imapext-2007: docs/rfc/rfc5092.txt annotate

imapext-2007

annotate docs/rfc/rfc5092.txt @ 0:ada5e610ab86

imap-2007e

author	yuuji@gentei.org
date	Mon, 14 Sep 2009 15:17:45 +0900
parents
children

rev	line source
yuuji@0	1
yuuji@0	2
yuuji@0	3
yuuji@0	4
yuuji@0	5
yuuji@0	6
yuuji@0	7 Network Working Group A. Melnikov, Ed.
yuuji@0	8 Request for Comments: 5092 Isode Ltd.
yuuji@0	9 Obsoletes: 2192 C. Newman
yuuji@0	10 Updates: 4467 Sun Microsystems
yuuji@0	11 Category: Standards Track November 2007
yuuji@0	12
yuuji@0	13
yuuji@0	14 IMAP URL Scheme
yuuji@0	15
yuuji@0	16 Status of This Memo
yuuji@0	17
yuuji@0	18 This document specifies an Internet standards track protocol for the
yuuji@0	19 Internet community, and requests discussion and suggestions for
yuuji@0	20 improvements. Please refer to the current edition of the "Internet
yuuji@0	21 Official Protocol Standards" (STD 1) for the standardization state
yuuji@0	22 and status of this protocol. Distribution of this memo is unlimited.
yuuji@0	23
yuuji@0	24 Abstract
yuuji@0	25
yuuji@0	26 IMAP (RFC 3501) is a rich protocol for accessing remote message
yuuji@0	27 stores. It provides an ideal mechanism for accessing public mailing
yuuji@0	28 list archives as well as private and shared message stores. This
yuuji@0	29 document defines a URL scheme for referencing objects on an IMAP
yuuji@0	30 server.
yuuji@0	31
yuuji@0	32 This document obsoletes RFC 2192. It also updates RFC 4467.
yuuji@0	33
yuuji@0	34
yuuji@0	35
yuuji@0	36
yuuji@0	37
yuuji@0	38
yuuji@0	39
yuuji@0	40
yuuji@0	41
yuuji@0	42
yuuji@0	43
yuuji@0	44
yuuji@0	45
yuuji@0	46
yuuji@0	47
yuuji@0	48
yuuji@0	49
yuuji@0	50
yuuji@0	51
yuuji@0	52
yuuji@0	53
yuuji@0	54
yuuji@0	55
yuuji@0	56
yuuji@0	57
yuuji@0	58 Melnikov & Newman Standards Track [Page 1]
yuuji@0	59
yuuji@0	60 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	61
yuuji@0	62
yuuji@0	63 Table of Contents
yuuji@0	64
yuuji@0	65 1. Introduction ....................................................2
yuuji@0	66 2. Conventions Used in This Document ...............................3
yuuji@0	67 3. IMAP userinfo Component (iuserinfo) .............................4
yuuji@0	68 3.1. IMAP Mailbox Naming Scope ..................................4
yuuji@0	69 3.2. IMAP User Name and Authentication Mechanism ................4
yuuji@0	70 3.3. Limitations of enc-user ....................................6
yuuji@0	71 4. IMAP Server .....................................................7
yuuji@0	72 5. Lists of Messages ...............................................7
yuuji@0	73 6. A Specific Message or Message Part ..............................8
yuuji@0	74 6.1. URLAUTH Authorized URL .....................................9
yuuji@0	75 6.1.1. Concepts ............................................9
yuuji@0	76 6.1.1.1. URLAUTH ....................................9
yuuji@0	77 6.1.1.2. Mailbox Access Key .........................9
yuuji@0	78 6.1.1.3. Authorized Access Identifier ...............9
yuuji@0	79 6.1.1.4. Authorization Mechanism ...................10
yuuji@0	80 6.1.1.5. Authorization Token .......................10
yuuji@0	81 6.1.2. URLAUTH Extensions to IMAP URL .....................10
yuuji@0	82 7. Relative IMAP URLs .............................................11
yuuji@0	83 7.1. absolute-path References ..................................12
yuuji@0	84 7.2. relative-path References ..................................12
yuuji@0	85 8. Internationalization Considerations ............................13
yuuji@0	86 9. Examples .......................................................13
yuuji@0	87 9.1. Examples of Relative URLs .................................16
yuuji@0	88 10. Security Considerations .......................................16
yuuji@0	89 10.1. Security Considerations Specific to URLAUTH Authorized
yuuji@0	90 URL ......................................................17
yuuji@0	91 11. ABNF for IMAP URL Scheme ......................................17
yuuji@0	92 12. IANA Considerations ...........................................21
yuuji@0	93 12.1. IANA Registration of imap: URI Scheme ....................21
yuuji@0	94 13. References ....................................................22
yuuji@0	95 13.1. Normative References .....................................22
yuuji@0	96 13.2. Informative References ...................................23
yuuji@0	97 Appendix A. Sample Code............................................24
yuuji@0	98 Appendix B. List of Changes since RFC 2192.........................30
yuuji@0	99 Appendix C. List of Changes since RFC 4467.........................31
yuuji@0	100 Appendix D. Acknowledgments........................................31
yuuji@0	101
yuuji@0	102 1. Introduction
yuuji@0	103
yuuji@0	104 The IMAP URL scheme is used to designate IMAP servers, mailboxes,
yuuji@0	105 messages, MIME bodies [MIME], and search programs on Internet hosts
yuuji@0	106 accessible using the IMAP protocol over TCP.
yuuji@0	107
yuuji@0	108 The IMAP URL follows the common Internet scheme syntax as defined in
yuuji@0	109 [URI-GEN]. If :<port> is omitted, the port defaults to 143 (as
yuuji@0	110 defined in Section 2.1 of [IMAP4]).
