The Mailbox Update (MUPDATE) Distributed Mailbox Database Protocol
RFC 3656
This RFC was published on the Independent Submission stream.
This RFC is not endorsed by the IETF and has no formal standing in the
IETF standards process.
Document | Type |
RFC
- Experimental
(December 2003)
Updated by RFC 8996
Was
draft-siemborski-mupdate
(app)
|
|
---|---|---|---|
Author | Rob Siemborski | ||
Last updated | 2015-10-14 | ||
RFC stream | Independent Submission | ||
Formats | |||
IESG | Responsible AD | Ned Freed | |
Send notices to | (None) |
RFC 3656
Network Working Group R. Siemborski Request for Comments: 3656 Carnegie Mellon University Category: Experimental December 2003 The Mailbox Update (MUPDATE) Distributed Mailbox Database Protocol Status of this Memo This memo defines an Experimental Protocol for the Internet community. It does not specify an Internet standard of any kind. Discussion and suggestions for improvement are requested. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2003). All Rights Reserved. Abstract As the demand for high-performance mail delivery agents increases, it becomes apparent that single-machine solutions are inadequate to the task, both because of capacity limits and that the failure of the single machine means a loss of mail delivery for all users. It is preferable to allow many machines to share the responsibility of mail delivery. The Mailbox Update (MUPDATE) protocol allows a group of Internet Message Access Protocol (IMAP) or Post Office Protocol - Version 3 (POP3) servers to function with a unified mailbox namespace. This document is intended to serve as a reference guide to that protocol. Siemborski Experimental [Page 1] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Protocol Overview . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Atoms . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2. Strings . . . . . . . . . . . . . . . . . . . . . . . . 4 3. Server Responses . . . . . . . . . . . . . . . . . . . . . . 4 3.1. Response: OK . . . . . . . . . . . . . . . . . . . . . 5 3.2. Response: NO . . . . . . . . . . . . . . . . . . . . . 5 3.3. Response: BAD . . . . . . . . . . . . . . . . . . . . . 5 3.4. Response: BYE . . . . . . . . . . . . . . . . . . . . . 6 3.5. Response: RESERVE . . . . . . . . . . . . . . . . . . . 6 3.6. Response: MAILBOX . . . . . . . . . . . . . . . . . . . 6 3.7. Response: DELETE . . . . . . . . . . . . . . . . . . . 7 3.8. Server Capability Response. . . . . . . . . . . . . . . 7 4. Client Commands . . . . . . . . . . . . . . . . . . . . . . . 8 4.1. Command: ACTIVATE . . . . . . . . . . . . . . . . . . . 8 4.2. Command: AUTHENTICATE . . . . . . . . . . . . . . . . . 8 4.3. Command: DEACTIVATE . . . . . . . . . . . . . . . . . . 9 4.4. Command: DELETE . . . . . . . . . . . . . . . . . . . . 9 4.5. Command: FIND . . . . . . . . . . . . . . . . . . . . . 9 4.6. Command: LIST . . . . . . . . . . . . . . . . . . . . . 10 4.7. Command: LOGOUT . . . . . . . . . . . . . . . . . . . . 10 4.8. Command: NOOP . . . . . . . . . . . . . . . . . . . . . 10 4.9. Command: RESERVE. . . . . . . . . . . . . . . . . . . . 10 4.10. Command: STARTTLS . . . . . . . . . . . . . . . . . . . 11 4.11. Command: UPDATE . . . . . . . . . . . . . . . . . . . . 12 5. MUPDATE Formal Syntax . . . . . . . . . . . . . . . . . . . . 12 6. MUPDATE URL Scheme. . . . . . . . . . . . . . . . . . . . . . 14 6.1. MUPDATE URL Scheme Registration Form. . . . . . . . . . 14 7. Security Considerations . . . . . . . . . . . . . . . . . . . 15 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 16 9. Intellectual Property Rights. . . . . . . . . . . . . . . . . 16 10. References. . . . . . . . . . . . . . . . . . . . . . . . . . 17 10.1. Normative References. . . . . . . . . . . . . . . . . . 17 10.2. Informative References. . . . . . . . . . . . . . . . . 17 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 18 12. Author's Address. . . . . . . . . . . . . . . . . . . . . . . 18 13. Full Copyright Statement. . . . . . . . . . . . . . . . . . . 19 Siemborski Experimental [Page 2] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 1. Introduction In order to support an architecture where there are multiple [IMAP, POP3] servers sharing a common mailbox database, it is necessary to be able to provide atomic mailbox operations, as well as offer sufficient guarantees about database consistency. The primary goal of the MUPDATE protocol is to be simple to implement yet allow for database consistency between participants. The key words "MUST, "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT", "RECOMMENDED", and "MAY" in this document are to be interpreted as defined in BCP 14, RFC 2119 [KEYWORDS]. In examples, "C:" and "S:" indicate lines sent by the client and server respectively. 