[Docs] [txt|pdf] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 RFC 2221

Network Working Group                                        M. Gahrns
Internet Draft                                               Microsoft
Document: draft-gahrns-imap-login-referrals-01.txt      September 1997

                          IMAP4 Login Referrals

Status of this Memo

   This document is an Internet Draft.  Internet Drafts are working
   documents of the Internet Engineering Task Force (IETF), its Areas,
   and its Working Groups.  Note that other groups may also distribute
   working documents as Internet Drafts.

   Internet Drafts are draft documents valid for a maximum of six
   months.  Internet Drafts may be updated, replaced, or obsoleted by
   other documents at any time.  It is not appropriate to use Internet
   Drafts as reference material or to cite them other than as a
   "working draft" or "work in progress".

   To learn the current status of any Internet-Draft, please check the
   1id-abstracts.txt listing contained in the Internet-Drafts Shadow
   Directories on ds.internic.net, nic.nordu.net, ftp.isi.edu, or

   A revised version of this draft document will be submitted to the
   RFC editor as a Proposed Standard for the Internet Community.
   Discussion and suggestions for improvement are requested.  This
   document will expire before April 1998. Distribution of this draft
   is unlimited.

1. Abstract

   When dealing with large amounts of users and many IMAP4 [RFC-2060]
   servers, it is often necessary to move users from one IMAP4 server
   to another.  For example, hardware failures or organizational
   changes may dictate such a move.

   Login referrals allow clients to transparently connect to an
   alternate IMAP4 server, if their home IMAP4 server has changed.

   A referral mechanism can provide efficiencies over the alternative
   'proxy method', in which the local IMAP4 server contacts the remote
   server on behalf of the client, and then transfers the data from the
   remote server to itself, and then on to the client.  The referral
   mechanism's direct client connection to the remote server is often a
   more efficient use of bandwidth, and does not require the local
   server to impersonate the client when authenticating to the remote

Gahrns                                                               1
                        IMAP4 Login Referrals          September 1997

2. Conventions used in this document

   In examples, "C:" and "S:" indicate lines sent by the client and
   server respectively.

   A home server, is an IMAP4 server that contains the user's inbox.

   A remote server is a server that contains remote mailboxes.

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   this document are to be interpreted as described in [RFC-2119].

3. Introduction and Overview

   IMAP4 servers that support this extension MUST list the keyword
   LOGIN-REFERRALS in their CAPABILITY response.  No client action is
   needed to invoke the LOGIN-REFERRALS capability in a server.

   A LOGIN-REFERRALS capable IMAP4 server MUST NOT return referrals
   that result in a referrals loop.

   A LOGIN-REFERRALS response code MUST contain as an argument a valid
   IMAP server URL as defined in [IMAP-URL].

   A home server referral consists of either a tagged NO or OK, or an
   untagged BYE response that contains a LOGIN-REFERRALS response code.

   Example: A001 NO [REFERRAL IMAP://user;AUTH=*@SERVER2/] Remote

   NOTE: user;AUTH=* is specified as required by [IMAP-URL] to avoid a
   client falling back to anonymous login.

4. Home Server Referrals

   A home server referral may be returned in response to an
   AUTHENTICATE or LOGIN command, or it may appear in the connection
   startup banner. If a server returns a home server referral in a
   tagged NO response, that server does not contain any mailboxes that
   are accessible to the user.  If a server returns a home server
   referral in a tagged OK response, it indicates that the user's
   personal mailboxes are elsewhere, but the server contains public
   mailboxes which are readable by the user.  After receiving a home
   server referral, the client can not make any assumptions as to
   whether this was a permanent or temporary move of the user.

Gahrns                                                               2
                        IMAP4 Login Referrals          September 1997

4.1.  LOGIN and AUTHENTICATE Referrals

   An IMAP4 server MAY respond to a LOGIN or AUTHENTICATE command with
   a home server referral if it wishes to direct the user to another
   IMAP4 server.

   Example:  C: A001 LOGIN MIKE PASSWORD
             S: A001 NO [REFERRAL IMAP://MIKE@SERVER2/] Specified user
                     is invalid on this server. Try SERVER2.

             S: A001 OK [REFERRAL IMAP://MATTHEW@SERVER2/] Specified
                     user's personal mailboxes located on Server2, but
                     public mailboxes are available.

             <authentication exchange>
             S: A001 NO [REFERRAL IMAP://user;AUTH=GSSAPI@SERVER2/]
                     Specified user is invalid on this server. Try

4.2. BYE at connection startup referral

   An IMAP4 server MAY respond with an untagged BYE and a REFERRAL
   response code that contains an IMAP URL to a home server if it is
   not willing to accept connections and wishes to direct the client to
   another IMAP4 server.

   Example:  S: * BYE [REFERRAL IMAP://user;AUTH=*@SERVER2/] Server not
                  accepting connections.  Try SERVER2

5. Formal Syntax

   The following syntax specification uses the augmented Backus-Naur
   Form (BNF) as described in [ABNF].

   This amends the "resp_text_code" element of the IMAP4 grammar
   described in [RFC-2060]

   resp_text_code =/ "REFERRAL" SPACE <imapurl>
      ; See [IMAP-URL] for definition of <imapurl>
      ; See [RFC-2060] for base definition of resp_text_code

6. Security Considerations

   The IMAP4 login referral mechanism makes use of IMAP URLs, and as
   such, have the same security considerations as general internet URLs
   [RFC-1738], and in particular IMAP URLs [IMAP-URL].

Gahrns                                                               3
                        IMAP4 Login Referrals          September 1997

   With the LOGIN-REFERRALS capability, it is potentially easier to
   write a rogue 'password catching' server that collects login data
   and then refers the client to their actual IMAP4 server.  Although
   referrals reduce the effort to write such a server, the referral
   response makes detection of the intrusion easier.

7. References

   [RFC-2060], Crispin, M., "Internet Message Access Protocol - Version
   4rev1", RFC 2060, University of Washington, December 1996.

   [IMAP-URL], Newman, C., "IMAP URL Scheme", RFC 2192, Innosoft,
   September 1997

   [RFC-1738], Berners-Lee, Masinter, McCahill, "Uniform Resource
   Locators  (URL)", RFC 1738, CERN, Xerox Corporation, University of
   Minnesota, December 1994

   [RFC-2119], Bradner, S, "Key words for use in RFCs to Indicate
   Requirement Levels", RFC 2119, Harvard University, March 1997

   [ABNF], DRUMS working group, Dave Crocker Editor, "Augmented BNF for
   Syntax Specifications: ABNF", draft-drums-abnf-02.txt (work in
   progress), Internet Mail Consortium, April 1997

8.  Acknowledgments

   Many valuable suggestions were received from private discussions and
   the IMAP4 mailing list.  In particular, Raymond Cheng, Mark Crispin,
   Mark Keasling Chris Newman and Larry Osterman made significant
   contributions to this document.

9. Author's Address

   Mike Gahrns
   One Microsoft Way
   Redmond, WA, 98072

   Phone: (206) 936-9833
   Email: mikega@microsoft.com

Gahrns                                                               4

Html markup produced by rfcmarkup 1.111, available from https://tools.ietf.org/tools/rfcmarkup/