yuuji@0	111
yuuji@0	112
yuuji@0	113
yuuji@0	114 Melnikov & Newman Standards Track [Page 2]
yuuji@0	115
yuuji@0	116 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	117
yuuji@0	118
yuuji@0	119 An absolute IMAP URL takes one of the following forms:
yuuji@0	120
yuuji@0	121 imap://<iserver>[/]
yuuji@0	122
yuuji@0	123 imap://<iserver>/<enc-mailbox>[<uidvalidity>][?<enc-search>]
yuuji@0	124
yuuji@0	125 imap://<iserver>/<enc-mailbox>[<uidvalidity>]<iuid>
yuuji@0	126 [<isection>][<ipartial>][<iurlauth>]
yuuji@0	127
yuuji@0	128 The first form is used to refer to an IMAP server (see Section 4),
yuuji@0	129 the second form refers to the contents of a mailbox or a set of
yuuji@0	130 messages resulting from a search (see Section 5), and the final form
yuuji@0	131 refers to a specific message or message part, and possibly a byte
yuuji@0	132 range in that part (see Section 6). If [URLAUTH] extension is
yuuji@0	133 supported, then the final form can have the <iurlauth> component (see
yuuji@0	134 Section 6.1 for more details).
yuuji@0	135
yuuji@0	136 The <iserver> component common to all types of absolute IMAP URLs has
yuuji@0	137 the following syntax expressed in ABNF [ABNF]:
yuuji@0	138
yuuji@0	139 [iuserinfo "@"] host [ ":" port ]
yuuji@0	140
yuuji@0	141 The <iserver> component is the same as "authority" defined in
yuuji@0	142 [URI-GEN]. The syntax and uses of the <iuserinfo> ("IMAP userinfo
yuuji@0	143 component") are described in detail in Section 3. The syntax of
yuuji@0	144 <host> and <port> is described in [URI-GEN].
yuuji@0	145
yuuji@0	146 2. Conventions Used in This Document
yuuji@0	147
yuuji@0	148 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
yuuji@0	149 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
yuuji@0	150 document are to be interpreted as described in RFC 2119 [KEYWORDS].
yuuji@0	151
yuuji@0	152 This document references many productions from [URI-GEN]. When the
yuuji@0	153 document needs to emphasize IMAP URI-specific differences from [URI-
yuuji@0	154 GEN] (i.e., for parts of IMAP URIs that have more restricted syntax
yuuji@0	155 than generic URIs), it uses a non-terminal i<foo> to define an IMAP-
yuuji@0	156 specific version of the non-terminal <foo> from [URI-GEN].
yuuji@0	157
yuuji@0	158 Note that the ABNF syntax shown in Section 11 is normative. Sections
yuuji@0	159 2-6 may use a less formal syntax that does not necessarily match the
yuuji@0	160 normative ABNF shown in Section 11. If there are any differences
yuuji@0	161 between the syntax shown in Sections 2-6 and Section 11, then the
yuuji@0	162 syntax shown in Section 11 must be treated as authoritative. Non-
yuuji@0	163 syntax requirements included in Sections 2-6 are, of course,
yuuji@0	164 normative.
yuuji@0	165
yuuji@0	166
yuuji@0	167
yuuji@0	168
yuuji@0	169
yuuji@0	170 Melnikov & Newman Standards Track [Page 3]
yuuji@0	171
yuuji@0	172 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	173
yuuji@0	174
yuuji@0	175 3. IMAP userinfo Component (iuserinfo)
yuuji@0	176
yuuji@0	177 The <iuserinfo> component conforms to the generic syntax of
yuuji@0	178 <userinfo> defined in [URI-GEN]. It has the following syntax
yuuji@0	179 expressed in ABNF [ABNF]:
yuuji@0	180
yuuji@0	181 enc-user [iauth] / [enc-user] iauth
yuuji@0	182
yuuji@0	183 The meaning of the different parts is described in subsections of
yuuji@0	184 this section.
yuuji@0	185
yuuji@0	186 3.1. IMAP Mailbox Naming Scope
yuuji@0	187
yuuji@0	188 The "enc-user" part of the "iuserinfo" component, if present, denotes
yuuji@0	189 mailbox naming scope. If it is absent, the IMAP URL can only
yuuji@0	190 reference mailboxes with globally unique names, i.e., mailboxes with
yuuji@0	191 names that don't change depending on the user the client
yuuji@0	192 authenticated as to the IMAP server. Note that not all IMAP
yuuji@0	193 implementations support globally unique names.
yuuji@0	194
yuuji@0	195 For example, a personal mailbox described by the following URL
yuuji@0	196 <imap://michael@example.org/INBOX> is most likely different from a
yuuji@0	197 personal mailbox described by <imap://bester@example.org/INBOX>, even
yuuji@0	198 though both URLs use the same mailbox name.
yuuji@0	199
yuuji@0	200 3.2. IMAP User Name and Authentication Mechanism
yuuji@0	201
yuuji@0	202 The userinfo component (see [URI-GEN]) of an IMAP URI may contain an
yuuji@0	203 IMAP user name (a.k.a. authorization identity [SASL], "enc-user")
yuuji@0	204 and/or an authentication mechanism. (Note that the "enc-user" also
yuuji@0	205 defines a mailbox naming scope as described in Section 3.1). The
yuuji@0	206 IMAP user name and the authentication mechanism are used in the
yuuji@0	207 "LOGIN" or "AUTHENTICATE" commands after making the connection to the
yuuji@0	208 IMAP server.
