Mercurial > hgrepos > hgweb.cgi > imapext
diff docs/rfc/rfc5092.txt @ 0:ada5e610ab86
imap-2007e
| author | yuuji@gentei.org |
|---|---|
| date | Mon, 14 Sep 2009 15:17:45 +0900 |
| parents | |
| children |
line wrap: on
line diff
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docs/rfc/rfc5092.txt Mon Sep 14 15:17:45 2009 +0900 @@ -0,0 +1,1795 @@ + + + + + + +Network Working Group A. Melnikov, Ed. +Request for Comments: 5092 Isode Ltd. +Obsoletes: 2192 C. Newman +Updates: 4467 Sun Microsystems +Category: Standards Track November 2007 + + + IMAP URL Scheme + +Status of This Memo + + This document specifies an Internet standards track protocol for the + Internet community, and requests discussion and suggestions for + improvements. Please refer to the current edition of the "Internet + Official Protocol Standards" (STD 1) for the standardization state + and status of this protocol. Distribution of this memo is unlimited. + +Abstract + + IMAP (RFC 3501) is a rich protocol for accessing remote message + stores. It provides an ideal mechanism for accessing public mailing + list archives as well as private and shared message stores. This + document defines a URL scheme for referencing objects on an IMAP + server. + + This document obsoletes RFC 2192. It also updates RFC 4467. + + + + + + + + + + + + + + + + + + + + + + + + + +Melnikov & Newman Standards Track [Page 1] + +RFC 5092 IMAP URL Scheme November 2007 + + +Table of Contents + + 1. Introduction ....................................................2 + 2. Conventions Used in This Document ...............................3 + 3. IMAP userinfo Component (iuserinfo) .............................4 + 3.1. IMAP Mailbox Naming Scope ..................................4 + 3.2. IMAP User Name and Authentication Mechanism ................4 + 3.3. Limitations of enc-user ....................................6 + 4. IMAP Server .....................................................7 + 5. Lists of Messages ...............................................7 + 6. A Specific Message or Message Part ..............................8 + 6.1. URLAUTH Authorized URL .....................................9 + 6.1.1. Concepts ............................................9 + 6.1.1.1. URLAUTH ....................................9 + 6.1.1.2. Mailbox Access Key .........................9 + 6.1.1.3. Authorized Access Identifier ...............9 + 6.1.1.4. Authorization Mechanism ...................10 + 6.1.1.5. Authorization Token .......................10 + 6.1.2. URLAUTH Extensions to IMAP URL .....................10 + 7. Relative IMAP URLs .............................................11 + 7.1. absolute-path References ..................................12 + 7.2. relative-path References ..................................12 + 8. Internationalization Considerations ............................13 + 9. Examples .......................................................13 + 9.1. Examples of Relative URLs .................................16 + 10. Security Considerations .......................................16 + 10.1. Security Considerations Specific to URLAUTH Authorized + URL ......................................................17 + 11. ABNF for IMAP URL Scheme ......................................17 + 12. IANA Considerations ...........................................21 + 12.1. IANA Registration of imap: URI Scheme ....................21 + 13. References ....................................................22 + 13.1. Normative References .....................................22 + 13.2. Informative References ...................................23 + Appendix A. Sample Code............................................24 + Appendix B. List of Changes since RFC 2192.........................30 + Appendix C. List of Changes since RFC 4467.........................31 + Appendix D. Acknowledgments........................................31 + +1. Introduction + + The IMAP URL scheme is used to designate IMAP servers, mailboxes, + messages, MIME bodies [MIME], and search programs on Internet hosts + accessible using the IMAP protocol over TCP. + + The IMAP URL follows the common Internet scheme syntax as defined in + [URI-GEN]. If :<port> is omitted, the port defaults to 143 (as + defined in Section 2.1 of [IMAP4]). + + + +Melnikov & Newman Standards Track [Page 2] + +RFC 5092 IMAP URL Scheme November 2007 + + + An absolute IMAP URL takes one of the following forms: + + imap://<iserver>[/] + + imap://<iserver>/<enc-mailbox>[<uidvalidity>][?<enc-search>] + + imap://<iserver>/<enc-mailbox>[<uidvalidity>]<iuid> + [<isection>][<ipartial>][<iurlauth>] + + The first form is used to refer to an IMAP server (see Section 4), + the second form refers to the contents of a mailbox or a set of + messages resulting from a search (see Section 5), and the final form + refers to a specific message or message part, and possibly a byte + range in that part (see Section 6). If [URLAUTH] extension is + supported, then the final form can have the <iurlauth> component (see + Section 6.1 for more details). + + The <iserver> component common to all types of absolute IMAP URLs has + the following syntax expressed in ABNF [ABNF]: + + [iuserinfo "@"] host [ ":" port ] + + The <iserver> component is the same as "authority" defined in + [URI-GEN]. The syntax and uses of the <iuserinfo> ("IMAP userinfo + component") are described in detail in Section 3. The syntax of + <host> and <port> is described in [URI-GEN]. + +2. Conventions Used in This Document + + The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", + "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this + document are to be interpreted as described in RFC 2119 [KEYWORDS]. + + This document references many productions from [URI-GEN]. When the + document needs to emphasize IMAP URI-specific differences from [URI- + GEN] (i.e., for parts of IMAP URIs that have more restricted syntax + than generic URIs), it uses a non-terminal i<foo> to define an IMAP- + specific version of the non-terminal <foo> from [URI-GEN]. + + Note that the ABNF syntax shown in Section 11 is normative. Sections + 2-6 may use a less formal syntax that does not necessarily match the + normative ABNF shown in Section 11. If there are any differences + between the syntax shown in Sections 2-6 and Section 11, then the + syntax shown in Section 11 must be treated as authoritative. Non- + syntax requirements included in Sections 2-6 are, of course, + normative. + + + + + +Melnikov & Newman Standards Track [Page 3] + +RFC 5092 IMAP URL Scheme November 2007 + + +3. IMAP userinfo Component (iuserinfo) + + The <iuserinfo> component conforms to the generic syntax of + <userinfo> defined in [URI-GEN]. It has the following syntax + expressed in ABNF [ABNF]: + + enc-user [iauth] / [enc-user] iauth + + The meaning of the different parts is described in subsections of + this section. + +3.1. IMAP Mailbox Naming Scope + + The "enc-user" part of the "iuserinfo" component, if present, denotes + mailbox naming scope. If it is absent, the IMAP URL can only + reference mailboxes with globally unique names, i.e., mailboxes with + names that don't change depending on the user the client + authenticated as to the IMAP server. Note that not all IMAP + implementations support globally