Network Working Group T. Showalter Request for Comments: 2971 Mirapoint, Inc. Category: Standards Track October 2000
Network Working Group T. Showalter Request for Comments: 2971 Mirapoint, Inc. Category: Standards Track October 2000
IMAP4 ID extension
IMAP4 ID扩展
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
Abstract
摘要
The ID extension to the Internet Message Access Protocol - Version 4rev1 (IMAP4rev1) protocol allows the server and client to exchange identification information on their implementation in order to make bug reports and usage statistics more complete.
Internet消息访问协议的ID扩展版本4rev1(IMAP4rev1)协议允许服务器和客户端交换有关其实现的标识信息,以便使错误报告和使用情况统计更加完整。
The IMAP4rev1 protocol described in [IMAP4rev1] provides a method for accessing remote mail stores, but it provides no facility to advertise what program a client or server uses to provide service. This makes it difficult for implementors to get complete bug reports from users, as it is frequently difficult to know what client or server is in use.
[IMAP4rev1]中描述的IMAP4rev1协议提供了一种访问远程邮件存储的方法,但它没有提供公布客户端或服务器用于提供服务的程序的工具。这使得实现人员很难从用户那里获得完整的bug报告,因为通常很难知道使用的是什么客户端或服务器。
Additionally, some sites may wish to assemble usage statistics based on what clients are used, but in an an environment where users are permitted to obtain and maintain their own clients this is difficult to accomplish.
此外,一些站点可能希望根据使用的客户端收集使用统计数据,但在允许用户获取和维护自己的客户端的环境中,这很难实现。
The ID command provides a facility to advertise information on what programs are being used along with contact information (should bugs ever occur).
ID命令提供了一种工具,用于公布正在使用的程序的信息以及联系信息(如果出现错误)。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [KEYWORDS].
本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[关键词]中所述进行解释。
The conventions used in this document are the same as specified in [IMAP4rev1]. In examples, "C:" and "S:" indicate lines sent by the client and server respectively. Line breaks have been inserted for readability.
本文件中使用的约定与[IMAP4rev1]中规定的相同。在示例中,“C:”和“S:”分别表示客户端和服务器发送的行。为便于阅读,插入了换行符。
The sole purpose of the ID extension is to enable clients and servers to exchange information on their implementations for the purposes of statistical analysis and problem determination.
ID扩展的唯一目的是使客户端和服务器能够交换有关其实现的信息,以便进行统计分析和确定问题。
This information is be submitted to a server by any client wishing to provide information for statistical purposes, provided the server advertises its willingness to take the information with the atom "ID" included in the list of capabilities returned by the CAPABILITY command.
任何希望提供统计信息的客户机都可以将此信息提交给服务器,前提是服务器宣布其愿意使用CAPABILITY命令返回的功能列表中包含的atom“ID”获取信息。
Implementations MUST NOT make operational changes based on the data sent as part of the ID command or response. The ID command is for human consumption only, and is not to be used in improving the performance of clients or servers.
实现不得基于作为ID命令或响应的一部分发送的数据进行操作更改。ID命令仅供人员使用,不用于提高客户端或服务器的性能。
This includes, but is not limited to, the following:
这包括但不限于以下内容:
Servers MUST NOT attempt to work around client bugs by using information from the ID command. Clients MUST NOT attempt to work around server bugs based on the ID response.
服务器不得试图通过使用ID命令中的信息来解决客户端错误。客户端不得试图根据ID响应解决服务器错误。
Servers MUST NOT provide features to a client or otherwise optimize for a particular client by using information from the ID command. Clients MUST NOT provide features to a server or otherwise optimize for a particular server based on the ID response.
服务器不得向客户端提供功能,也不得使用ID命令中的信息为特定客户端进行优化。客户端不得向服务器提供功能,也不得基于ID响应为特定服务器进行优化。
Servers MUST NOT deny access to or refuse service for a client based on information from the ID command. Clients MUST NOT refuse to operate or limit their operation with a server based on the ID response.