2. Protocol Overview The MUPDATE protocol assumes a reliable data stream such as a TCP network connection. IANA has registered port 3905 with a short name of "mupdate" for this purpose. In the current implementation of the MUPDATE protocol there are three types of participants: a single master server, slave (or replica) servers, and clients. The master server maintains an authoritative copy of the mailbox database. Slave servers connect to the MUPDATE master server as clients, and function as replicas from the point of view of end clients. End clients may connect to either the master or any slave and perform searches against the database, however operations that change the database can only be performed against the master. For the purposes of protocol discussion we will consider a slave's connection to the master identical to that of any other client. After connection, all commands from a client to server must have an associated unique tag which is an alphanumeric string. Commands MAY be pipelined from the client to the server (that is, the client need not wait for the response before sending the next command). The server MUST execute the commands in the order they were received, however. If the server supports an inactivity login timeout, it MUST be at least 15 minutes. Siemborski Experimental [Page 3] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 MUPDATE uses data formats similar to those used in [ACAP]. That is, atoms and strings. All commands and tags in the protocol are transmitted as atoms. All other data is considered to a string, and must be quoted or transmitted as a literal. Outside of a literal, both clients and servers MUST support line lengths of at least 1024 octets (including the trailing CR and LF characters). If a line of a longer length must be transmitted, implementations MUST make use of literals to do so. 2.1. Atoms An atom consists of one or more alphanumeric characters. Atoms MUST be less than 15 octets in length. 2.2. Strings As in [ACAP], a string may be either literal or a quoted string. A literal is a sequence of zero or more octets (including CR and LF), prefix-quoted with an octet count in the form of an open brace ("{"), the number of octets, an optional plus sign to indicate that the data follows immediately (a non-synchronized literal), a close brace ("}"), and a CRLF sequence. If the plus sign is omitted (a synchronized literal), then the receiving side MUST send a "+ go ahead" response, and the sending side MUST wait for this response. Servers MUST support literals of atleast 4096 octets. Strings that are sent from server to client SHOULD NOT be in the synchronized literal format. A quoted string is a sequence of zero or more 7-bit characters, excluding CR, LF, and the double quote (<">), with double quote characters at each end. The empty string is represented as either "" (a quoted string with zero characters between double quotes) or as {0} followed by CRLF (a literal with an octet count of 0). 3. Server Responses Every client command in the MUPDATE protocol may receive one or more tagged responses from the server. Each response is preceded by the same tag as the command that elicited the response from the server. Siemborski Experimental [Page 4] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 3.1. Response: OK A tagged OK response indicates that the operation completed successfully. There is a mandatory implementation-defined string after the OK response. This response also indicates the beginning of the streaming update mode when given in response to an UPDATE command. Example: C: N01 NOOP S: N01 OK "NOOP Complete" 3.2. Response: NO A tagged NO response indicates that the operation was explicitly denied by the server or otherwise failed. There is a mandatory implementation-defined string after the NO response that SHOULD explain the reason for denial. Example: C: A01 AUTHENTICATE "PLAIN" S: A01 NO "PLAIN is not a supported SASL mechanism" 3.3. Response: BAD A tagged BAD response indicates that the command from the client could not be parsed or understood. There is a mandatory implementation-defined string after the BAD response to provide additional information about the error. Note that untagged BAD responses are allowed if it is unclear what the tag for a given command is (for example, if a blank line is received by the mupdate server, it can generate an untagged BAD response). In the case of an untagged response, the tag should be replaced with a "*". Example: C: C01 SELECT "INBOX" S: C01 BAD "This is not an IMAP server" C: S: * BAD "Need Command" Siemborski Experimental [Page 5] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 3.4. Response: BYE A tagged BYE response indicates that the server has decided to close the connection. There is a mandatory implementation-defined string after the BYE response that SHOULD explain the reason for closing the connection. The server MUST close the connection immediately after transmitting the BYE response. Example: C: L01 LOGOUT S: L01 BYE "User Logged Out" 