unique names. + + For example, a personal mailbox described by the following URL + <imap://michael@example.org/INBOX> is most likely different from a + personal mailbox described by <imap://bester@example.org/INBOX>, even + though both URLs use the same mailbox name. + +3.2. IMAP User Name and Authentication Mechanism + + The userinfo component (see [URI-GEN]) of an IMAP URI may contain an + IMAP user name (a.k.a. authorization identity [SASL], "enc-user") + and/or an authentication mechanism. (Note that the "enc-user" also + defines a mailbox naming scope as described in Section 3.1). The + IMAP user name and the authentication mechanism are used in the + "LOGIN" or "AUTHENTICATE" commands after making the connection to the + IMAP server. + + If no user name and no authentication mechanism are supplied, the + client MUST authenticate as anonymous to the server. If the server + advertises AUTH=ANONYMOUS IMAP capability, the client MUST use the + AUTHENTICATE command with ANONYMOUS [ANONYMOUS] SASL mechanism. If + SASL ANONYMOUS is not available, the (case-insensitive) user name + "anonymous" is used with the "LOGIN" command and the Internet email + address of the end user accessing the resource is supplied as the + password. The latter option is given in order to provide for + interoperability with deployed servers. + + Note that, as described in RFC 3501, the "LOGIN" command MUST NOT be + used when the IMAP server advertises the LOGINDISABLED capability. + + + + +Melnikov & Newman Standards Track [Page 4] + +RFC 5092 IMAP URL Scheme November 2007 + + + An authentication mechanism (as used by the IMAP AUTHENTICATE + command) can be expressed by adding ";AUTH=<enc-auth-type>" to the + end of the user name in an IMAP URL. When such an <enc-auth-type> is + indicated, the client SHOULD request appropriate credentials from + that mechanism and use the "AUTHENTICATE" command instead of the + "LOGIN" command. If no user name is specified, one MUST be obtained + from the mechanism or requested from the user/configuration as + appropriate. + + The string ";AUTH=*" indicates that the client SHOULD select an + appropriate authentication mechanism. (Though the '*' character in + this usage is not strictly a delimiter, it is being treated like a + sub-delim [URI-GEN] in this instance. It MUST NOT be percent-encoded + in this usage, as ";AUTH=%2A" will not match this production.) It + MAY use any mechanism listed in the response to the CAPABILITY + command (or CAPABILITY response code) or use an out-of-band security + service resulting in a PREAUTH connection. If no user name is + specified and no appropriate authentication mechanisms are available, + the client SHOULD fall back to anonymous login as described above. + The behavior prescribed in this section allows a URL that grants + read-write access to authorized users and read-only anonymous access + to other users. + + If a user name is included with no authentication mechanism, then + ";AUTH=*" is assumed. + + Clients must take care when resolving a URL that requires or requests + any sort of authentication, since URLs can easily come from untrusted + sources. Supplying authentication credentials to the wrong server + may compromise the security of the user's account; therefore, the + program resolving the URL should meet at least one of the following + criteria in this case: + + 1) The URL comes from a trusted source, such as a referral server + that the client has validated and trusts according to site policy. + Note that user entry of the URL may or may not count as a trusted + source, depending on the experience level of the user and site + policy. + + 2) Explicit local site policy permits the client to connect to the + server in the URL. For example, a company example.com may have a + site policy to trust all IMAP server names ending in example.com, + whereas such a policy would be unwise for example.edu where random + students can set up IMAP servers. + + 3) The user confirms that connecting to that domain name with the + specified credentials and/or mechanism is permitted. For example, + when using "LOGIN" or SASL PLAIN with Transport Layer Security + + + +Melnikov & Newman Standards Track [Page 5] + +RFC 5092 IMAP URL Scheme November 2007 + + + (TLS), the IMAP URL client presents a dialog box "Is it OK to send + your password to server "example.com"? Please be aware the owners + of example.com will be able to reuse your password to connect to + other servers on your behalf". + + 4) A mechanism is used that validates the server before passing + potentially compromising client credentials. For example, a site + has a designated TLS certificate used to certify site-trusted IMAP + server certificates, and this has been configured explicitly into + the IMAP URL client. Another example is use of a Simple + Authentication and Security Layer (SASL) mechanism such as + DIGEST-MD5 [DIGEST-MD5], which supports mutual authentication. + + 5) An authentication mechanism is used that will not reveal any + information to the server that could be used to compromise future + connections. Examples are SASL ANONYMOUS [ANONYMOUS] or GSSAPI + [GSSAPI]. + + URLs that do not include a user name but include an authentication + mechanism (";AUTH=<mech>") must be treated with extra care, since for + some <mech>s they are more likely to compromise the user's primary + account. A URL containing ";AUTH=*" must also be treated with extra + care since it might fall back on a weaker security mechanism. + Finally, clients are discouraged from using a plaintext password as a + fallback with ";AUTH=*" unless the connection has strong encryption. + + A program interpreting IMAP URLs MAY cache open connections to an + IMAP server for later reuse. If a URL contains a user name, only + connections authenticated as that user may be reused. If a URL does + not contain a user name or authentication mechanism, then only an + anonymous connection may be reused. + + Note that if unsafe or reserved characters such as " " (space) or ";" + are present in the user name or authentication mechanism, they MUST + be percent-encoded as described in [URI-GEN]. + +3.3. Limitations of enc-user + + As per Sections 3.1 and 3.2 of this document, the IMAP URI enc-user + has two purposes: + + 1) It provides context for user-specific mailbox paths such as + "INBOX" (Section 3.1). + + 2) It specifies that resolution of the URL requires logging in as + that user and limits use of that URL to only that user (Section + 3.2). + + + + +Melnikov & Newman Standards Track [Page 6] + +RFC 5092 IMAP URL Scheme November 2007 + + + An obvious limitation of using the same field for both purposes is + that the URL can be resolved only by the mailbox owner. In order to + avoid this restriction, implementations should use globally unique + mailbox names (see Section 3.1) whenever possible. + + Note: There is currently no general way in IMAP of learning a + globally unique name for a mailbox. However, by looking at the + NAMESPACE [NAMESPACE] command result, it is possible to determine + whether or not a mailbox name is globally unique. + + The URLAUTH component overrides the second purpose of the enc-user in + the IMAP URI and by default permits the URI to be resolved by any + user permitted by the <access> identifier. URLAUTH and <access> + identifier are described in Section 6.1. + +4. IMAP Server + + An IMAP URL referring to an IMAP server has the following form: + + imap://<iserver>[/] + + This URL type is frequently used to describe a location of an IMAP + server, both in referrals and in configuration. It may optionally + contain the <iuserinfo> component (see Sections 3 and 11). A program + interpreting this URL would issue the standard set of commands it + uses to present a view of the content of the IMAP server, as visible + to the user described by the "enc-user" part of the <iuserinfo> + component, if the "enc-user" part is specified. + +5. Lists of Messages + + An IMAP URL referring to a list of messages has the following form: + + imap://<iserver>/<enc-mailbox>[<uidvalidity>][?