服务器不得基于ID命令中的信息拒绝对客户端的访问或拒绝为客户端提供服务。客户端不得基于ID响应拒绝或限制其对服务器的操作。
Rationale: It is imperative that this extension not supplant IMAP's CAPABILITY mechanism with a ad-hoc approach where implementations guess each other's features based on who they claim to be.
理由:这种扩展不能用一种特殊的方法取代IMAP的功能机制,在这种方法中,实现根据它们声称是谁来猜测彼此的功能。
Implementations MUST NOT send false information in an ID command.
实现不能在ID命令中发送错误信息。
Implementations MAY send less information than they have available or no information at all. Such behavior may be useful to preserve user privacy. See Security Considerations, section 7.
实现可能发送的信息少于可用信息,或者根本没有信息。这种行为可能有助于保护用户隐私。见安全注意事项,第7节。
Arguments: client parameter list or NIL
参数:客户端参数列表或NIL
Responses: OPTIONAL untagged response: ID
响应:可选的未标记响应:ID
Result: OK identification information accepted BAD command unknown or arguments invalid
结果:确定标识信息已接受错误命令未知或参数无效
Implementation identification information is sent by the client with the ID command.
实现标识信息由客户端通过ID命令发送。
This command is valid in any state.
此命令在任何状态下都有效。
The information sent is in the form of a list of field/value pairs. Fields are permitted to be any IMAP4 string, and values are permitted to be any IMAP4 string or NIL. A value of NIL indicates that the client can not or will not specify this information. The client may also send NIL instead of the list, indicating that it wants to send no information, but would still accept a server response.
以字段/值对列表的形式发送信息。字段允许为任何IMAP4字符串,值允许为任何IMAP4字符串或NIL。值NIL表示客户端不能或不会指定此信息。客户机也可能发送NIL而不是列表,这表示它不想发送任何信息,但仍然会接受服务器响应。
The available fields are defined in section 3.3.
第3.3节定义了可用字段。
Example: C: a023 ID ("name" "sodr" "version" "19.34" "vendor" "Pink Floyd Music Limited") S: * ID NIL S: a023 OK ID completed
Example: C: a023 ID ("name" "sodr" "version" "19.34" "vendor" "Pink Floyd Music Limited") S: * ID NIL S: a023 OK ID completed
Contents: server parameter list
目录:服务器参数列表
In response to an ID command issued by the client, the server replies with a tagged response containing information on its implementation. The format is the same as the client list.
作为对客户端发出的ID命令的响应,服务器使用包含其实现信息的标记响应进行响应。格式与客户端列表相同。
Example: C: a042 ID NIL S: * ID ("name" "Cyrus" "version" "1.5" "os" "sunos" "os-version" "5.5" "support-url" "mailto:cyrus-bugs+@andrew.cmu.edu") S: a042 OK ID command completed
Example: C: a042 ID NIL S: * ID ("name" "Cyrus" "version" "1.5" "os" "sunos" "os-version" "5.5" "support-url" "mailto:cyrus-bugs+@andrew.cmu.edu") S: a042 OK ID command completed
A server MUST send a tagged ID response to an ID command. However, a server MAY send NIL in place of the list.
服务器必须向ID命令发送带标记的ID响应。但是,服务器可以发送NIL来代替列表。
Any string may be sent as a field, but the following are defined to describe certain values that might be sent. Implementations are free to send none, any, or all of these. Strings are not case-sensitive. Field strings MUST NOT be longer than 30 octets. Value strings MUST NOT be longer than 1024 octets. Implementations MUST NOT send more than 30 field-value pairs.
