Network Working Group D. Cridland
Internet-Draft Isode Limited
Expires: August 10, 2008 February 7, 2008
Extended URLFETCH for binary and converted parts
draft-cridland-urlfetch-binary-01
Status of this Memo
By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on August 10, 2008.
Copyright Notice
Copyright (C) The IETF Trust (2008).
Abstract
The URLFETCH command defined as part of URLAUTH provides a mechanism
for third-parties to gain access to data held within messages in a
user's private store, however, this data is sent verbatim, which is
not suitable for a number of applications. This memo specifies a
method for obtaining data in forms suitable for non-mail
applications.
Cridland Expires August 10, 2008 [Page 1]
Internet-Draft URLFETCH BINARY February 2008
Table of Contents
1. Conventions used in this document . . . . . . . . . . . . . . . 3
2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. Extended URLFETCH . . . . . . . . . . . . . . . . . . . . . . . 3
3.1. Command Parameters . . . . . . . . . . . . . . . . . . . . 3
3.2. Response Metadata . . . . . . . . . . . . . . . . . . . . . 4
4. Example Exchanges . . . . . . . . . . . . . . . . . . . . . . . 4
5. Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . . 6
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . . 7
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
9.1. Normative References . . . . . . . . . . . . . . . . . . . 7
9.2. Informative References . . . . . . . . . . . . . . . . . . 8
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 8
Intellectual Property and Copyright Statements . . . . . . . . . . 9
Cridland Expires August 10, 2008 [Page 2]
Internet-Draft URLFETCH BINARY February 2008
1. Conventions used in this document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [KEYWORDS].
Protocol examples are line-wrapped for clarity. Protocol strings are
prefixed with C: and S: for client and server respectively, and
elided data is represented by [...]. Implementors should note these
notations are for editorial clarity only.
2. Introduction
Although [URLAUTH] provides a URLFETCH command which can be used to
dereference a URL and return the body part data, it does so by
returning the encoded form, without sufficient data to decode. This
is suitable for use in mail applications such as [BURL], where the
encoded form is suitable, but not where access to the actual content
is required, such as [STREAMING].
This memo specifies a mechanism which returns additional metadata
about the part, such as its media type, as well as removing any
content transfer encoding used on the body part.
3. Extended URLFETCH
This extension is available in any IMAP server implementation which
includes URLAUTH=BINARY within its capability string.
Such servers accept additional, per-URL, parameters to the URLFETCH
command, and will provide, upon request, additional data for each URL
dereferenced.
3.1. Command Parameters
The URLFETCH command is extended by the provision of optional
parameters. The extended URLFETCH command is distinct by enclosing
each URL and associated parameters in a parenthesized list. The
absence of any parameters, or if the URL is sent unenclosed, causes
the command to behave precisely as specified in [URLAUTH].
Note that the content itself is always returned, with or without
transfer encoding, as the client has requested.
Available parameters are:
Cridland Expires August 10, 2008 [Page 3]
Internet-Draft URLFETCH BINARY February 2008
BODYPARTSTRUCTURE
Provide a BODYPARTSTRUCTURE in additional to the data itself.
BODYPARTSTRUCTURE is defined in [CONVERT].
BINARY
Remove any Content-Transfer-Encoding.
In particular, this means that the data MAY contain NUL octets,
and not be formed from textual lines. Data containing NUL octets
MUST be transferred using the literal8 syntax defined in [BINARY].
3.2. Response Metadata
In order to carry any requested metadata and provide additional
information to the consumer, the URLFETCH response is similarly
extended.
Following the URL itself, servers will include a series of
parenthesized metadata elements. Defined metadata elements are as
follows:
BODYPARTSTRUCTURE
The BODYPARTSTRUCTURE provides information about the data
contained in the response, as it has been returned. It will
reflect any conversions or decoding that have taken place.
Note that unlike [CONVERT], BODYPARTSTRUCTURE is not appended with
the part specifier, as this is implicit in the URL.
4. Example Exchanges
A client requests the data with no content transfer encoding.
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=1.2;urlauth=anonymous:internal:
91354a473744909de610943775f92038" BINARY)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=1.2;urlauth=anonymous:internal:
91354a473744909de610943775f92038" {28}
S: Si vis pacem, para bellum.
S:
S: A001 OK URLFETCH completed
Note that the data here does not contain a NUL octet, therefore a
literla - not literal8 - syntax has been used.
Cridland Expires August 10, 2008 [Page 4]
Internet-Draft URLFETCH BINARY February 2008
A client again requests data with no content transfer encoding, but
this time requests the body structure.