<enc-search>] + + The <enc-mailbox> field is used as the argument to the IMAP4 "SELECT" + or "EXAMINE" command. Note that if unsafe or reserved characters + such as " " (space), ";", or "?" are present in <enc-mailbox>, they + MUST be percent-encoded as described in [URI-GEN]. + + The <uidvalidity> field is optional. If it is present, it MUST be + the same as the value of IMAP4 UIDVALIDITY response code at the time + the URL was created. This MUST be used by the program interpreting + the IMAP URL to determine if the URL is stale. If the IMAP URL is + stale, then the program should behave as if the corresponding mailbox + doesn't exist. + + + + + +Melnikov & Newman Standards Track [Page 7] + +RFC 5092 IMAP URL Scheme November 2007 + + + Note that the <uidvalidity> field is a modifier to the <enc-mailbox>, + i.e., it is considered a part of the last "component" (as used in + [URI-GEN]) of the <enc-mailbox>. This is significant during relative + URI resolution. + + The "?<enc-search>" field is optional. If it is not present, the + program interpreting the URL will present the entire content of the + mailbox. + + If the "?<enc-search>" field is present, the program interpreting the + URL should use the contents of this field as arguments following an + IMAP4 SEARCH command. These arguments are likely to contain unsafe + characters such as " " (space) (which are likely to be present in the + <enc-search>). If unsafe characters are present, they MUST be + percent-encoded as described in [URI-GEN]. + + Note that quoted strings and non-synchronizing literals [LITERAL+] + are allowed in the <enc-search> content; however, synchronizing + literals are not allowed, as their presence would effectively mean + that the agent interpreting IMAP URLs needs to parse an <enc-search> + content, find all synchronizing literals, and perform proper command + continuation request handling (see Sections 4.3 and 7 of [IMAP4]). + +6. A Specific Message or Message Part + + An IMAP URL referring to a specific message or message part has the + following form: + + imap://<iserver>/<enc-mailbox>[<uidvalidity>]<iuid> + [<isection>][<ipartial>][<iurlauth>] + + The <enc-mailbox> and [uidvalidity] are as defined in Section 5 + above. + + If <uidvalidity> is present in this form, it SHOULD be used by the + program interpreting the URL to determine if the URL is stale. + + The <iuid> refers to an IMAP4 message Unique Identifier (UID), and it + SHOULD be used as the <set> argument to the IMAP4 "UID FETCH" + command. + + The <isection> field is optional. If not present, the URL refers to + the entire Internet message as returned by the IMAP command "UID + FETCH <uid> BODY.PEEK[]". If present, the URL refers to the object + returned by a "UID FETCH <uid> BODY.PEEK[<section>]" command. The + type of the object may be determined by using a "UID FETCH <uid> + BODYSTRUCTURE" command and locating the appropriate part in the + + + + +Melnikov & Newman Standards Track [Page 8] + +RFC 5092 IMAP URL Scheme November 2007 + + + resulting BODYSTRUCTURE. Note that unsafe characters in [isection] + MUST be percent-encoded as described in [URI-GEN]. + + The <ipartial> field is optional. If present, it effectively appends + "<<partial-range>>" to the end of the UID FETCH BODY.PEEK[<section>] + command constructed as described in the previous paragraph. In other + words, it allows the client to request a byte range of the + message/message part. + + The <iurlauth> field is described in detail in Section 6.1. + +6.1. URLAUTH Authorized URL + + URLAUTH authorized URLs are only supported by an IMAP server + advertising the URLAUTH IMAP capability [URLAUTH]. + +6.1.1. Concepts + +6.1.1.1. URLAUTH + + URLAUTH is a component, appended at the end of a URL, that conveys + authorization to access the data addressed by that URL. It contains + an authorized access identifier, an authorization mechanism name, and + an authorization token. The authorization token is generated from + the URL, the authorized access identifier, authorization mechanism + name, and a mailbox access key. + + Note: This specification only allows for the URLAUTH component in + IMAP URLs describing a message or its part. + +6.1.1.2. Mailbox Access Key + + The mailbox access key is an unpredictable, random string. To ensure + unpredictability, the random string with at least 128 bits of entropy + is generated by software or hardware (not by the human user). + + Each user has a table of mailboxes and an associated mailbox access + key for each mailbox. Consequently, the mailbox access key is per- + user and per-mailbox. In other words, two users sharing the same + mailbox each have a different mailbox access key for that mailbox, + and each mailbox accessed by a single user also has a different + mailbox access key. + +6.1.1.3. Authorized Access Identifier + + The authorized <access> identifier restricts use of the URLAUTH + authorized URL to certain users authorized on the server, as + described in Section 6.1.2. + + + +Melnikov & Newman Standards Track [Page 9] + +RFC 5092 IMAP URL Scheme November 2007 + + +6.1.1.4. Authorization Mechanism + + The authorization mechanism is the algorithm by which the URLAUTH is + generated and subsequently verified, using the mailbox access key. + +6.1.1.5. Authorization Token + + The authorization token is a deterministic string of at least 128 + bits that an entity with knowledge of the secret mailbox access key + and URL authorization mechanism can use to verify the URL. + +6.1.2. URLAUTH Extensions to IMAP URL + + A specific message or message part IMAP URL can optionally contain + ";EXPIRE=<datetime>" and/or ";URLAUTH=<access>:<mech>:<token>". + + When ";EXPIRE=<datetime>" is used, this indicates the latest date and + time that the URL is valid. After that date and time, the URL has + expired and server implementations MUST reject the URL. If + ";EXPIRE=<datetime>" is not used, the URL has no expiration, but can + still be revoked using the RESETKEY command [URLAUTH]. + + The URLAUTH takes the form ";URLAUTH=<access>:<mech>:<token>", and it + MUST be at the end of the URL. It is composed of three parts. The + <access> portion provides the authorized access identifiers that may + constrain the operations and users that are permitted to use this + URL. The <mech> portion provides the authorization mechanism used by + the IMAP server to generate the authorization token that follows. + The <token> portion provides