任何字符串都可以作为字段发送,但定义以下内容是为了描述可能发送的某些值。实现可以免费发送任何、任何或所有这些信息。字符串不区分大小写。字段字符串的长度不得超过30个八位字节。值字符串的长度不得超过1024个八位字节。实现发送的字段值对不得超过30个。
name Name of the program version Version number of the program os Name of the operating system os-version Version of the operating system vendor Vendor of the client/server support-url URL to contact for support address Postal address of contact/vendor date Date program was released, specified as a date-time in IMAP4rev1 command Command used to start the program arguments Arguments supplied on the command line, if any if any environment Description of environment, i.e., UNIX environment variables or Windows registry settings
程序的名称版本的名称程序的版本号操作系统的名称操作系统的版本客户端/服务器的供应商的供应商支持url联系人的url支持地址联系人的邮政地址联系人/供应商日期程序发布日期,在IMAP4rev1命令中指定为日期时间,用于启动命令行上提供的程序参数(如果有)环境描述,即UNIX环境变量或Windows注册表设置
Implementations MUST NOT use contact information to submit automatic bug reports. Implementations may include information from an ID response in a report automatically prepared, but are prohibited from sending the report without user authorization.
实施不得使用联系信息提交自动错误报告。实现可以在自动准备的报告中包含来自ID响应的信息,但禁止在未经用户授权的情况下发送报告。
It is preferable to find the name and version of the underlying operating system at runtime in cases where this is possible.
在可能的情况下,最好在运行时查找底层操作系统的名称和版本。
Information sent via an ID response may violate user privacy. See Security Considerations, section 7.
通过ID响应发送的信息可能会侵犯用户隐私。见安全注意事项,第7节。
Implementations MUST NOT send the same field name more than once.
实现不能多次发送相同的字段名。
This syntax is intended to augment the grammar specified in [IMAP4rev1] in order to provide for the ID command. This specification uses the augmented Backus-Naur Form (BNF) notation as used in [IMAP4rev1].
此语法旨在扩充[IMAP4rev1]中指定的语法,以提供ID命令。本规范使用[IMAP4rev1]中使用的增广巴科斯诺尔形式(BNF)表示法。
command_any ::= "CAPABILITY" / "LOGOUT" / "NOOP" / x_command / id ;; adds id command to command_any in [IMAP4rev1]
command_any ::= "CAPABILITY" / "LOGOUT" / "NOOP" / x_command / id ;; adds id command to command_any in [IMAP4rev1]
id ::= "ID" SPACE id_params_list
id ::= "ID" SPACE id_params_list
id_response ::= "ID" SPACE id_params_list
id_response ::= "ID" SPACE id_params_list
id_params_list ::= "(" #(string SPACE nstring) ")" / nil ;; list of field value pairs
id_params_list ::= "(" #(string SPACE nstring) ")" / nil ;; list of field value pairs
response_data ::= "*" SPACE (resp_cond_state / resp_cond_bye / mailbox_data / message_data / capability_data / id_response)
response_data ::= "*" SPACE (resp_cond_state / resp_cond_bye / mailbox_data / message_data / capability_data / id_response)
There exist proxies, firewalls, and other intermediary systems that can intercept an IMAP session and make changes to the data exchanged in the session. Such intermediaries are not anticipated by the IMAP4 protocol design and are not within the scope of the IMAP4 standard. However, in order for the ID command to be useful in the presence of such intermediaries, those intermediaries need to take special note of the ID command and response. In particular, if an intermediary changes any part of the IMAP session it must also change the ID command to advertise its presence.
存在可以拦截IMAP会话并对会话中交换的数据进行更改的代理、防火墙和其他中介系统。IMAP4协议设计不预期此类中介,也不在IMAP4标准的范围内。然而,为了使ID命令在这些中介体存在时有用,这些中介体需要特别注意ID命令和响应。特别是,如果中介更改IMAP会话的任何部分,它还必须更改ID命令以公布其存在。
A firewall MAY act to block transmission of specific information fields in the ID command and response that it believes reveal information that could expose a security vulnerability. However, a firewall SHOULD NOT disable the extension, when present, entirely, and SHOULD NOT unconditionally remove either the client or server list.