yuuji@0	209
yuuji@0	210 If no user name and no authentication mechanism are supplied, the
yuuji@0	211 client MUST authenticate as anonymous to the server. If the server
yuuji@0	212 advertises AUTH=ANONYMOUS IMAP capability, the client MUST use the
yuuji@0	213 AUTHENTICATE command with ANONYMOUS [ANONYMOUS] SASL mechanism. If
yuuji@0	214 SASL ANONYMOUS is not available, the (case-insensitive) user name
yuuji@0	215 "anonymous" is used with the "LOGIN" command and the Internet email
yuuji@0	216 address of the end user accessing the resource is supplied as the
yuuji@0	217 password. The latter option is given in order to provide for
yuuji@0	218 interoperability with deployed servers.
yuuji@0	219
yuuji@0	220 Note that, as described in RFC 3501, the "LOGIN" command MUST NOT be
yuuji@0	221 used when the IMAP server advertises the LOGINDISABLED capability.
yuuji@0	222
yuuji@0	223
yuuji@0	224
yuuji@0	225
yuuji@0	226 Melnikov & Newman Standards Track [Page 4]
yuuji@0	227
yuuji@0	228 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	229
yuuji@0	230
yuuji@0	231 An authentication mechanism (as used by the IMAP AUTHENTICATE
yuuji@0	232 command) can be expressed by adding ";AUTH=<enc-auth-type>" to the
yuuji@0	233 end of the user name in an IMAP URL. When such an <enc-auth-type> is
yuuji@0	234 indicated, the client SHOULD request appropriate credentials from
yuuji@0	235 that mechanism and use the "AUTHENTICATE" command instead of the
yuuji@0	236 "LOGIN" command. If no user name is specified, one MUST be obtained
yuuji@0	237 from the mechanism or requested from the user/configuration as
yuuji@0	238 appropriate.
yuuji@0	239
yuuji@0	240 The string ";AUTH=*" indicates that the client SHOULD select an
yuuji@0	241 appropriate authentication mechanism. (Though the '*' character in
yuuji@0	242 this usage is not strictly a delimiter, it is being treated like a
yuuji@0	243 sub-delim [URI-GEN] in this instance. It MUST NOT be percent-encoded
yuuji@0	244 in this usage, as ";AUTH=%2A" will not match this production.) It
yuuji@0	245 MAY use any mechanism listed in the response to the CAPABILITY
yuuji@0	246 command (or CAPABILITY response code) or use an out-of-band security
yuuji@0	247 service resulting in a PREAUTH connection. If no user name is
yuuji@0	248 specified and no appropriate authentication mechanisms are available,
yuuji@0	249 the client SHOULD fall back to anonymous login as described above.
yuuji@0	250 The behavior prescribed in this section allows a URL that grants
yuuji@0	251 read-write access to authorized users and read-only anonymous access
yuuji@0	252 to other users.
yuuji@0	253
yuuji@0	254 If a user name is included with no authentication mechanism, then
yuuji@0	255 ";AUTH=*" is assumed.
yuuji@0	256
yuuji@0	257 Clients must take care when resolving a URL that requires or requests
yuuji@0	258 any sort of authentication, since URLs can easily come from untrusted
yuuji@0	259 sources. Supplying authentication credentials to the wrong server
yuuji@0	260 may compromise the security of the user's account; therefore, the
yuuji@0	261 program resolving the URL should meet at least one of the following
yuuji@0	262 criteria in this case:
yuuji@0	263
yuuji@0	264 1) The URL comes from a trusted source, such as a referral server
yuuji@0	265 that the client has validated and trusts according to site policy.
yuuji@0	266 Note that user entry of the URL may or may not count as a trusted
yuuji@0	267 source, depending on the experience level of the user and site
yuuji@0	268 policy.
yuuji@0	269
yuuji@0	270 2) Explicit local site policy permits the client to connect to the
yuuji@0	271 server in the URL. For example, a company example.com may have a
yuuji@0	272 site policy to trust all IMAP server names ending in example.com,
yuuji@0	273 whereas such a policy would be unwise for example.edu where random
yuuji@0	274 students can set up IMAP servers.
yuuji@0	275
yuuji@0	276 3) The user confirms that connecting to that domain name with the
yuuji@0	277 specified credentials and/or mechanism is permitted. For example,
yuuji@0	278 when using "LOGIN" or SASL PLAIN with Transport Layer Security
yuuji@0	279
yuuji@0	280
yuuji@0	281
yuuji@0	282 Melnikov & Newman Standards Track [Page 5]
yuuji@0	283
yuuji@0	284 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	285
yuuji@0	286
yuuji@0	287 (TLS), the IMAP URL client presents a dialog box "Is it OK to send
yuuji@0	288 your password to server "example.com"? Please be aware the owners
yuuji@0	289 of example.com will be able to reuse your password to connect to
yuuji@0	290 other servers on your behalf".
yuuji@0	291
yuuji@0	292 4) A mechanism is used that validates the server before passing
yuuji@0	293 potentially compromising client credentials. For example, a site
yuuji@0	294 has a designated TLS certificate used to certify site-trusted IMAP
yuuji@0	295 server certificates, and this has been configured explicitly into
yuuji@0	296 the IMAP URL client. Another example is use of a Simple
yuuji@0	297 Authentication and Security Layer (SASL) mechanism such as
yuuji@0	298 DIGEST-MD5 [DIGEST-MD5], which supports mutual authentication.
yuuji@0	299
yuuji@0	300 5) An authentication mechanism is used that will not reveal any
yuuji@0	301 information to the server that could be used to compromise future
yuuji@0	302 connections. Examples are SASL ANONYMOUS [ANONYMOUS] or GSSAPI
yuuji@0	303 [GSSAPI].
