Network Working Group Arnt Gulbrandsen Internet-Draft Oryx Mail Systems GmbH Intended Status: Proposed Standard February 15, 2008 IMAP Response Codes draft-gulbrandsen-imap-response-codes-01.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet- Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft expires in August 2008. Copyright Notice Copyright (C) The IETF Trust (2008). Abstract IMAP responses consist of a response type (OK, NO, BAD), an optional machine-readable response code and a human-readable text. This document collects and documents a variety of machine-readable response codes, for better interoperation and error reporting. Gulbrandsen Expires August 2008 [Page 1] Internet-draft February 2008 1. Conventions Used in This Document Formal syntax is defined by [RFC5234] as modified by [RFC3501]. 2. Introduction [RFC3501] section 7.1 defines a number of response codes which can help tell an IMAP client why a command failed. However, experience has shown that more codes are useful. For example, it is useful for a client to know that an authentication attempt failed because of a server problem as opposed to a password problem. Currently many IMAP servers use English-language human-readable text to describe these errors, and a few IMAP clients attempt to translate this text into the user's language. This document names a variety of errors as response codes. It is based on errors checked and reported in some IMAP servers implementations, and on needs in some IMAP clients. This document doesn't require any servers to test for these errors, or any clients to test for these names. It only names errors for better reporting and handling. 3. Response Codes This section defines all the new response codes. UNAVAILABLE Temporary failure because a subsystem is down. For example, an IMAP server which uses an LDAP or Radius server for authentication might use this when the LDAP/Radius server is down. AUTHENTICATIONFAILED Authentication failed for some reason which the server is not willing to elaborate. Typically this includes "unknown user" and "bad password". This is the same as not sending any response code, except that when a client sees AUTHENTICATIONFAILED, it knows that the problem wasn't e.g. UNAVAILABLE, so there's no point in trying the same login/password again later. AUTHORIZATIONFAILED Authentication succeeded, but authorization failed. This is only applicable when the authentication and authorization identities are different. Gulbrandsen Expires August 2008 [Page 2] Internet-draft February 2008 EXPIRED Authentication succeeded or the server didn't have the necessary data any more, but access is no longer permitted using that passphrase. The client or user should get a new passphrase. CONTACTADMIN The user should contact the system administrator or support desk. ACL The access control system (e.g. ACL, see [RFC4314]) does not permit this user to carry out an operation, such as selecting or creating a mailbox. INUSE An operation has not been carried out because it involves sawing off a branch someone else is sitting on. Someone else may be holding an exclusive lock needed for this operation, or it may involve deleting a resource someone else is using, typically a mailbox. The operation may succeed if the client tries again later. EXPUNGED One or more messages related to a client command have been expunged. The client might want to send a NOOP command. [RFC2180] discusses this subject in depth. CORRUPTION The server discovered that some relevant data (e.g. the mailbox) are corrupt. SERVERBUG The server encountered a bug in itself or violated one of its own invariants. CLIENTBUG The server has detected a client bug. This can accompany all of OK, NO and BAD, depending on what the client bug is. NOBODYPART The specified bodypart does not exist. (This seems unjustified. It will be removed before IETF LC unless I learn a sensible use case before then.) CANNOT The operation violates some invariant of the server and can never succeed. For example, creating a mailbox whose name is legal according to IMAP but impossible for the server ("///"). LIMIT The operation ran up against an implementation limit of some kind, such as the number of flags on a single message or number of flags used in a mailbox. Gulbrandsen Expires August 2008 [Page 3] Internet-draft February 2008 OVERQUOTA The operation failed because the user would be over quota afterwards. (The user may or may not be over quota already.) ALREADYEXISTS The operation attempts to create something which already exists, such as when the CREATE or RENAME directories attempt to create a mailbox and there is one of that name. NONEXISTENT The operation attempts to delete something which does not exist. Similar to ALREADYEXISTS. 4. Formal Syntax The following syntax specification uses the Augmented Backus-Naur Form (ABNF) notation as specified in [RFC5234]. [RFC3501] defines the non-terminal "resp-text-code". Except as noted otherwise, all alphabetic characters are case- insensitive. The use of upper or lower case characters to define token strings is for editorial clarity only. Implementations MUST accept these strings in a case-insensitive fashion. resp-text-code =/ "UNAVAILABLE" / "AUTHENTICATIONFAILED" / "AUTHORIZATIONFAILED" / "EXPIRED" / "CONTACTADMIN" / "ACL" / "INUSE" / "EXPUNGED" / "CORRUPTION" / "SERVERBUG" / "CLIENTBUG" / "NOBODYPART" / "CANNOT" / "LIMIT" / "OVERQUOTA" / "ALREADYEXISTS" / "NONEXISTENT" 5. Security considerations Revealing information about a passphrase to unauthenticated IMAP clients has bad karma. Response codes are easier to parse than human-readable text. This can amplify the consequences of an information leak. For example, selecting a mailbox can fail because the mailbox doesn't exist, because the user doesn't have the "l" right (right to know the mailbox exists) or "r" (right to read the mailbox). If the server sent different responses in the first two cases in the past, only malevolent clients would discover it. With response codes it's possible, perhaps probable, that benevolent clients forward the leaked information to the user. Server authors are encouraged to be particularly careful with the ACL and authentication-related responses. Gulbrandsen Expires August 2008 [Page 4] Internet-draft February 2008 6. IANA considerations None. (Or should this document create a registry and populate it with all the entries from 3501 and various extensions?) 7. Acknowledgements Peter Coates, Mark Crispin, Philip Van Hoof, Alexey Melnikov and Ken Murchison helped with this document. 8. Normative References [RFC3501] Crispin, "Internet Message Access Protocol - Version 4rev1", RFC 3501, University of Washington, June 2003. [RFC5234] Crocker, Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 5234, Brandenburg Internetworking, THUS plc, January 2008. 9. Informative References [RFC2180] Gahrns, "IMAP4 Multi-Accessed Mailbox Practice", RFC 2180, Microsoft, July 1997. [RFC4314] Melnikov, "IMAP4 Access Control List (ACL) Extension", RFC 4314, December 2005. 10. Author's Address Arnt Gulbrandsen Oryx Mail Systems GmbH Schweppermannstr. 8 D-81671 Muenchen Germany Fax: +49 89 4502 9758 Email: arnt@oryx.com Gulbrandsen Expires August 2008 [Page 5] Internet-draft February 2008 11. Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. Full Copyright Statement Copyright (C) The IETF Trust (2008). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Gulbrandsen Expires August 2008 [Page 6] Internet-draft February 2008 (RFC Editor: Please delete everything after this point) Open Issues Is it worth adding an IANA registry? I took TOOWEAK out since it doesn't seem to have real purpose: "The server requires a stronger authentication mechanism. If the connection is not encrypted, the client could also try the same mechanism via an encrypted connection." CONTACTADMIN, SERVERBUG and CORRUPTED are all different ways to say "tell the admin that ...". Should they be merged because they're so similar? ALREADYEXISTS and DOESNOTEXIST could be merged to a single EXISTENCE, if that isn't troublesome for clients. Could be. Should be? Changes since -00 - CHILDMAILBOXEXISTS merged into INUSE. - ACCESSDENIED renamed ACL to clarify its scope. - NOBODYPART scheduled for deletion if noone minds. - EXISTS renamed ALREADYEXISTS to avoid confusion with the EXISTS response. Mustn't overload developer brains. (Do unto others.) - Added a security note about how response codes makes some information leaks worse. - A couple of open issues. Gulbrandsen Expires August 2008 [Page 7]