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" BINARY BODYPARTSTRUCTURE)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" ((BODYPARTSTRUCTURE
("IMAGE" "PNG" () NIL NIL "BINARY" 123))) ~{123}
S: [123 octets of data, some of which is NUL]
S: A001 OK URLFETCH completed
A client requests the body structure, and the original content.
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" BINARY BODYPARTSTRUCTURE)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" ((BODYPARTSTRUCTURE
("IMAGE" "PNG" () NIL NIL "BASE64" 164))) {164}
S: [164 octets of base64 encoded data]
S: A001 OK URLFETCH completed
Cridland Expires August 10, 2008 [Page 5]
Internet-Draft URLFETCH BINARY February 2008
5. Formal Syntax
This formal syntax uses ABNF as specified in [ABNF], and includes
productions defined in [URLAUTH], [BINARY] and [IMAP].
capability =/ "URLAUTH=BINARY"
; Command parameters; see Section 3.1
urlfetch = "URLFETCH" 1*(SP url-fetch-arg)
url-fetch-arg = url-fetch-simple / url-fetch-ext
url-fetch-simple = url-full
; Unextended URLFETCH.
url-fetch-ext = "(" url-full *(SP url-fetch-param) ")"
; If no url-fetch-param present, as unextended.
url-fetch-param = "BINARY" / "BODYPARTSTRUCTURE" / atom
; TODO: Should this be iana-token?
; Response; see Section 3.2
urlfetch-data = "*" SP "URLFETCH"
1*(SP (urldata-simple / urldata-ext))
urldata-simple = SP url-full SP nstring
; If client issues url-fetch-simple, server MUST respond with
; urldata-simple
urldata-ext = SP url-full [url-metadata] SP (nstring / literal8)
; Note that content is always returned.
; If the content contains a NUL octet, the server MUST use literal8.
; Otherwise, the server SHOULD use nstring syntax.
url-metadata = 1*(SP "(" url-metadata-el ")")
url-metadata-el = "BODYPARTSTRUCTURE" SP body / "BINARY"
Cridland Expires August 10, 2008 [Page 6]
Internet-Draft URLFETCH BINARY February 2008
6. IANA Considerations
IMAP4 capabilities are registered by publishing a standards track or
IESG approved experimental RFC. The registry is currently located
at:
http://www.iana.org/assignments/imap4-capabilities
This document defines the URLFETCH=BINARY IMAP capability. IANA is
requested to add it to the registry accordingly.
This document has no actions for IANA.
7. Security Considerations
Implementors are directed to the security considerations within
[IMAP], [URLAUTH], and [BINARY].
The ability of the holder of a URL to be able to fetch metadata about
the content pointed to by the URL as well as the content itself
allows a potential attacker to discover more about the content than
was previously possible, including its original filename, and user-
supplied description.
The additional value of this information to an attacker in marginal,
and applies only to those URLs for which the attacker does not have
direct access, such as those produced by [URLAUTH]. Implementors are
therefore directed to the security considerations present in
[URLAUTH].
8. Acknowledgements
Comments were received on the idea, and/or this draft, from Neil
Cook, Philip Guenther, Alexey Melnikov, Ken Murchison and others.
Whether in agreement or dissent, the comments have refined and
otherwise influenced the document.
9. References
9.1. Normative References
[ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008.
[BINARY] Nerenberg, L., "IMAP4 Binary Content Extension", RFC 3516,
Cridland Expires August 10, 2008 [Page 7]
Internet-Draft URLFETCH BINARY February 2008
April 2003.
[CONVERT] Melnikov, A. and P. Coates, "IMAP CONVERT extension",
draft-ietf-lemonade-convert-13 (work in progress),
December 2007.
[IMAP] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
4rev1", RFC 3501, March 2003.
[KEYWORDS]
Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[URLAUTH] Crispin, M., "Internet Message Access Protocol (IMAP) -
URLAUTH Extension", RFC 4467, May 2006.
9.2. Informative References
[BURL] Newman, C., "Message Submission BURL Extension", RFC 4468,
May 2006.
[STREAMING]
Cook, N., "Streaming Internet Messaging Attachments",
draft-ietf-lemonade-streaming-03 (work in progress),
September 2007.
Author's Address
Dave Cridland
Isode Limited
5 Castle Business Village
36, Station Road
Hampton, Middlesex TW12 2BX
GB
Email: dave.cridland@isode.com
Cridland Expires August 10, 2008 [Page 8]
Internet-Draft URLFETCH BINARY February 2008
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.
Acknowledgment
Funding for the RFC Editor function is provided by the IETF
Administrative Support Activity (IASA).
Cridland Expires August 10, 2008 [Page 9]