3.5. Response: RESERVE A tagged RESERVE response may only be given in response to a FIND, LIST, or UPDATE command. It includes two parameters: the name of the mailbox that is being reserved (in mUTF-7 encoding, as specified in [IMAP]) and a location string whose contents is defined by the clients that are using the database, though it is RECOMMENDED that the format of this string be the hostname of the server which is storing the mailbox. This response indicates that the given name is no longer available in the namespace, though it does not indicate that the given mailbox is available to clients at the current time. Example: S: U01 RESERVE "internet.bugtraq" "mail2.example.org" 3.6. Response: MAILBOX A tagged MAILBOX response may only be given in response to a FIND, LIST, or UPDATE command. It includes three parameters: the name of the mailbox, a location string (as with RESERVE), and a client- defined string that specifies the IMAP ACL [IMAP-ACL] of the mailbox. This message indicates that the given mailbox is ready to be accessed by clients. Example: S: U01 MAILBOX "internet.bugtraq" "mail2.example.org" "anyone rls" Siemborski Experimental [Page 6] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 3.7. Response: DELETE A tagged DELETE response may only be given in response to an UPDATE command, and MUST NOT be given before the OK response to the UPDATE command is given. It contains a single parameter, that of the mailbox that should be deleted from the slave's database. This response indicates that the given mailbox no longer exists in the namespace of the database, and may be given for any mailbox name, active, reserved, or nonexistent. (Though implementations SHOULD NOT issue DELETE responses for nonexistent mailboxes). Example: S: U01 DELETE "user.rjs3.sent-mail-jan-2002" 3.8. Server Capability Response Upon connection of the client to the server, and directly following a successful STARTTLS command, the server MUST issue a capabilities banner, of the following format: The banner MUST contain a line that begins with "* AUTH" and contain a space-separated list of SASL mechanisms that the server will accept for authentication. The mechanism names are transmitted as atoms. Servers MAY advertise no available mechanisms (to indicate that STARTTLS must be completed before authentication may occur). If STARTTLS is not supported by the server, then the line MUST contain at least one mechanism. If the banner is being issued without a TLS layer, and the server supports the STARTTLS command, the banner MUST contain the line "* STARTTLS". If the banner is being issued under a TLS layer (or the server does not support STARTTLS), the banner MUST NOT contain this line. The last line of the banner MUST start with "* OK MUPDATE" and be followed by four strings: the server's hostname, an implementation- defined string giving the name of the implementation, an implementation-defined string giving the version of the implementation, and a string that indicates if the server is a master or a slave. The master/slave indication MUST be either "(master)" or an MUPDATE URL that defines where the master can be contacted. Any unrecognized responses before the "* OK MUPDATE" response MUST be ignored by the client. Siemborski Experimental [Page 7] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 Example: S: * AUTH KERBEROS_V4 GSSAPI S: * STARTTLS S: * OK MUPDATE "mupdate.example.org" "Cyrus" "v2.1.2" "(master)" 4. Client Commands The following are valid commands that a client may send to the MUPDATE server: AUTHENTICATE, ACTIVATE, DEACTIVATE, DELETE, FIND, LIST, LOGOUT, NOOP, RESERVE, STARTTLS, and UPDATE. Before a successful AUTHENTICATE command has occurred, the server MUST NOT accept any commands except for AUTHENTICATE, STARTTLS, and LOGOUT (and SHOULD reply with a NO response for all other commands). 4.1. Command: ACTIVATE The ACTIVATE command has 3 parameters: the mailbox name, its location, and its ACL. This command MUST NOT not be issued to a slave server. This command can also be used to update the ACL or location information of a mailbox. Note that it is not a requirement for a mailbox to be reserved (or even exist in the database) for an ACTIVATE command to succeed, implementations MUST allow this behavior as it facilitates synchronization of the database with the current state of the mailboxes. 