OK URLFETCH completed

   A client requests the body structure, and the original content.

   C: A001 URLFETCH  ("imap://joe@example.com/INBOX/;uid=20/;
      section=1.3;urlauth=anonymous:internal:
      ae354a473744909de610943775f92038" BINARY BODYPARTSTRUCTURE)
   S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
      section=1.3;urlauth=anonymous:internal:
      ae354a473744909de610943775f92038" ((BODYPARTSTRUCTURE
      ("IMAGE" "PNG" () NIL NIL "BASE64" 164))) {164}
   S: [164 octets of base64 encoded data]
   S: A001 OK URLFETCH completed



























Cridland                 Expires August 10, 2008                [Page 5]

Internet-Draft               URLFETCH BINARY               February 2008


5.  Formal Syntax

   This formal syntax uses ABNF as specified in [ABNF], and includes
   productions defined in [URLAUTH], [BINARY] and [IMAP].

 capability       =/ "URLAUTH=BINARY"

    ; Command parameters; see Section 3.1

 urlfetch         =  "URLFETCH" 1*(SP url-fetch-arg)

 url-fetch-arg    =  url-fetch-simple / url-fetch-ext

 url-fetch-simple =  url-full
    ; Unextended URLFETCH.

 url-fetch-ext    =  "(" url-full *(SP url-fetch-param) ")"
    ; If no url-fetch-param present, as unextended.

 url-fetch-param  =  "BINARY" / "BODYPARTSTRUCTURE" / atom
    ; TODO: Should this be iana-token?

    ; Response; see Section 3.2

 urlfetch-data    =  "*" SP "URLFETCH"
                     1*(SP (urldata-simple / urldata-ext))

 urldata-simple   =  SP url-full SP nstring
    ; If client issues url-fetch-simple, server MUST respond with
    ; urldata-simple

 urldata-ext      =  SP url-full [url-metadata] SP (nstring / literal8)
    ; Note that content is always returned.
    ; If the content contains a NUL octet, the server MUST use literal8.
    ; Otherwise, the server SHOULD use nstring syntax.

 url-metadata     =  1*(SP "(" url-metadata-el ")")

 url-metadata-el  =  "BODYPARTSTRUCTURE" SP body / "BINARY"












Cridland                 Expires August 10, 2008                [Page 6]

Internet-Draft               URLFETCH BINARY               February 2008


6.  IANA Considerations

   IMAP4 capabilities are registered by publishing a standards track or
   IESG approved experimental RFC.  The registry is currently located
   at:

         http://www.iana.org/assignments/imap4-capabilities

   This document defines the URLFETCH=BINARY IMAP capability.  IANA is
   requested to add it to the registry accordingly.

   This document has no actions for IANA.


7.  Security Considerations

   Implementors are directed to the security considerations within
   [IMAP], [URLAUTH], and [BINARY].

   The ability of the holder of a URL to be able to fetch metadata about
   the content pointed to by the URL as well as the content itself
   allows a potential attacker to discover more about the content than
   was previously possible, including its original filename, and user-
   supplied description.

   The additional value of this information to an attacker in marginal,
   and applies only to those URLs for which the attacker does not have
   direct access, such as those produced by [URLAUTH].  Implementors are
   therefore directed to the security considerations present in
   [URLAUTH].


8.  Acknowledgements

   Comments were received on the idea, and/or this draft, from Neil
   Cook, Philip Guenther, Alexey Melnikov, Ken Murchison and others.
   Whether in agreement or dissent, the comments have refined and
   otherwise influenced the document.


9.  References

9.1.  Normative References

   [ABNF]     Crocker, D. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234, January 2008.

   [BINARY]   Nerenberg, L., "IMAP4 Binary Content Extension", RFC 3516,



Cridland                 Expires August 10, 2008                [Page 7]

Internet-Draft               URLFETCH BINARY               February 2008


              April 2003.

   [CONVERT]  Melnikov, A. and P. Coates, "IMAP CONVERT extension",
              draft-ietf-lemonade-convert-13 (work in progress),
              December 2007.

   [IMAP]     Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
              4rev1", RFC 3501, March 2003.

   [KEYWORDS]
              Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [URLAUTH]  Crispin, M., "Internet Message Access Protocol (IMAP) -
              URLAUTH Extension", RFC 4467, May 2006.

9.2.  Informative References

   [BURL]     Newman, C., "Message Submission BURL Extension", RFC 4468,
              May 2006.

   [STREAMING]
              Cook, N., "Streaming Internet Messaging Attachments",
              draft-ietf-lemonade-streaming-03 (work in progress),
              September 2007.


Author's Address

   Dave Cridland
   Isode Limited
   5 Castle Business Village
   36, Station Road
   Hampton, Middlesex  TW12 2BX
   GB

   Email: dave.cridland@isode.com














Cridland                 Expires August 10, 2008                [Page 8]

Internet-Draft               URLFETCH BINARY               February 2008


Full Copyright Statement

   Copyright (C) The IETF Trust (2008).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Cridland                 Expires August 10, 2008                [Page 9]


Html markup produced by rfcmarkup 1.109, available from https://tools.ietf.org/tools/rfcmarkup/