防火墙可能会阻止ID命令和响应中特定信息字段的传输,它认为这些字段会泄露可能暴露安全漏洞的信息。但是,防火墙不应完全禁用扩展,也不应无条件删除客户机或服务器列表。
Finally, it should be noted that a firewall, when handling a CAPABILITY response, MUST NOT allow the names of extensions to be returned to the client that the firewall has no knowledge of.
最后,应该注意的是,防火墙在处理功能响应时,不能允许将扩展名返回给防火墙不知道的客户端。
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,RFC 211997年3月。
[IMAP4rev1] Crispin, M., "Internet Message Access Protocol - Version 4rev1", RFC 2060, October 1996.
[IMAP4rev1]Crispin,M.,“互联网消息访问协议-版本4rev1”,RFC20601996年10月。
[RFC-822] Crocker, D., "Standard for the Format of ARPA Internet Text Messages", STD 11, RFC 822, August 1982.
[RFC-822]Crocker,D.,“ARPA互联网文本信息格式标准”,STD 11,RFC 822,1982年8月。
This extension has the danger of violating the privacy of users if misused. Clients and servers should notify users that they implement and enable the ID command.
如果滥用,此扩展有侵犯用户隐私的危险。客户端和服务器应该通知用户他们实现并启用了ID命令。
It is highly desirable that implementations provide a method of disabling ID support, perhaps by not sending ID at all, or by sending NIL as the argument to the ID command or response.
非常希望实现提供一种禁用ID支持的方法,可能根本不发送ID,或者发送NIL作为ID命令或响应的参数。
Implementors must exercise extreme care in adding fields sent as part of an ID command or response. Some fields, including a processor ID number, Ethernet address, or other unique (or mostly unique) identifier allow tracking of users in ways that violate user privacy expectations.
在添加作为ID命令或响应的一部分发送的字段时,实现者必须非常小心。某些字段(包括处理器ID号、以太网地址或其他唯一(或大部分唯一)标识符)允许以违反用户隐私期望的方式跟踪用户。
Having implementation information of a given client or server may make it easier for an attacker to gain unauthorized access due to security holes.
拥有给定客户端或服务器的实现信息可能会使攻击者更容易由于安全漏洞而获得未经授权的访问。
Since this command includes arbitrary data and does not require the user to authenticate, server implementations are cautioned to guard against an attacker sending arbitrary garbage data in order to fill up the ID log. In particular, if a server naively logs each ID command to disk without inspecting it, an attacker can simply fire up thousands of connections and send a few kilobytes of random data. Servers have to guard against this. Methods include truncating abnormally large responses; collating responses by storing only a single copy, then keeping a counter of the number of times that response has been seen; keeping only particularly interesting parts of responses; and only logging responses of users who actually log in.
由于此命令包含任意数据且不要求用户进行身份验证,因此服务器实现应注意防止攻击者发送任意垃圾数据以填充ID日志。特别是,如果服务器在未检查的情况下天真地将每个ID命令记录到磁盘,攻击者只需启动数千个连接并发送几千字节的随机数据。服务器必须对此加以防范。方法包括截断异常大的响应;通过只存储一个副本来整理响应,然后保留一个计数器,记录该响应被看到的次数;只保留反应中特别有趣的部分;并且只记录实际登录用户的响应。
Security is affected by firewalls which modify the IMAP protocol stream; see section 5, Use of the ID Extension with Firewalls and Other Intermediaries, for more information.
安全性受到修改IMAP协议流的防火墙的影响;有关更多信息,请参阅第5节,将ID扩展与防火墙和其他中介一起使用。
Tim Showalter Mirapoint, Inc. 909 Hermosa Ct. Sunnyvale, CA 94095
蒂姆·肖沃特·米拉波因特公司,邮编:909赫莫萨Ct。加利福尼亚州桑尼维尔94095
EMail: tjs@mirapoint.com
EMail: tjs@mirapoint.com
Copyright (C) The Internet Society (2000). All Rights Reserved.
版权所有(C)互联网协会(2000年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。