4.2. Command: AUTHENTICATE The AUTHENTICATE command initiates a [SASL] negotiation session between the client and the server. It has two parameters. The first parameter is mandatory, and is a string indicating the desired [SASL] mechanism. The second is a string containing an optional BASE64 encoded (as defined in section 6.8 of [MIME]) client first send. All of the remaining SASL blobs that are sent MUST be sent across the wire must be in BASE64 encoded format, and followed by a CR and LF combination. They MUST NOT be encoded as strings. Clients may cancel authentication by sending a * followed by a CR and LF. The [SASL] service name for the MUPDATE protocol is "mupdate". Implementations are REQUIRED to implement the GSSAPI [SASL] mechanism, though they SHOULD implement as many mechanisms as possible. Siemborski Experimental [Page 8] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 If a security layer is negotiated, it should be used directly following the CR and LF combination at the end of the server's OK response (i.e., beginning with the client's next command) Only one successful AUTHENTICATE command may be issued per session. 4.3. Command: DEACTIVATE The DEACTIVATE command takes two parameters, the mailbox name and location data. The mailbox MUST already exist and be activated on the MUPDATE server. If the server responds OK, then the mailbox name has been moved to the RESERVE state. If the server responds NO, then the mailbox name has not been moved (for example, the mailbox was not already active). Any ACL information that is known about the mailbox MAY be lost when a DEACTIVATE succeeds. This command MUST NOT be issued to a slave. Example: C: A01 DEACTIVATE "user.rjs3.new" "mail3.example.org!u4" S: A01 OK "Mailbox Reserved." 4.4. Command: DELETE The DELETE command takes only a single parameter, the mailbox name to be removed from the database's namespace. The server SHOULD give a NO response if the mailbox does not exist. This command MUST NOT be issued to a slave server. 4.5. Command: FIND The FIND command takes a single parameter, a mailbox name. The server then responds with the current record for the given mailbox, if any, and an OK response. Example (mailbox does not exist): C: F01 FIND "user.rjs3.xyzzy" S: F01 OK "Search Complete" Example (mailbox is reserved): C: F01 FIND "user.rjs3" S: F01 RESERVE "user.rjs3" "mail4.example.org" S: F01 OK "Search Complete" Siemborski Experimental [Page 9] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 4.6. Command: LIST The LIST command is similar to running FIND across the entire database. The LIST command takes a single optional parameter, which is a prefix to try to match against the location field of the records. Without the parameter, LIST returns every record in the database. For each mailbox that matches, either a MAILBOX or a RESERVE response (as applicable) is sent to the client. When all responses are complete, an OK response is issued. Example: C: L01 LIST S: L01 RESERVE "user.rjs3" "mail4.example.org!u2" S: L01 MAILBOX "user.leg" "mail2.example.org!u1" "leg lrswipcda" S: L01 OK "List Complete" C: L02 LIST "mail4.example.org!" S: L02 RESERVE "user.rjs3" "mail4.example.org!u2" S: L02 OK "List Complete" 4.7. Command: LOGOUT The LOGOUT command tells the server to close the connection. Its only valid response is the BYE response. The LOGOUT command takes no parameters. 4.8. Command: NOOP The NOOP command takes no parameters. Provided the client is authenticated, its only acceptable response is an OK. Any idle timeouts that the server may have on the connection SHOULD be reset upon receipt of this command. If this command is issued after an UPDATE command has been issued, then the OK response also indicates that all pending database updates have been sent to the client. That is, the slave can guarantee that its local database is up to date as of a certain time by issuing a NOOP and waiting for the OK. The OK MUST NOT return until all updates that were pending at the time of the NOOP have been sent. 4.9. Command: RESERVE The RESERVE command takes two parameters (just like the RESERVE response), the mailbox name to reserve and location data. If the server responds OK, then the mailbox name has been reserved. If the server responds NO, then the mailbox name has not been reserved (for Siemborski Experimental [Page 10] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 example, another server has reserved it already). This command MUST NOT be issued to a slave. The typical sequence for mailbox creation is: C: R01 RESERVE "user.rjs3.new" "mail3.example.org!u4" S: R01 OK "Mailbox Reserved." <client does local mailbox create operations> C: A01 ACTIVATE "user.rjs3.new" "mail3.example.org!u4" "rjs3 lrswipcda" S: A01 OK "Mailbox Activated." 