yuuji@0	304
yuuji@0	305 URLs that do not include a user name but include an authentication
yuuji@0	306 mechanism (";AUTH=<mech>") must be treated with extra care, since for
yuuji@0	307 some <mech>s they are more likely to compromise the user's primary
yuuji@0	308 account. A URL containing ";AUTH=*" must also be treated with extra
yuuji@0	309 care since it might fall back on a weaker security mechanism.
yuuji@0	310 Finally, clients are discouraged from using a plaintext password as a
yuuji@0	311 fallback with ";AUTH=*" unless the connection has strong encryption.
yuuji@0	312
yuuji@0	313 A program interpreting IMAP URLs MAY cache open connections to an
yuuji@0	314 IMAP server for later reuse. If a URL contains a user name, only
yuuji@0	315 connections authenticated as that user may be reused. If a URL does
yuuji@0	316 not contain a user name or authentication mechanism, then only an
yuuji@0	317 anonymous connection may be reused.
yuuji@0	318
yuuji@0	319 Note that if unsafe or reserved characters such as " " (space) or ";"
yuuji@0	320 are present in the user name or authentication mechanism, they MUST
yuuji@0	321 be percent-encoded as described in [URI-GEN].
yuuji@0	322
yuuji@0	323 3.3. Limitations of enc-user
yuuji@0	324
yuuji@0	325 As per Sections 3.1 and 3.2 of this document, the IMAP URI enc-user
yuuji@0	326 has two purposes:
yuuji@0	327
yuuji@0	328 1) It provides context for user-specific mailbox paths such as
yuuji@0	329 "INBOX" (Section 3.1).
yuuji@0	330
yuuji@0	331 2) It specifies that resolution of the URL requires logging in as
yuuji@0	332 that user and limits use of that URL to only that user (Section
yuuji@0	333 3.2).
yuuji@0	334
yuuji@0	335
yuuji@0	336
yuuji@0	337
yuuji@0	338 Melnikov & Newman Standards Track [Page 6]
yuuji@0	339
yuuji@0	340 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	341
yuuji@0	342
yuuji@0	343 An obvious limitation of using the same field for both purposes is
yuuji@0	344 that the URL can be resolved only by the mailbox owner. In order to
yuuji@0	345 avoid this restriction, implementations should use globally unique
yuuji@0	346 mailbox names (see Section 3.1) whenever possible.
yuuji@0	347
yuuji@0	348 Note: There is currently no general way in IMAP of learning a
yuuji@0	349 globally unique name for a mailbox. However, by looking at the
yuuji@0	350 NAMESPACE [NAMESPACE] command result, it is possible to determine
yuuji@0	351 whether or not a mailbox name is globally unique.
yuuji@0	352
yuuji@0	353 The URLAUTH component overrides the second purpose of the enc-user in
yuuji@0	354 the IMAP URI and by default permits the URI to be resolved by any
yuuji@0	355 user permitted by the <access> identifier. URLAUTH and <access>
yuuji@0	356 identifier are described in Section 6.1.
yuuji@0	357
yuuji@0	358 4. IMAP Server
yuuji@0	359
yuuji@0	360 An IMAP URL referring to an IMAP server has the following form:
yuuji@0	361
yuuji@0	362 imap://<iserver>[/]
yuuji@0	363
yuuji@0	364 This URL type is frequently used to describe a location of an IMAP
yuuji@0	365 server, both in referrals and in configuration. It may optionally
yuuji@0	366 contain the <iuserinfo> component (see Sections 3 and 11). A program
yuuji@0	367 interpreting this URL would issue the standard set of commands it
yuuji@0	368 uses to present a view of the content of the IMAP server, as visible
yuuji@0	369 to the user described by the "enc-user" part of the <iuserinfo>
yuuji@0	370 component, if the "enc-user" part is specified.
yuuji@0	371
yuuji@0	372 5. Lists of Messages
yuuji@0	373
yuuji@0	374 An IMAP URL referring to a list of messages has the following form:
yuuji@0	375
yuuji@0	376 imap://<iserver>/<enc-mailbox>[<uidvalidity>][?<enc-search>]
yuuji@0	377
yuuji@0	378 The <enc-mailbox> field is used as the argument to the IMAP4 "SELECT"
yuuji@0	379 or "EXAMINE" command. Note that if unsafe or reserved characters
yuuji@0	380 such as " " (space), ";", or "?" are present in <enc-mailbox>, they
yuuji@0	381 MUST be percent-encoded as described in [URI-GEN].
yuuji@0	382
yuuji@0	383 The <uidvalidity> field is optional. If it is present, it MUST be
yuuji@0	384 the same as the value of IMAP4 UIDVALIDITY response code at the time
yuuji@0	385 the URL was created. This MUST be used by the program interpreting
yuuji@0	386 the IMAP URL to determine if the URL is stale. If the IMAP URL is
yuuji@0	387 stale, then the program should behave as if the corresponding mailbox
yuuji@0	388 doesn't exist.
yuuji@0	389
yuuji@0	390
yuuji@0	391
yuuji@0	392
yuuji@0	393
yuuji@0	394 Melnikov & Newman Standards Track [Page 7]
yuuji@0	395
yuuji@0	396 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	397
yuuji@0	398
yuuji@0	399 Note that the <uidvalidity> field is a modifier to the <enc-mailbox>,
yuuji@0	400 i.e., it is considered a part of the last "component" (as used in
yuuji@0	401 [URI-GEN]) of the <enc-mailbox>. This is significant during relative
yuuji@0	402 URI resolution.
