IMAP URL Scheme
draft-ietf-lemonade-rfc2192bis-09

Approval announcement
Draft of message to be sent after approval:

From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Internet Architecture Board <iab@iab.org>,
    RFC Editor <rfc-editor@rfc-editor.org>, 
    lemonade mailing list <lemonade@ietf.org>, 
    lemonade chair <lemonade-chairs@tools.ietf.org>
Subject: Protocol Action: 'IMAP URL Scheme' to Proposed Standard 

The IESG has approved the following document:

- 'IMAP URL Scheme '
   <draft-ietf-lemonade-rfc2192bis-10.txt> as a Proposed Standard

This document is the product of the Enhancements to Internet email to 
Support Diverse Service Environments Working Group. 

The IESG contact persons are Lisa Dusseault and Alexey Melnikov.

A URL of this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-ietf-lemonade-rfc2192bis-10.txt

Technical Summary

IMAP (RFC 3501) is a rich protocol for accessing remote message stores.
It provides an ideal mechanism for accessing public mailing list
archives as well as private and shared message stores. This document
defines a URL scheme for referencing objects on an IMAP server.

This document obsoletes RFC 2192 and updates RFC 4467.

Working Group Summary

This document removed support for IMAP URLs for listing the contents of a
mailbox. There was a clear consensus that this feature (originally
described in RFC 2192) was never implemented.

Some of the changes to the document were a result of the Lemonade
interoperability event of October 2006 held in London, England.

Protocol Quality

The document received several positive reviews. In particular it is
worth noting Ted Hardie and Zoltan Ordogh have done detailed reviews of
the document. This document addresses all issues raised.

Eric Burger shepherds this document on behalf of Lisa Dusseault, the
responsible Area Director. Lisa and Eric reviewed this document and
believe it is ready for forwarding to the IESG for publication.
 
Note to RFC Editor
 
In section 6.1.1.1, first paragraph, last sentence:
OLD:
    The authorization token is
    generated from the URL, the authorized access identifer, authoriza-
                                                  ^^^^^^^^^
    tion mechanism name, and a mailbox access key.

NEW:
    The authorization token is
    generated from the URL, the authorized access identifier, autho-
                                                  ^^^^^^^^^^
    rization mechanism name, and a mailbox access key.

(typo in the word "identifier")


In section 6.1.1.2, replace the first paragraph:

OLD:     The mailbox access key is a random string with at least 128 bits
of
    entropy.  It is generated by software (not by the human user), and
    MUST be unpredictable.

NEW:
    The mailbox access key is an unpredictable, random string.  To
    ensure unpredictability, the random string with at least 128 bits
    of entropy is generated by software or hardware (not by the human
    user).


In section 9.1, 9th paragraph:

OLD:

    The following edge case example demostrates that the ;UIDVALIDITY=
                                    ^^^^^^^^^^^
    modifier is a part of the mailbox name as far as relative URI reso-
    lution is concerned:

NEW:
    The following edge case example demonstrates that the ;UIDVALIDITY=
                                    ^^^^^^^^^^^^
    modifier is a part of the mailbox name as far as relative URI reso-
    lution is concerned:

typo: demonstrates


In section 10.1, first paragraph, replace the last sentence:

OLD:

    Use of either of these access identi-
    fiers makes it impossible for an attacker, spying on the session,
    to use the same URL, either directly or by submission to a message
    submission entity.

NEW:
    Use of either of these mechanisms limits the scope of the URL.
    An attacker who cannot authenticate using the appropriate credentials
    cannot make use of the URL.



In section 12.1, 13th paragraph:
OLD:
       A widely deployed IMAP client Netscape Mail (and possibly
    Mozilla/ Thubderbird/Seamonkey) use a different imap: scheme inter-
            ^   ^
    nally.

NEW:
       A widely deployed IMAP client Netscape Mail (and possibly
    Mozilla/Thunderbird/Seamonkey) use a different imap: scheme inter-
            ^  ^
    nally.

(typo in Thunderbird, also remove an extra space)



In Appendix D, third paragraph, add:
OLD:
    Editors would like to thank Mark Crispin, Ken Murchison, Ted
    Hardie, Zoltan Ordogh, Dave Cridland, Kjetil Torgrim Homme, Lisa
    Dusseault, Spencer Dawkins, Filip Navara and Shawn M. Emery for the
                                             ^^^
    time they devoted to reviewing of this document and/or for the com-
    ments received.
NEW:
    Editors would like to thank Mark Crispin, Ken Murchison, Ted
    Hardie, Zoltan Ordogh, Dave Cridland, Kjetil Torgrim Homme, Lisa
    Dusseault, Spencer Dawkins, Filip Navara, Shawn M. Emery, Sam Hartman,

                                            ^               ^^^^^^^^^^^^^

    Russ Housley and Lars Eggert for the time they devoted to
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    reviewing of this document and/or for the comments received.