the authorization token, which can be + generated using the GENURLAUTH command [URLAUTH]. + + The "submit+" <access> identifier prefix, followed by a userid, + indicates that only a userid authorized as a message submission + entity on behalf of the specified userid is permitted to use this + URL. The IMAP server does not validate the specified userid but does + validate that the IMAP session has an authorization identity that is + authorized as a message submission entity. The authorized message + submission entity MUST validate the userid prior to contacting the + IMAP server. + + The "user+" <access> identifier prefix, followed by a userid, + indicates that use of this URL is limited to IMAP sessions that are + logged in as the specified userid (that is, have authorization + identity as that userid). + + Note: If a SASL mechanism that provides both authorization and + authentication identifiers is used to authenticate to the IMAP + server, the "user+" <access> identifier MUST match the + + + +Melnikov & Newman Standards Track [Page 10] + +RFC 5092 IMAP URL Scheme November 2007 + + + authorization identifier. If the SASL mechanism can't transport + the authorization identifier, the "user+" <access> identifier MUST + match the authorization identifier derived from the authentication + identifier (see [SASL]). + + The "authuser" <access> identifier indicates that use of this URL is + limited to authenticated IMAP sessions that are logged in as any + non-anonymous user (that is, have authorization identity as a non- + anonymous user) of that IMAP server. To restate this: use of this + type of URL is prohibited to anonymous IMAP sessions, i.e., any + URLFETCH command containing this type of URL issued in an anonymous + session MUST return NIL in the URLFETCH response. + + The "anonymous" <access> identifier indicates that use of this URL is + not restricted by session authorization identity; that is, any IMAP + session in authenticated or selected state (as defined in [IMAP4]), + including anonymous sessions, may issue a URLFETCH [URLAUTH] using + this URL. + + The authorization token is represented as an ASCII-encoded + hexadecimal string, which is used to authorize the URL. The length + and the calculation of the authorization token depend upon the + mechanism used, but in all cases, the authorization token is at least + 128 bits (and therefore at least 32 hexadecimal digits). + + Example: + + <imap://joe@example.com/INBOX/;uid=20/;section=1.2;urlauth= + submit+fred:internal:91354a473744909de610943775f92038> + +7. Relative IMAP URLs + + Relative IMAP URLs are permitted and are resolved according to the + rules defined in [URI-GEN]. In particular, in IMAP URLs parameters + (such as ";uid=" or ";section=") are treated as part of the normal + path with respect to relative URL resolution. + + [URI-GEN] defines four forms of relative URLs: <inetwork-path>, + <iabsolute-path>, <irelative-path>, and <ipath-empty>. Their syntax + is defined in Section 11. + + A relative reference that begins with two slash characters is termed + a network-path reference (<inetwork-path>); such references are + rarely used, because in most cases they can be replaced with an + equivalent absolute URL. A relative reference that begins with a + single slash character is termed an absolute-path reference + (<iabsolute-path>; see also Section 7.1). A relative reference that + does not begin with a slash character is termed a relative-path + + + +Melnikov & Newman Standards Track [Page 11] + +RFC 5092 IMAP URL Scheme November 2007 + + + reference (<irelative-path>; see also Section 7.2). The final form + is <ipath-empty>, which is "same-document reference" (see Section 4.4 + of [URI-GEN]). + + The following observations about relative URLs are important: + + The <iauth> grammar element (which is a part of <iuserinfo>, which + is, in turn, a part of <iserver>; see Section 3) is considered part + of the user name for purposes of resolving relative IMAP URLs. This + means that unless a new user name/server specification is included in + the relative URL, the authentication mechanism is inherited from the + base IMAP URL. + + URLs always use "/" as the hierarchy delimiter for the purpose of + resolving paths in relative URLs. IMAP4 permits the use of any + hierarchy delimiter in mailbox names. For this reason, relative + mailbox paths will only work if the mailbox uses "/" as the hierarchy + delimiter. Relative URLs may be used on mailboxes that use other + delimiters, but in that case, the entire mailbox name MUST be + specified in the relative URL or inherited as a whole from the base + URL. + + If an IMAP server allows for mailbox names starting with "./" or + "../", ending with "/." or "/..", or containing sequences "/../" or + "/./", then such mailbox names MUST be percent-encoded as described + in [URI-GEN]. Otherwise, they would be misinterpreted as dot- + segments (see Section 3.3 of [URI-GEN]), which are processed + specially during the relative path resolution process. + +7.1. absolute-path References + + A relative reference that begins with a single slash character is + termed an absolute-path reference (see Section 4.2 of [URI-GEN]). If + an IMAP server permits mailbox names with a leading "/", then the + leading "/" MUST be percent-encoded as described in [URI-GEN]. + Otherwise, the produced absolute-path reference URI will be + misinterpreted as a network-path reference [URI-GEN] described by the + <inetwork-path> non-terminal. + +7.2. relative-path References + + A relative reference that does not begin with a slash character is + termed a relative-path reference [URI-GEN]. Implementations MUST NOT + generate or accept relative-path IMAP references. + + See also Section 4.2 of [URI-GEN] for restrictions on relative-path + references. + + + + +Melnikov & Newman Standards Track [Page 12] + +RFC 5092 IMAP URL Scheme November 2007 + + +8. Internationalization Considerations + + IMAP4, Section 5.1.3 [IMAP4] includes a convention for encoding non- + US-ASCII characters in IMAP mailbox names. Because this convention + is private to IMAP, it is necessary to convert IMAP's encoding to one + that can be more easily interpreted by a URL display program. For + this reason, IMAP's modified UTF-7 encoding for mailboxes MUST be + converted to UTF-8 [UTF-8]. Since 8-bit octets are not permitted in + URLs, the UTF-8 octets are percent-encoded as required by the URL + specification [URI-GEN], Section 2.1. Sample code is included in + Appendix A to demonstrate this conversion. + + IMAP user names are UTF-8 strings and MUST be percent-encoded as + required by the URL specification [URI-GEN], Section 2.1. + + Also note that IMAP SEARCH criteria can contain non-US-ASCII + characters. 