yuuji@0	403
yuuji@0	404 The "?<enc-search>" field is optional. If it is not present, the
yuuji@0	405 program interpreting the URL will present the entire content of the
yuuji@0	406 mailbox.
yuuji@0	407
yuuji@0	408 If the "?<enc-search>" field is present, the program interpreting the
yuuji@0	409 URL should use the contents of this field as arguments following an
yuuji@0	410 IMAP4 SEARCH command. These arguments are likely to contain unsafe
yuuji@0	411 characters such as " " (space) (which are likely to be present in the
yuuji@0	412 <enc-search>). If unsafe characters are present, they MUST be
yuuji@0	413 percent-encoded as described in [URI-GEN].
yuuji@0	414
yuuji@0	415 Note that quoted strings and non-synchronizing literals [LITERAL+]
yuuji@0	416 are allowed in the <enc-search> content; however, synchronizing
yuuji@0	417 literals are not allowed, as their presence would effectively mean
yuuji@0	418 that the agent interpreting IMAP URLs needs to parse an <enc-search>
yuuji@0	419 content, find all synchronizing literals, and perform proper command
yuuji@0	420 continuation request handling (see Sections 4.3 and 7 of [IMAP4]).
yuuji@0	421
yuuji@0	422 6. A Specific Message or Message Part
yuuji@0	423
yuuji@0	424 An IMAP URL referring to a specific message or message part has the
yuuji@0	425 following form:
yuuji@0	426
yuuji@0	427 imap://<iserver>/<enc-mailbox>[<uidvalidity>]<iuid>
yuuji@0	428 [<isection>][<ipartial>][<iurlauth>]
yuuji@0	429
yuuji@0	430 The <enc-mailbox> and [uidvalidity] are as defined in Section 5
yuuji@0	431 above.
yuuji@0	432
yuuji@0	433 If <uidvalidity> is present in this form, it SHOULD be used by the
yuuji@0	434 program interpreting the URL to determine if the URL is stale.
yuuji@0	435
yuuji@0	436 The <iuid> refers to an IMAP4 message Unique Identifier (UID), and it
yuuji@0	437 SHOULD be used as the <set> argument to the IMAP4 "UID FETCH"
yuuji@0	438 command.
yuuji@0	439
yuuji@0	440 The <isection> field is optional. If not present, the URL refers to
yuuji@0	441 the entire Internet message as returned by the IMAP command "UID
yuuji@0	442 FETCH <uid> BODY.PEEK[]". If present, the URL refers to the object
yuuji@0	443 returned by a "UID FETCH <uid> BODY.PEEK[<section>]" command. The
yuuji@0	444 type of the object may be determined by using a "UID FETCH <uid>
yuuji@0	445 BODYSTRUCTURE" command and locating the appropriate part in the
yuuji@0	446
yuuji@0	447
yuuji@0	448
yuuji@0	449
yuuji@0	450 Melnikov & Newman Standards Track [Page 8]
yuuji@0	451
yuuji@0	452 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	453
yuuji@0	454
yuuji@0	455 resulting BODYSTRUCTURE. Note that unsafe characters in [isection]
yuuji@0	456 MUST be percent-encoded as described in [URI-GEN].
yuuji@0	457
yuuji@0	458 The <ipartial> field is optional. If present, it effectively appends
yuuji@0	459 "<<partial-range>>" to the end of the UID FETCH BODY.PEEK[<section>]
yuuji@0	460 command constructed as described in the previous paragraph. In other
yuuji@0	461 words, it allows the client to request a byte range of the
yuuji@0	462 message/message part.
yuuji@0	463
yuuji@0	464 The <iurlauth> field is described in detail in Section 6.1.
yuuji@0	465
yuuji@0	466 6.1. URLAUTH Authorized URL
yuuji@0	467
yuuji@0	468 URLAUTH authorized URLs are only supported by an IMAP server
yuuji@0	469 advertising the URLAUTH IMAP capability [URLAUTH].
yuuji@0	470
yuuji@0	471 6.1.1. Concepts
yuuji@0	472
yuuji@0	473 6.1.1.1. URLAUTH
yuuji@0	474
yuuji@0	475 URLAUTH is a component, appended at the end of a URL, that conveys
yuuji@0	476 authorization to access the data addressed by that URL. It contains
yuuji@0	477 an authorized access identifier, an authorization mechanism name, and
yuuji@0	478 an authorization token. The authorization token is generated from
yuuji@0	479 the URL, the authorized access identifier, authorization mechanism
yuuji@0	480 name, and a mailbox access key.
yuuji@0	481
yuuji@0	482 Note: This specification only allows for the URLAUTH component in
yuuji@0	483 IMAP URLs describing a message or its part.
yuuji@0	484
yuuji@0	485 6.1.1.2. Mailbox Access Key
yuuji@0	486
yuuji@0	487 The mailbox access key is an unpredictable, random string. To ensure
yuuji@0	488 unpredictability, the random string with at least 128 bits of entropy
yuuji@0	489 is generated by software or hardware (not by the human user).
yuuji@0	490
yuuji@0	491 Each user has a table of mailboxes and an associated mailbox access
yuuji@0	492 key for each mailbox. Consequently, the mailbox access key is per-
yuuji@0	493 user and per-mailbox. In other words, two users sharing the same
yuuji@0	494 mailbox each have a different mailbox access key for that mailbox,
yuuji@0	495 and each mailbox accessed by a single user also has a different
yuuji@0	496 mailbox access key.
yuuji@0	497
yuuji@0	498 6.1.1.3. Authorized Access Identifier
yuuji@0	499
yuuji@0	500 The authorized <access> identifier restricts use of the URLAUTH
yuuji@0	501 authorized URL to certain users authorized on the server, as
yuuji@0	502 described in Section 6.1.2.