4.10. Command: STARTTLS The STARTTLS command requests the commencement of a [TLS] negotiation. The negotiation begins immediately after the CRLF in the OK response. After a client issues a STARTTLS command, it MUST NOT issue further commands until a server response is seen and the [TLS] negotiation is complete. The STARTTLS command is only valid in non-authenticated state. The server remains in non-authenticated state, even if client credentials are supplied during the [TLS] negotiation. The [SASL] EXTERNAL mechanism MAY be used to authenticate once [TLS] client credentials are successfully exchanged. Note that servers are not required to support the EXTERNAL mechanism. After the [TLS] layer is established, the server MUST re-issue the initial response banner (see Section 3.8). This is necessary to protect against man-in-the-middle attacks which alter the capabilities list prior to STARTTLS, as well as to advertise any new SASL mechanisms (or other capabilities) that may be available under the layer. The client MUST discard cached capability information and replace it with the new information. After the a successful STARTTLS command, the server SHOULD return a NO response to additional STARTTLS commands. Servers MAY choose to not implement STARTTLS. In this case, they MUST NOT advertise STARTTLS in their capabilities banner, and SHOULD return a BAD response to the STARTTLS command, if it is issued. Example: C: S01 STARTTLS S: S01 OK "Begin TLS negotiation now" <TLS negotiation, further commands are under TLS layer> S: * AUTH KERBEROS_V4 GSSAPI PLAIN S: * OK MUPDATE "mupdate.example.org" "Cyrus" "v2.1.2" "(master)" Siemborski Experimental [Page 11] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 4.11. Command: UPDATE The UPDATE command is how a slave initializes an update stream from the master (though it is also valid to issue this command to a slave). In response to the command, the server returns a list of all mailboxes in its database (the same results as a parameterless LIST command) followed by an OK response. From this point forward, whenever an update occurs to the master database, it MUST stream the update to the slave within 30 seconds. That is, it will send RESERVE, MAILBOX, or DELETE responses as they are applicable. After a client has issued an UPDATE command, it may only issue NOOP and LOGOUT commands for the remainder of the session. Example: C: U01 UPDATE S: U01 MAILBOX "user.leg" "mail2.example.org!u1" "leg lrswipcda" S: U01 MAILBOX "user.rjs3" "mail3.example.org!u4" "rjs3 lrswipcda" S: U01 RESERVE "internet.bugtraq" "mail1.example.org!u5" "anyone lrs" S: U01 OK "Streaming Begins" <some time goes by, and another client creates a new mailbox> S: U01 RESERVE "user.leg.new" "mail2.example.org!u1" <some more time passes, and the create succeeds> S: U01 MAILBOX "user.leg.new" "mail2.example.org!u1" "leg lrswipcda" <much more time passes, and the slave decides to send a NOOP to reset its inactivity timer> C: N01 NOOP S: U01 DELETE "user.leg.new" S: N01 OK "NOOP Complete" 5. MUPDATE Formal Syntax The following syntax specification uses the Augmented Backus-Naur Form (ABNF) notation as specified in [ABNF]. This uses the ABNF core rules as specified in Appendix A of [ABNF]. Except as noted otherwise, all alphabetic characters are case- insensitive. The use of upper or lower case characters to define token strings is for editorial clarity only. Implementations MUST accept these strings in a case-insensitive fashion. Note that this specification also uses some terminals from section 8 of [ACAP]. cmd-activate = "ACTIVATE" SP string SP string SP string cmd-authenticate = "AUTHENTICATE" SP sasl-mech [ SP string ] Siemborski Experimental [Page 12] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 cmd-delete = "DELETE" SP string cmd-find = "FIND" SP string cmd-list = "LIST" [ SP string ] cmd-logout = "LOGOUT" cmd-noop = "NOOP" cmd-reserve = "RESERVE" SP string SP string cmd-starttls = "STARTTLS" cmd-update = "UPDATE" command = tag SP command-type CRLF command-type = cmd-activate / cmd-authenticate / cmd-delete / cmd-find / cmd-list / cmd-logout / cmd-noop / cmd-reserve / cmd-starttls / cmd-update response = tag SP response-type CRLF response-type = rsp-ok / rsp-no / rsp-bad / rsp-bye / rsp-mailbox / rsp-reserve / rsp-delete rsp-bad = "BAD" SP string rsp-bye = "BYE" SP string rsp-mailbox = "MAILBOX" SP string SP string SP string rsp-no = "NO" SP string rsp-ok = "OK" SP string rsp-reserve = "RESERVE" SP string SP string rsp-delete = "DELETE" SP string sasl-mech = 1*ATOM-CHAR ; ATOM-CHAR is defined in [ACAP] string = quoted / literal ; quoted and literal are defined in [ACAP] Siemborski Experimental [Page 13] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 tag = 1*ATOM-CHAR ; ATOM-CHAR is defined in [ACAP] 6. MUPDATE URL Scheme This document defines the a URL scheme for the purposes of referencing MUPDATE resources, according to the requirements in [RFC2717]. This includes both MUPDATE servers as a whole, along with individual mailbox entries on a given MUPDATE server. There is no MIME type associated with these resources. It is intended that a URL consumer would either retrieve the MUPDATE record in question, or simply connect to the MUPDATE server running on the specified host. Note that the consumer will need to have authentication credentials for the specified host. The MUPDATE URL scheme is similar to the IMAP URL scheme [IMAP-URL]. However, it only takes one of two possible forms: mupdate://<iserver>/ mupdate://<iserver>/<mailbox> The first form refers to a MUPDATE server as a whole, the second form