8-bit octets in those strings MUST be percent-encoded as + required by the URL specification [URI-GEN], Section 2.1. + +9. Examples + + The following examples demonstrate how an IMAP4 client program might + translate various IMAP4 URLs into a series of IMAP4 commands. + Commands sent from the client to the server are prefixed with "C:", + and responses sent from the server to the client are prefixed with + "S:". + + The URL: + + <imap://minbari.example.org/gray-council;UIDVALIDITY=385759045/; + UID=20/;PARTIAL=0.1024> + + may result in the following client commands and server responses: + + <connect to minbari.example.org, port 143> + S: * OK [CAPABILITY IMAP4rev1 STARTTLS AUTH=ANONYMOUS] Welcome + C: A001 AUTHENTICATE ANONYMOUS + S: + + C: c2hlcmlkYW5AYmFieWxvbjUuZXhhbXBsZS5vcmc= + S: A001 OK Welcome sheridan@babylon5.example.org + C: A002 SELECT gray-council + <client verifies the UIDVALIDITY matches> + C: A003 UID FETCH 20 BODY.PEEK[]<0.1024> + + The URL: + + <imap://psicorp.example.org/~peter/%E6%97%A5%E6%9C%AC%E8%AA%9E/ + %E5%8F%B0%E5%8C%97> + + + +Melnikov & Newman Standards Track [Page 13] + +RFC 5092 IMAP URL Scheme November 2007 + + + may result in the following client commands: + + <connect to psicorp.example.org, port 143> + S: * OK [CAPABILITY IMAP4rev1 STARTTLS AUTH=CRAM-MD5] Welcome + C: A001 LOGIN ANONYMOUS bester@psycop.psicorp.example.org + C: A002 SELECT ~peter/&ZeVnLIqe-/&U,BTFw- + <commands the client uses for viewing the contents of + the mailbox> + + The URL: + + <imap://;AUTH=GSSAPI@minbari.example.org/gray-council/;uid=20/ + ;section=1.2> + + may result in the following client commands: + + <connect to minbari.example.org, port 143> + S: * OK Greetings + C: A000 CAPABILITY + S: * CAPABILITY IMAP4rev1 STARTTLS AUTH=GSSAPI + S: A000 OK + C: A001 AUTHENTICATE GSSAPI + <authentication exchange> + C: A002 SELECT gray-council + C: A003 UID FETCH 20 BODY.PEEK[1.2] + + If the following relative URL is located in that body part: + + <;section=1.4> + + this could result in the following client commands: + + C: A004 UID FETCH 20 (BODY.PEEK[1.2.MIME] + BODY.PEEK[1.MIME] + BODY.PEEK[HEADER.FIELDS (Content-Location)]) + <Client looks for Content-Location headers in + result. If no such headers, then it does the following> + C: A005 UID FETCH 20 BODY.PEEK[1.4] + + The URL: + + <imap://;AUTH=*@minbari.example.org/gray%20council? + SUBJECT%20shadows> + + + + + + + + +Melnikov & Newman Standards Track [Page 14] + +RFC 5092 IMAP URL Scheme November 2007 + + + could result in the following: + + <connect to minbari.example.org, port 143> + S: * OK Welcome + C: A001 CAPABILITY + S: * CAPABILITY IMAP4rev1 AUTH=DIGEST-MD5 + S: A001 OK + C: A002 AUTHENTICATE DIGEST-MD5 + <authentication exchange> + S: A002 OK user lennier authenticated + C: A003 SELECT "gray council" + ... + C: A004 SEARCH SUBJECT shadows + S: * SEARCH 8 10 13 14 15 16 + S: A004 OK SEARCH completed + C: A005 FETCH 8,10,13:16 ALL + ... + + In the example above, the client has implementation-dependent + choices. The authentication mechanism could be anything, including + PREAUTH. The final FETCH command could fetch more or less + information about the messages, depending on what it wishes to + display to the user. + + The URL: + + <imap://john;AUTH=*@minbari.example.org/babylon5/personel? + charset%20UTF-8%20SUBJECT%20%7B14+%7D%0D%0A%D0%98%D0%B2% + D0%B0%D0%BD%D0%BE%D0%B2%D0%B0> + + shows that 8-bit data can be sent using non-synchronizing literals + [LITERAL+]. This could result in the following: + + <connect to minbari.example.org, port 143> + S: * OK Hi there + C: A001 CAPABILITY + S: * CAPABILITY IMAP4rev1 LITERAL+ AUTH=DIGEST-MD5 + S: A001 OK + C: A002 AUTHENTICATE DIGEST-MD5 + <authentication exchange> + S: A002 OK user john authenticated + C: A003 SELECT babylon5/personel + ... + C: A004 SEARCH CHARSET UTF-8 SUBJECT {14+} + C: XXXXXXXXXXXXXX + S: * SEARCH 7 10 12 + S: A004 OK SEARCH completed + C: A005 FETCH 7,10,12 ALL + + + +Melnikov & Newman Standards Track [Page 15] + +RFC 5092 IMAP URL Scheme November 2007 + + + ... + + where XXXXXXXXXXXXXX is 14 bytes of UTF-8 encoded data as specified + in the URL above. + +9.1. Examples of Relative URLs + + The following absolute-path reference + + </foo/;UID=20/..> + + is the same as + + </foo> + + That is, both of them reference the mailbox "foo" located on the IMAP + server described by the corresponding Base URI. + + The following relative-path reference + + <;UID=20> + + references a message with UID in the mailbox specified by the Base + URI. + + The following edge case example demonstrates that the ;UIDVALIDITY= + modifier is a part of the mailbox name as far as relative URI + resolution is concerned: + + <..;UIDVALIDITY=385759045/;UID=20> + + In this example, ".." is not a dot-segment [URI-GEN]. + +10. Security Considerations + + Security considerations discussed in the IMAP specification [IMAP4] + and the URI specification [URI-GEN] are relevant. Security + considerations related to authenticated URLs are discussed in Section + 3.2 of this document. + + Many email clients store the plaintext password for later use after + logging into an IMAP server. Such clients MUST NOT use a stored + password in response to an IMAP URL without explicit permission from + the user to supply that password to the specified host name. + + Clients resolving IMAP URLs that wish to achieve data confidentiality + and/or integrity SHOULD use the STARTTLS command (if supported by the + + + + +Melnikov & Newman Standards Track [Page 16] + +RFC 5092 IMAP URL Scheme November 2007 + + + server) before starting authentication, or use a SASL mechanism, such + as GSSAPI, that provides a confidentiality security layer. + +10.1. Security Consideration Specific to URLAUTH Authorized URL + + The "user+<userid>" <access> identifier limits resolution of that URL + to a particular userid, whereas the "submit+<userid>" <access> + identifier is more general and simply requires that the session be + authorized by a user that has been granted a "submit" role within the + authentication system. Use of either of these mechanisms limits the + scope of the URL. An attacker who cannot authenticate using the + appropriate credentials cannot make use of the URL. + + The "authuser" and "anonymous" <access> identifiers do not have this + level of protection. These access identifiers are primarily useful + for public export of data from an IMAP server, without requiring that + it be copied to a web or anonymous FTP server. + + The decision to use the "authuser" <access> identifier should be made + with caution. An "authuser" <access> identifier can be used by any + authorized user of the IMAP server; therefore, use of this access + identifier should be limited to content that may be disclosed to any + authorized user of the IMAP server. + + The decision to use the "anonymous" <access> identifier should be + made with extreme caution. An "anonymous" <access> identifier can be + used by anyone; therefore, use of this access identifier should be + limited to content that may be disclosed to anyone. + +11. ABNF for IMAP URL Scheme + + Formal syntax is defined using ABNF [ABNF], extending the ABNF rules + in Section 9 of [IMAP4]. Elements not defined here can be found in + [ABNF], [IMAP4], [IMAPABNF], or [URI-GEN]. Strings are not case + sensitive, and free insertion of linear white space is not permitted. + + sub-delims-sh = "!" / "$" / "'" / "(" / ")" / + "*" / "+" / "," + ;; Same as [URI-GEN] sub-delims, + ;; but without ";", "&" and "=". + + uchar = unreserved / sub-delims-sh / pct-encoded + + achar = uchar / "&" / "=" + ;; Same as [URI-GEN] 'unreserved / sub-delims / + ;; pct-encoded', but ";" is disallowed. + + bchar = achar / ":" / "@" / "/" + + + +Melnikov & Newman Standards Track [Page 17] + +RFC 5092 