yuuji@0	503
yuuji@0	504
yuuji@0	505
yuuji@0	506 Melnikov & Newman Standards Track [Page 9]
yuuji@0	507
yuuji@0	508 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	509
yuuji@0	510
yuuji@0	511 6.1.1.4. Authorization Mechanism
yuuji@0	512
yuuji@0	513 The authorization mechanism is the algorithm by which the URLAUTH is
yuuji@0	514 generated and subsequently verified, using the mailbox access key.
yuuji@0	515
yuuji@0	516 6.1.1.5. Authorization Token
yuuji@0	517
yuuji@0	518 The authorization token is a deterministic string of at least 128
yuuji@0	519 bits that an entity with knowledge of the secret mailbox access key
yuuji@0	520 and URL authorization mechanism can use to verify the URL.
yuuji@0	521
yuuji@0	522 6.1.2. URLAUTH Extensions to IMAP URL
yuuji@0	523
yuuji@0	524 A specific message or message part IMAP URL can optionally contain
yuuji@0	525 ";EXPIRE=<datetime>" and/or ";URLAUTH=<access>:<mech>:<token>".
yuuji@0	526
yuuji@0	527 When ";EXPIRE=<datetime>" is used, this indicates the latest date and
yuuji@0	528 time that the URL is valid. After that date and time, the URL has
yuuji@0	529 expired and server implementations MUST reject the URL. If
yuuji@0	530 ";EXPIRE=<datetime>" is not used, the URL has no expiration, but can
yuuji@0	531 still be revoked using the RESETKEY command [URLAUTH].
yuuji@0	532
yuuji@0	533 The URLAUTH takes the form ";URLAUTH=<access>:<mech>:<token>", and it
yuuji@0	534 MUST be at the end of the URL. It is composed of three parts. The
yuuji@0	535 <access> portion provides the authorized access identifiers that may
yuuji@0	536 constrain the operations and users that are permitted to use this
yuuji@0	537 URL. The <mech> portion provides the authorization mechanism used by
yuuji@0	538 the IMAP server to generate the authorization token that follows.
yuuji@0	539 The <token> portion provides the authorization token, which can be
yuuji@0	540 generated using the GENURLAUTH command [URLAUTH].
yuuji@0	541
yuuji@0	542 The "submit+" <access> identifier prefix, followed by a userid,
yuuji@0	543 indicates that only a userid authorized as a message submission
yuuji@0	544 entity on behalf of the specified userid is permitted to use this
yuuji@0	545 URL. The IMAP server does not validate the specified userid but does
yuuji@0	546 validate that the IMAP session has an authorization identity that is
yuuji@0	547 authorized as a message submission entity. The authorized message
yuuji@0	548 submission entity MUST validate the userid prior to contacting the
yuuji@0	549 IMAP server.
yuuji@0	550
yuuji@0	551 The "user+" <access> identifier prefix, followed by a userid,
yuuji@0	552 indicates that use of this URL is limited to IMAP sessions that are
yuuji@0	553 logged in as the specified userid (that is, have authorization
yuuji@0	554 identity as that userid).
yuuji@0	555
yuuji@0	556 Note: If a SASL mechanism that provides both authorization and
yuuji@0	557 authentication identifiers is used to authenticate to the IMAP
yuuji@0	558 server, the "user+" <access> identifier MUST match the
yuuji@0	559
yuuji@0	560
yuuji@0	561
yuuji@0	562 Melnikov & Newman Standards Track [Page 10]
yuuji@0	563
yuuji@0	564 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	565
yuuji@0	566
yuuji@0	567 authorization identifier. If the SASL mechanism can't transport
yuuji@0	568 the authorization identifier, the "user+" <access> identifier MUST
yuuji@0	569 match the authorization identifier derived from the authentication
yuuji@0	570 identifier (see [SASL]).
yuuji@0	571
yuuji@0	572 The "authuser" <access> identifier indicates that use of this URL is
yuuji@0	573 limited to authenticated IMAP sessions that are logged in as any
yuuji@0	574 non-anonymous user (that is, have authorization identity as a non-
yuuji@0	575 anonymous user) of that IMAP server. To restate this: use of this
yuuji@0	576 type of URL is prohibited to anonymous IMAP sessions, i.e., any
yuuji@0	577 URLFETCH command containing this type of URL issued in an anonymous
yuuji@0	578 session MUST return NIL in the URLFETCH response.
yuuji@0	579
yuuji@0	580 The "anonymous" <access> identifier indicates that use of this URL is
yuuji@0	581 not restricted by session authorization identity; that is, any IMAP
yuuji@0	582 session in authenticated or selected state (as defined in [IMAP4]),
yuuji@0	583 including anonymous sessions, may issue a URLFETCH [URLAUTH] using
yuuji@0	584 this URL.
yuuji@0	585
yuuji@0	586 The authorization token is represented as an ASCII-encoded
yuuji@0	587 hexadecimal string, which is used to authorize the URL. The length
yuuji@0	588 and the calculation of the authorization token depend upon the
yuuji@0	589 mechanism used, but in all cases, the authorization token is at least
yuuji@0	590 128 bits (and therefore at least 32 hexadecimal digits).
yuuji@0	591
yuuji@0	592 Example:
yuuji@0	593
yuuji@0	594 <imap://joe@example.com/INBOX/;uid=20/;section=1.2;urlauth=
yuuji@0	595 submit+fred:internal:91354a473744909de610943775f92038>
yuuji@0	596
yuuji@0	597 7. Relative IMAP URLs
yuuji@0	598
yuuji@0	599 Relative IMAP URLs are permitted and are resolved according to the
yuuji@0	600 rules defined in [URI-GEN]. In particular, in IMAP URLs parameters
yuuji@0	601 (such as ";uid=" or ";section=") are treated as part of the normal
yuuji@0	602 path with respect to relative URL resolution.