indicates both the server and a mailbox to run a FIND against once authenticated to the server. Note that part of <iserver> may include username and authentication information along with a hostname and port. 6.1. MUPDATE URL Scheme Registration Form URL scheme name: "mupdate" URL scheme syntax: This defines the MUPDATE URL Scheme in [ABNF]. Terminals from the BNF of IMAP URLs [IMAP-URL] are also used. mupdateurl = "mupdate://" iserver "/" [ enc_mailbox ] ; iserver and enc_mailbox are as defined in [IMAP-URL] Character encoding considerations: Identical to those described in [IMAP-URL] for the appropriate terminals. Siemborski Experimental [Page 14] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 Intended Usage: The form of the URL without an associated mailbox is intended to designate a MUPDATE server only. If a mailbox name is included in the URL, then the consumer is expected to execute a FIND command for that mailbox on the specified server. Applications and/or protocols which use this URL scheme name: The protocol described in this document. Interoperability Considerations: None. Security Considerations: Users of the MUPDATE URL Scheme should review the security considerations that are discussed in [IMAP-URL]. In particular, the consequences of including authentication mechanism information in a URL should be reviewed. Relevant Publications: This document and [IMAP-URL]. Author, Change Controller, and Contact for Further Information: Author of this document. 7. Security Considerations While no unauthenticated users may make modifications or even perform searches on the database, it is important to note that this specification assumes no protections of any type for authenticated users. All authenticated users have complete access to the database. For this reason it is important to ensure that accounts that are making use of the database are well secured. A more secure deployment might have all read only access go through a slave, and only have accounts which need write access use the master. This has the disadvantage of a marginally longer time for updates to reach the clients. Siemborski Experimental [Page 15] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 The protocol assumes that all authenticated users are cooperating to maintain atomic operations. Therefore, all new mailboxes SHOULD be RESERVEd before they are ACTIVATEd, despite the fact that the protocol does not require this, and it is therefore possible for a set of participants which do not obey the provided locking to create an inconsistent database. RESERVEing the mailbox first is not required to perform an activate because this behavior simplifies synchronization with the actual location of the mailboxes. 8. IANA Considerations The IANA has assigned TCP port number 3905 to "mupdate". The IANA has registered a URL scheme for the MUPDATE protocol, as defined in section 6.1 of this document. IANA has registered a GSSAPI service name of "mupdate" for the MUPDATE protocol in the registry maintained at: http://www.iana.org/assignments/gssapi-service-names 9. Intellectual Property Rights The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. Siemborski Experimental [Page 16] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 10. References 10.1. Normative References [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [IMAP] Crispin, M., "Internet Message Access Protocol - Version 4", RFC 3501, March 2003. [ABNF] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997. [MIME] Freed, N. and N. Bornstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [IMAP-ACL] Myers, J., "IMAP4 ACL extension", RFC 2086, January 1997. [SASL] Myers, J., "Simple Authentication and Security Layer (SASL)", RFC 2222, October 1997. [IMAP-URL] Newman, C., "IMAP URL Scheme", RFC 2192, September 1997. [ACAP] Newman, C. and J. Myers, "ACAP -- Application Configuration Access Protocol", RFC 2244, November 1997. [TLS] Dierks, T. and C. Allen, "The TLS Protocol Version 1.0", RFC 2246, January 1999. 10.2. Informative References [POP3] Myers, J. and M. Rose, "Post Office Protocol - Version 3", STD 53, RFC 1939, May 1996. [RFC2717] Petke, R. and I. King, "Registration Procedures for URL Scheme Names", BCP 35, RFC 2717, November 1999. Siemborski Experimental [Page 17] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 11. Acknowledgments Lawrence Greenfield and Ken Murchison, for a great deal of input on both the protocol and the text of the documents. 12. Author's Address Robert Siemborski Carnegie Mellon, Andrew Systems Group Cyert Hall 207 5000 Forbes Avenue Pittsburgh, PA 15213 Phone: (412) 268-7456 EMail: rjs3+@andrew.cmu.edu Siemborski Experimental [Page 18] RFC 3656 MUPDATE Distributed Mailbox Database Protocol December 2003 13. Full Copyright Statement Copyright (C) The Internet Society (2003). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. Siemborski Experimental [Page 19]