IMAP URL Scheme November 2007 + + + enc-auth-type = 1*achar + ; %-encoded version of [IMAP4] "auth-type" + + enc-mailbox = 1*bchar + ; %-encoded version of [IMAP4] "mailbox" + + enc-search = 1*bchar + ; %-encoded version of [IMAPABNF] + ; "search-program". Note that IMAP4 + ; literals may not be used in + ; a "search-program", i.e., only + ; quoted or non-synchronizing + ; literals (if the server supports + ; LITERAL+ [LITERAL+]) are allowed. + + enc-section = 1*bchar + ; %-encoded version of [IMAP4] "section-spec" + + enc-user = 1*achar + ; %-encoded version of [IMAP4] authorization + ; identity or "userid". + + imapurl = "imap://" iserver ipath-query + ; Defines an absolute IMAP URL + + ipath-query = ["/" [ icommand ]] + ; Corresponds to "path-abempty [ "?" query ]" + ; in [URI-GEN] + + Generic syntax for relative URLs is defined in Section 4.2 of + [URI-GEN]. For ease of implementation, the relative IMAP URL syntax + is defined below: + + imapurl-rel = inetwork-path + + / iabsolute-path + / irelative-path + / ipath-empty + + inetwork-path = "//" iserver ipath-query + ; Corresponds to '"//" authority path-abempty + ; [ "?" query ]' in [URI-GEN] + + iabsolute-path = "/" [ icommand ] + ; icommand, if present, MUST NOT start with '/'. + ; + ; Corresponds to 'path-absolute [ "?" query ]' + ; in [URI-GEN] + + + +Melnikov & Newman Standards Track [Page 18] + +RFC 5092 IMAP URL Scheme November 2007 + + + irelative-path = imessagelist / + imsg-or-part + ; Corresponds to 'path-noscheme [ "?" query ]' + ; in [URI-GEN] + + imsg-or-part = ( imailbox-ref "/" iuid-only ["/" isection-only] + ["/" ipartial-only] ) / + ( iuid-only ["/" isection-only] + ["/" ipartial-only] ) / + ( isection-only ["/" ipartial-only] ) / + ipartial-only + + ipath-empty = 0<pchar> + ; Zero characters. + ; The same-document reference. + + The following three rules are only used in the presence of the IMAP + [URLAUTH] extension: + + authimapurl = "imap://" iserver "/" imessagepart + ; Same as "imapurl" when "[icommand]" is + ; "imessagepart" + + authimapurlfull = authimapurl iurlauth + ; Same as "imapurl" when "[icommand]" is + ; "imessagepart iurlauth" + + authimapurlrump = authimapurl iurlauth-rump + + + enc-urlauth = 32*HEXDIG + + iurlauth = iurlauth-rump iua-verifier + + iua-verifier = ":" uauth-mechanism ":" enc-urlauth + + iurlauth-rump = [expire] ";URLAUTH=" access + + access = ("submit+" enc-user) / ("user+" enc-user) / + "authuser" / "anonymous" + + expire = ";EXPIRE=" date-time + ; date-time is defined in [DATETIME] + + uauth-mechanism = "INTERNAL" / 1*(ALPHA / DIGIT / "-" / ".") + ; Case-insensitive. + ; New mechanisms MUST be registered with IANA. + + + + +Melnikov & Newman Standards Track [Page 19] + +RFC 5092 IMAP URL Scheme November 2007 + + + iauth = ";AUTH=" ( "*" / enc-auth-type ) + + icommand = imessagelist / + imessagepart [iurlauth] + + imailbox-ref = enc-mailbox [uidvalidity] + + imessagelist = imailbox-ref [ "?" enc-search ] + ; "enc-search" is [URI-GEN] "query". + + imessagepart = imailbox-ref iuid [isection] [ipartial] + + ipartial = "/" ipartial-only + + ipartial-only = ";PARTIAL=" partial-range + + isection = "/" isection-only + + isection-only = ";SECTION=" enc-section + + iserver = [iuserinfo "@"] host [ ":" port ] + ; This is the same as "authority" defined + ; in [URI-GEN]. See [URI-GEN] for "host" + ; and "port" definitions. + + iuid = "/" iuid-only + + iuid-only = ";UID=" nz-number + ; See [IMAP4] for "nz-number" definition + + iuserinfo = enc-user [iauth] / [enc-user] iauth + ; conforms to the generic syntax of + ; "userinfo" as defined in [URI-GEN]. + + partial-range = number ["." nz-number] + ; partial FETCH. The first number is + ; the offset of the first byte, + ; the second number is the length of + ; the fragment. + + uidvalidity = ";UIDVALIDITY=" nz-number + ; See [IMAP4] for "nz-number" definition + + + + + + + + + +Melnikov & Newman Standards Track [Page 20] + +RFC 5092 IMAP URL Scheme November 2007 + + +12. IANA Considerations + + IANA has updated the "imap" definition in the "Uniform Resource + Identifier scheme registry" to point to this document. + + The registration template (as per [URI-REG]) is specified in Section + 12.1 of this document. + +12.1. IANA Registration of imap: URI Scheme + + This section provides the information required to register the imap: + URI scheme. + + URI scheme name: imap + + Status: permanent + + URI scheme syntax: + + See Section 11 of [RFC5092]. + + URI scheme semantics: + + The imap: URI scheme is used to designate IMAP servers, mailboxes, + messages, MIME bodies [MIME] and their parts, and search programs + on Internet hosts accessible using the IMAP protocol. + + There is no MIME type associated with this URI. + + Encoding considerations: + + See Section 8 of [RFC5092]. + + Applications/protocols that use this URI scheme name: + + The imap: URI is intended to be used by applications that might + need access to an IMAP mailstore. Such applications may include + (but are not limited to) IMAP-capable web browsers; IMAP clients + that wish to access a mailbox, message, or edit a message on the + server using [CATENATE]; [SUBMIT] clients and servers that are + requested to assemble a complete message on submission using + [BURL]. + + Interoperability considerations: + + A widely deployed IMAP client Netscape Mail (and possibly + Mozilla/Thunderbird/Seamonkey) uses a different imap: scheme + internally. + + + +Melnikov & Newman Standards Track [Page 21] + +RFC 5092 IMAP URL Scheme November 2007 + + + Security considerations: + + See Security Considerations (Section 10) of [RFC5092]. + + Contact: + + Alexey Melnikov <alexey.melnikov@isode.com> + + Author/Change controller: + + IESG + + References: + + [RFC5092] and [IMAP4]. + +13. References + +13.1. Normative References + + [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate + Requirement Levels", BCP 14, RFC 2119, March 1997. + + [IMAP4] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION + 4rev1", RFC 3501, March 2003. + + [IMAPABNF] Melnikov, A. and C. Daboo, "Collected Extensions to + IMAP4 ABNF", RFC 4466, April 2006. + + [ABNF] Crocker, D., Ed., and P. Overell, "Augmented BNF for + Syntax Specifications: ABNF", RFC 4234, October 2005. + + [MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail + Extensions (MIME) Part One: Format of Internet Message + Bodies", RFC 2045, November 1996. + + [URI-GEN] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform + Resource Identifier (URI): Generic Syntax", STD 66, RFC + 3986, January 2005. + + [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO + 10646", STD 63, RFC 3629, November 2003. + + [NAMESPACE] Gahrns, M. and C. Newman, "IMAP4 Namespace", RFC 2342, + May 1998. + + [LITERAL+] Myers, J., "IMAP4 non-synchronizing literals", RFC 2088, + January 1997. + + + +Melnikov & Newman Standards Track [Page 22] + +RFC 5092 IMAP URL Scheme November 2007 + + + [ANONYMOUS] Zeilenga, K., "Anonymous Simple Authentication and + Security Layer (SASL) Mechanism", RFC 4505, June 2006. + + [DATETIME] Klyne, G. and C. Newman, "Date and Time on the Internet: + Timestamps", RFC 3339, July 2002. + + [URLAUTH] Crispin, M., "Internet Message Access Protocol (IMAP) - + URLAUTH Extension", RFC 4467, May 2006. + +13.2. Informative