yuuji@0	603
yuuji@0	604 [URI-GEN] defines four forms of relative URLs: <inetwork-path>,
yuuji@0	605 <iabsolute-path>, <irelative-path>, and <ipath-empty>. Their syntax
yuuji@0	606 is defined in Section 11.
yuuji@0	607
yuuji@0	608 A relative reference that begins with two slash characters is termed
yuuji@0	609 a network-path reference (<inetwork-path>); such references are
yuuji@0	610 rarely used, because in most cases they can be replaced with an
yuuji@0	611 equivalent absolute URL. A relative reference that begins with a
yuuji@0	612 single slash character is termed an absolute-path reference
yuuji@0	613 (<iabsolute-path>; see also Section 7.1). A relative reference that
yuuji@0	614 does not begin with a slash character is termed a relative-path
yuuji@0	615
yuuji@0	616
yuuji@0	617
yuuji@0	618 Melnikov & Newman Standards Track [Page 11]
yuuji@0	619
yuuji@0	620 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	621
yuuji@0	622
yuuji@0	623 reference (<irelative-path>; see also Section 7.2). The final form
yuuji@0	624 is <ipath-empty>, which is "same-document reference" (see Section 4.4
yuuji@0	625 of [URI-GEN]).
yuuji@0	626
yuuji@0	627 The following observations about relative URLs are important:
yuuji@0	628
yuuji@0	629 The <iauth> grammar element (which is a part of <iuserinfo>, which
yuuji@0	630 is, in turn, a part of <iserver>; see Section 3) is considered part
yuuji@0	631 of the user name for purposes of resolving relative IMAP URLs. This
yuuji@0	632 means that unless a new user name/server specification is included in
yuuji@0	633 the relative URL, the authentication mechanism is inherited from the
yuuji@0	634 base IMAP URL.
yuuji@0	635
yuuji@0	636 URLs always use "/" as the hierarchy delimiter for the purpose of
yuuji@0	637 resolving paths in relative URLs. IMAP4 permits the use of any
yuuji@0	638 hierarchy delimiter in mailbox names. For this reason, relative
yuuji@0	639 mailbox paths will only work if the mailbox uses "/" as the hierarchy
yuuji@0	640 delimiter. Relative URLs may be used on mailboxes that use other
yuuji@0	641 delimiters, but in that case, the entire mailbox name MUST be
yuuji@0	642 specified in the relative URL or inherited as a whole from the base
yuuji@0	643 URL.
yuuji@0	644
yuuji@0	645 If an IMAP server allows for mailbox names starting with "./" or
yuuji@0	646 "../", ending with "/." or "/..", or containing sequences "/../" or
yuuji@0	647 "/./", then such mailbox names MUST be percent-encoded as described
yuuji@0	648 in [URI-GEN]. Otherwise, they would be misinterpreted as dot-
yuuji@0	649 segments (see Section 3.3 of [URI-GEN]), which are processed
yuuji@0	650 specially during the relative path resolution process.
yuuji@0	651
yuuji@0	652 7.1. absolute-path References
yuuji@0	653
yuuji@0	654 A relative reference that begins with a single slash character is
yuuji@0	655 termed an absolute-path reference (see Section 4.2 of [URI-GEN]). If
yuuji@0	656 an IMAP server permits mailbox names with a leading "/", then the
yuuji@0	657 leading "/" MUST be percent-encoded as described in [URI-GEN].
yuuji@0	658 Otherwise, the produced absolute-path reference URI will be
yuuji@0	659 misinterpreted as a network-path reference [URI-GEN] described by the
yuuji@0	660 <inetwork-path> non-terminal.
yuuji@0	661
yuuji@0	662 7.2. relative-path References
yuuji@0	663
yuuji@0	664 A relative reference that does not begin with a slash character is
yuuji@0	665 termed a relative-path reference [URI-GEN]. Implementations MUST NOT
yuuji@0	666 generate or accept relative-path IMAP references.
yuuji@0	667
yuuji@0	668 See also Section 4.2 of [URI-GEN] for restrictions on relative-path
yuuji@0	669 references.
yuuji@0	670
yuuji@0	671
yuuji@0	672
yuuji@0	673
yuuji@0	674 Melnikov & Newman Standards Track [Page 12]
yuuji@0	675
yuuji@0	676 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	677
yuuji@0	678
yuuji@0	679 8. Internationalization Considerations
yuuji@0	680
yuuji@0	681 IMAP4, Section 5.1.3 [IMAP4] includes a convention for encoding non-
yuuji@0	682 US-ASCII characters in IMAP mailbox names. Because this convention
yuuji@0	683 is private to IMAP, it is necessary to convert IMAP's encoding to one
yuuji@0	684 that can be more easily interpreted by a URL display program. For
yuuji@0	685 this reason, IMAP's modified UTF-7 encoding for mailboxes MUST be
yuuji@0	686 converted to UTF-8 [UTF-8]. Since 8-bit octets are not permitted in
yuuji@0	687 URLs, the UTF-8 octets are percent-encoded as required by the URL
yuuji@0	688 specification [URI-GEN], Section 2.1. Sample code is included in
yuuji@0	689 Appendix A to demonstrate this conversion.
yuuji@0	690
yuuji@0	691 IMAP user names are UTF-8 strings and MUST be percent-encoded as
yuuji@0	692 required by the URL specification [URI-GEN], Section 2.1.