References + + [SUBMIT] Gellens, R. and J. Klensin, "Message Submission for + Mail", RFC 4409, April 2006. + + [BURL] Newman, C., "Message Submission BURL Extension", RFC + 4468, May 2006. + + [CATENATE] Resnick, P., "Internet Message Access Protocol (IMAP) + CATENATE Extension", RFC 4469, April 2006. + + [SASL] Melnikov, A., Ed., and K. Zeilenga, Ed., "Simple + Authentication and Security Layer (SASL)", RFC 4422, + June 2006. + + [GSSAPI] Melnikov, A., Ed., "The Kerberos V5 ("GSSAPI") Simple + Authentication and Security Layer (SASL) Mechanism", RFC + 4752, November 2006. + + [DIGEST-MD5] Leach, P. and C. Newman, "Using Digest Authentication as + a SASL Mechanism", RFC 2831, May 2000. + + [URI-REG] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and + Registration Procedures for New URI Schemes", BCP 115, + RFC 4395, February 2006. + + + + + + + + + + + + + + + + + +Melnikov & Newman Standards Track [Page 23] + +RFC 5092 IMAP URL Scheme November 2007 + + +Appendix A. Sample Code + + Here is sample C source code to convert between URL paths and IMAP + mailbox names, taking into account mapping between IMAP's modified + UTF-7 [IMAP4] and hex-encoded UTF-8, which is more appropriate for + URLs. This code has not been rigorously tested nor does it + necessarily behave reasonably with invalid input, but it should serve + as a useful example. This code just converts the mailbox portion of + the URL and does not deal with parameters, query, or server + components of the URL. + +/* Copyright (C) The IETF Trust (2007). This version of + sample C code is part of RFC XXXX; see the RFC itself + for full legal notices. + + Regarding this sample C code (or any portion of it), the authors + make no guarantees and are not responsible for any damage + resulting from its use. The authors grant irrevocable permission + to anyone to use, modify, and distribute it in any way that does + not diminish the rights of anyone else to use, modify, and + distribute it, provided that redistributed derivative works do + not contain misleading author or version information. + + Derivative works need not be licensed under similar terms. + */ + +#include <stdio.h> +#include <string.h> + +/* hexadecimal lookup table */ +static const char hex[] = "0123456789ABCDEF"; + +#define XX 127 +/* + * Table for decoding hexadecimal in %encoding + */ +static const char index_hex[256] = { + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,XX,XX, XX,XX,XX,XX, + XX,10,11,12, 13,14,15,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,10,11,12, 13,14,15,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + + + +Melnikov & Newman Standards Track [Page 24] + +RFC 5092 IMAP URL Scheme November 2007 + + + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, + XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, +}; +#define HEXCHAR(c) (index_hex[(unsigned char)(c)]) + +/* "gen-delims" excluding "/" but including "%" */ +#define GENERAL_DELIMS_NO_SLASH ":?#[]@" "%" + +/* "gen-delims" (excluding "/", but including "%") + plus subset of "sub-delims" */ +#define GENERAL_UNSAFE_NO_SLASH GENERAL_DELIMS_NO_SLASH ";&=+" +#define OTHER_UNSAFE " \"<>\\^`{|}" + +/* URL unsafe printable characters */ +static const char mailbox_url_unsafe[] = GENERAL_UNSAFE_NO_SLASH + OTHER_UNSAFE; + +/* UTF7 modified base64 alphabet */ +static const char base64chars[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,"; + +#define UNDEFINED 64 + +/* UTF16 definitions */ +#define UTF16MASK 0x03FFUL +#define UTF16SHIFT 10 +#define UTF16BASE 0x10000UL +#define UTF16HIGHSTART 0xD800UL +#define UTF16HIGHEND 0xDBFFUL +#define UTF16LOSTART 0xDC00UL +#define UTF16LOEND 0xDFFFUL + +/* Convert an IMAP mailbox to a URL path + * dst needs to have roughly 4 times the storage space of src + * Hex encoding can triple the size of the input + * UTF-7 can be slightly denser than UTF-8 + * (worst case: 8 octets UTF-7 becomes 9 octets UTF-8) + */ +void MailboxToURL(char *dst, char *src) +{ + unsigned char c, i, bitcount; + unsigned long ucs4, utf16, bitbuf; + unsigned char base64[256], utf8[6]; + + /* initialize modified base64 decoding table */ + + + +Melnikov & Newman Standards Track [Page 25] + +RFC 5092 IMAP URL Scheme November 2007 + + + memset(base64, UNDEFINED, sizeof (base64)); + for (i = 0; i < sizeof (base64chars); ++i) { + base64[(int) base64chars[i]] = i; + } + + /* loop until end of string */ + while (*src != '\0') { + c = *src++; + /* deal with literal characters and &- */ + if (c != '&' || *src == '-') { + /* NB: There are no "URL safe" characters after the '~' */ + if (c < ' ' || c > '~' || + strchr(mailbox_url_unsafe, c) != NULL) { + /* hex encode if necessary */ + dst[0] = '%'; + dst[1] = hex[c >> 4]; + dst[2] = hex[c & 0x0f]; + dst += 3; + } else { + /* encode literally */ + *dst++ = c; + } + /* skip over the '-' if this is an &- sequence */ + if (c == '&') ++src; + + } else { + /* convert modified UTF-7 -> UTF-16 -> UCS-4 -> UTF-8 -> HEX */ + bitbuf = 0; + bitcount = 0; + ucs4 = 0; + while ((c = base64[(unsigned char) *src]) != UNDEFINED) { + ++src; + bitbuf = (bitbuf << 6) | c; + bitcount += 6; + /* enough bits for a UTF-16 character? */ + if (bitcount >= 16) { + bitcount -= 16; + utf16 = (bitcount ? bitbuf >> bitcount + : bitbuf) & 0xffff; + /* convert UTF16 to UCS4 */ + if + (utf16 >= UTF16HIGHSTART && utf16 <= UTF16HIGHEND) { + ucs4 = (utf16 - UTF16HIGHSTART) << UTF16SHIFT; + continue; + } else if + (utf16 >= UTF16LOSTART && utf16 <= UTF16LOEND) { + ucs4 += utf16 - UTF16LOSTART + UTF16BASE; + } else { + + + +Melnikov & Newman Standards Track [Page 26] + +RFC 5092 IMAP URL Scheme November 2007 + + + ucs4 = utf16; + } + /* convert UTF-16 range of UCS4 to UTF-8 */ + if (ucs4 <= 0x7fUL) { + utf8[0] = (unsigned char) ucs4; + i = 1; + } else if (ucs4 <= 0x7ffUL) { + utf8[0] = 0xc0 | (unsigned char) (ucs4 >> 6); + utf8[1] = 0x80 | (unsigned char) (ucs4 & 0x3f); + i = 2; + } else if (ucs4 <= 0xffffUL) { + utf8[0] = 0xe0 | (unsigned char) (ucs4 >> 12); + utf8[1] = 0x80 | (unsigned char) ((ucs4 >> 6) & 0x3f); + utf8[2] = 0x80 | (unsigned char) (ucs4 & 0x3f); + i = 3; + } else { + utf8[0] = 0xf0 | (unsigned char) (ucs4 >> 18); + utf8[1] = 0x80 | (unsigned char) ((ucs4 >> 12) & 0x3f); + utf8[2] = 0x80 | (unsigned char) ((ucs4 >> 6) & 0x3f); + utf8[3] = 0x80 | (unsigned char) (ucs4 & 0x3f); + i = 4; + } + /* convert utf8 to hex */ + for (c = 0; c < i; ++c) { + dst[0] = '%'; + dst[1] = hex[utf8[c] >> 4]; + dst[2] = hex[utf8[c] & 0x0f]; + dst += 3; + } + } + } + /* skip over trailing '-' in modified UTF-7 encoding */ + if (*src == '-') ++src; + } + } + /* terminate destination string */ + *dst = '\0'; +} + +/* Convert hex coded UTF-8 URL path to modified UTF-7 IMAP mailbox + * dst should be about twice the length of src to deal with non-hex + * coded URLs + */ +int URLtoMailbox(char *dst, char *src) +{ + unsigned int utf8pos = 0; + unsigned int utf8total, i, c, utf7mode, bitstogo, utf16flag; + unsigned long ucs4 = 0, bitbuf = 0; + + + +Melnikov & Newman Standards Track [Page 27] + +RFC 5092 IMAP URL Scheme November 2007 + + + utf7mode = 0; /* is the output UTF7 currently in base64 mode? */ + utf8total = 0; /* how many octets is the current input UTF-8 char; + 0 == between characters */ + bitstogo = 0; /* bits that need to be encoded into base64; if + bitstogo != 0 then utf7mode == 1 */ + while ((c = (unsigned char)*src) != '\0') { + ++src; + /* undo hex-encoding */ + if (c == '%' && src[0] != '\0' && src[1] != '\0') { + c = HEXCHAR(src[0]); + i = HEXCHAR(src[1]); + if (c == XX || i == XX) { + return 0; + } else { + c = (char)((c << 4) | i); + } + src += 2; + } + /* normal character? */ + if (c >= ' ' && c <= '~') { + /* switch out of UTF-7 mode */ + if (utf7mode) { + if (bitstogo) { + *dst++ = base64chars[(bitbuf << (6 - bitstogo)) & 0x3F]; + } + *dst++ = '-'; + utf7mode = 0; + bitstogo = bitbuf = 0; + } + *dst++ = c; + /* encode '&' as '&-' */ + if (c == '&') { + *dst++ = '-'; + } + continue; + } + /* switch to UTF-7 mode */ + if (!utf7mode) { + *dst++ = '&'; + utf7mode = 1; + } + /* Encode US-ASCII characters as themselves */ + if (c < 0x80) { + ucs4 = c; + utf8total = 1; + } else if (utf8total) { + /* this is a subsequent octet of a multi-octet character */ + /* save UTF8 bits into UCS4 */ + + + +Melnikov & Newman Standards Track [Page 28] + +RFC 5092 IMAP URL Scheme November 2007 + + + ucs4 = (ucs4 << 6) | (c & 0x3FUL); + if (++utf8pos < utf8total) { + continue; + } + } else { + /* this is the first octet of a multi-octet character */ + utf8pos = 1; + if (c < 0xE0) { + utf8total = 2; + ucs4 = c & 0x1F; + } else if (c < 0xF0) { + utf8total = 3; + ucs4 = c & 0x0F; + } else { + /* NOTE: can't convert UTF8 sequences longer than 4 */ + utf8total = 4; + ucs4 = c & 0x03; + } + continue; + } + /* Finished with UTF-8 character. Make sure it isn't an + overlong sequence. If it is, return failure. */ + if ((ucs4 < 0x80 && utf8total > 1) || + (ucs4 < 0x0800 && utf8total > 2) || + (ucs4 < 0x00010000 && utf8total > 3) || + (ucs4 < 0x00200000 && utf8total > 4) || + (ucs4 < 0x04000000 && utf8total > 5) || + (ucs4 < 0x80000000 && utf8total > 6)) { + return 0; + } + /* loop to split ucs4 into two utf16 chars if necessary */ + utf8total = 0; + do { + if (ucs4 >= UTF16BASE) { + ucs4 -= UTF16BASE; + bitbuf = (bitbuf << 16) | ((ucs4 >> UTF16SHIFT) + + UTF16HIGHSTART); + ucs4 = (ucs4 & UTF16MASK) + UTF16LOSTART; + utf16flag = 1; + } else { + bitbuf = (bitbuf << 16) | ucs4; + utf16flag = 0; + } + bitstogo += 16; + /* spew out base64 */ + while (bitstogo >= 6) { + bitstogo -= 6; + *dst++ = base64chars[(bitstogo ? (bitbuf >> bitstogo) + + + +Melnikov & Newman Standards Track [Page 29] + +RFC 5092 IMAP URL Scheme November 2007 + + + : bitbuf) + & 0x3F]; + } + } while (utf16flag); + } + /* if in UTF-7 mode, finish in ASCII */ + if (utf7mode) { + if (bitstogo) { + *dst++ = base64chars[(bitbuf << (6 - bitstogo)) & 0x3F]; + } + *dst++ = '-'; + } + /* tie off string */ + *dst = '\0'; + return 1; +} + +Appendix B. List of Changes since RFC 2192 + + Updated boilerplate, list of editor's, etc. + Updated references. + Updated ABNF not to use _, to use SP instead of SPACE, etc. + Updated example domains to use example.org. + Fixed ABNF error in "imessagelist" non-terminal. + Updated ABNF, due to changes in RFC 3501, RFC 4466, and RFC 3986. + Renamed "iuserauth" non-terminal to <iuserinfo>. + Clarified that the userinfo component describes both authorization + identity and mailbox naming scope. + Allow for non-synchronizing literals in "enc-search". + Added "ipartial" specifier that denotes a partial FETCH. + Moved URLAUTH text from RFC 4467 to this document. + Updated ABNF for the whole server to allow missing trailing "/" + (e.g., "imap://imap.example.com" is now valid and is the same as + "imap://imap.example.com/"). + Clarified how relative-path references are constructed. + Added more examples demonstrating relative-path references. + Added rules for relative URLs and restructured ABNF as the result. + Removed text on use of relative URLs in MHTML. + Added examples demonstrating security considerations when resolving + URLs. + Recommend usage of STARTTLS/SASL security layer to protect + confidential data. + Removed some advices about connection reuse that were incorrect. + Removed URLs referencing a list of mailboxes, as this feature + hasn't seen any deployments. + Clarified that user name "anonymous" is case-insensitive. + + + + + +Melnikov & Newman Standards Track [Page 30] + +RFC 5092 IMAP URL Scheme November 2007 + + +Appendix C. List of Changes since RFC 4467 + + Renamed <mechanism> to <uauth-mechanism>. Restructured ABNF. + +Appendix D. Acknowledgments + + Text describing URLAUTH was lifted from [URLAUTH] by Mark Crispin. + + Stephane H. Maes contributed some ideas to this document; he also + co-edited early versions of this document. + + The editors would like to thank Mark Crispin, Ken Murchison, Ted + Hardie, Zoltan Ordogh, Dave Cridland, Kjetil Torgrim Homme, Lisa + Dusseault, Spencer Dawkins, Filip Navara, Shawn M. Emery, Sam + Hartman, Russ Housley, and Lars Eggert for the time they devoted to + reviewing this document and/or for the comments received. + +Authors' Addresses + + Chris Newman (Author/Editor) + Sun Microsystems + 3401 Centrelake Dr., Suite 410 + Ontario, CA 91761 + EMail: chris.newman@sun.com + + Alexey Melnikov (Editor) + Isode Limited + 5 Castle Business Village + 36 Station Road + Hampton, Middlesex + TW12 2BX, UK + EMail: Alexey.Melnikov@isode.com + URI: http://www.melnikov.ca/ + + + + + + + + + + + + + + + + + + +Melnikov & Newman Standards Track [Page 31] + +RFC 5092 IMAP URL Scheme November 2007 + + +Full Copyright Statement + + Copyright (C) The IETF Trust (2007). + + This document is subject to the rights, licenses and restrictions + contained in BCP 78, and except as set forth therein, the authors + retain all their rights. + + This document and the information contained herein are provided on an + "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS + OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND + THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS + OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF + THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED + WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + +Intellectual Property + + The IETF takes no position regarding the validity or scope of any + Intellectual Property Rights or other rights that might be claimed to + pertain to the implementation or use of the technology described in + this document or the extent to which any license under such rights + might or might not be available; nor does it represent that it has + made any independent effort to identify any such rights. Information + on the procedures with respect to rights in RFC documents can be + found in BCP 78 and BCP 79. + + Copies of IPR disclosures made to the IETF Secretariat and any + assurances of licenses to be made available, or the result of an + attempt made to obtain a general license or permission for the use of + such proprietary rights by implementers or users of this + specification can be obtained from the IETF on-line IPR repository at + http://www.ietf.org/ipr. + + The IETF invites any interested party to bring to its attention any + copyrights, patents or patent applications, or other proprietary + rights that may cover technology that may be required to implement + this standard. Please address the information to the IETF at + ietf-ipr@ietf.org. + + + + + + + + + + + + +Melnikov & Newman Standards Track [Page 32] +