yuuji@0	693
yuuji@0	694 Also note that IMAP SEARCH criteria can contain non-US-ASCII
yuuji@0	695 characters. 8-bit octets in those strings MUST be percent-encoded as
yuuji@0	696 required by the URL specification [URI-GEN], Section 2.1.
yuuji@0	697
yuuji@0	698 9. Examples
yuuji@0	699
yuuji@0	700 The following examples demonstrate how an IMAP4 client program might
yuuji@0	701 translate various IMAP4 URLs into a series of IMAP4 commands.
yuuji@0	702 Commands sent from the client to the server are prefixed with "C:",
yuuji@0	703 and responses sent from the server to the client are prefixed with
yuuji@0	704 "S:".
yuuji@0	705
yuuji@0	706 The URL:
yuuji@0	707
yuuji@0	708 <imap://minbari.example.org/gray-council;UIDVALIDITY=385759045/;
yuuji@0	709 UID=20/;PARTIAL=0.1024>
yuuji@0	710
yuuji@0	711 may result in the following client commands and server responses:
yuuji@0	712
yuuji@0	713 <connect to minbari.example.org, port 143>
yuuji@0	714 S: * OK [CAPABILITY IMAP4rev1 STARTTLS AUTH=ANONYMOUS] Welcome
yuuji@0	715 C: A001 AUTHENTICATE ANONYMOUS
yuuji@0	716 S: +
yuuji@0	717 C: c2hlcmlkYW5AYmFieWxvbjUuZXhhbXBsZS5vcmc=
yuuji@0	718 S: A001 OK Welcome sheridan@babylon5.example.org
yuuji@0	719 C: A002 SELECT gray-council
yuuji@0	720 <client verifies the UIDVALIDITY matches>
yuuji@0	721 C: A003 UID FETCH 20 BODY.PEEK[]<0.1024>
yuuji@0	722
yuuji@0	723 The URL:
yuuji@0	724
yuuji@0	725 <imap://psicorp.example.org/~peter/%E6%97%A5%E6%9C%AC%E8%AA%9E/
yuuji@0	726 %E5%8F%B0%E5%8C%97>
yuuji@0	727
yuuji@0	728
yuuji@0	729
yuuji@0	730 Melnikov & Newman Standards Track [Page 13]
yuuji@0	731
yuuji@0	732 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	733
yuuji@0	734
yuuji@0	735 may result in the following client commands:
yuuji@0	736
yuuji@0	737 <connect to psicorp.example.org, port 143>
yuuji@0	738 S: * OK [CAPABILITY IMAP4rev1 STARTTLS AUTH=CRAM-MD5] Welcome
yuuji@0	739 C: A001 LOGIN ANONYMOUS bester@psycop.psicorp.example.org
yuuji@0	740 C: A002 SELECT ~peter/&ZeVnLIqe-/&U,BTFw-
yuuji@0	741 <commands the client uses for viewing the contents of
yuuji@0	742 the mailbox>
yuuji@0	743
yuuji@0	744 The URL:
yuuji@0	745
yuuji@0	746 <imap://;AUTH=GSSAPI@minbari.example.org/gray-council/;uid=20/
yuuji@0	747 ;section=1.2>
yuuji@0	748
yuuji@0	749 may result in the following client commands:
yuuji@0	750
yuuji@0	751 <connect to minbari.example.org, port 143>
yuuji@0	752 S: * OK Greetings
yuuji@0	753 C: A000 CAPABILITY
yuuji@0	754 S: * CAPABILITY IMAP4rev1 STARTTLS AUTH=GSSAPI
yuuji@0	755 S: A000 OK
yuuji@0	756 C: A001 AUTHENTICATE GSSAPI
yuuji@0	757 <authentication exchange>
yuuji@0	758 C: A002 SELECT gray-council
yuuji@0	759 C: A003 UID FETCH 20 BODY.PEEK[1.2]
yuuji@0	760
yuuji@0	761 If the following relative URL is located in that body part:
yuuji@0	762
yuuji@0	763 <;section=1.4>
yuuji@0	764
yuuji@0	765 this could result in the following client commands:
yuuji@0	766
yuuji@0	767 C: A004 UID FETCH 20 (BODY.PEEK[1.2.MIME]
yuuji@0	768 BODY.PEEK[1.MIME]
yuuji@0	769 BODY.PEEK[HEADER.FIELDS (Content-Location)])
yuuji@0	770 <Client looks for Content-Location headers in
yuuji@0	771 result. If no such headers, then it does the following>
yuuji@0	772 C: A005 UID FETCH 20 BODY.PEEK[1.4]
yuuji@0	773
yuuji@0	774 The URL:
yuuji@0	775
yuuji@0	776 <imap://;AUTH=*@minbari.example.org/gray%20council?
yuuji@0	777 SUBJECT%20shadows>
yuuji@0	778
yuuji@0	779
yuuji@0	780
yuuji@0	781
yuuji@0	782
yuuji@0	783
yuuji@0	784
yuuji@0	785
yuuji@0	786 Melnikov & Newman Standards Track [Page 14]
yuuji@0	787
yuuji@0	788 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	789
yuuji@0	790
yuuji@0	791 could result in the following:
yuuji@0	792
yuuji@0	793 <connect to minbari.example.org, port 143>
yuuji@0	794 S: * OK Welcome
yuuji@0	795 C: A001 CAPABILITY
yuuji@0	796 S: * CAPABILITY IMAP4rev1 AUTH=DIGEST-MD5
yuuji@0	797 S: A001 OK
yuuji@0	798 C: A002 AUTHENTICATE DIGEST-MD5
yuuji@0	799 <authentication exchange>
yuuji@0	800 S: A002 OK user lennier authenticated
yuuji@0	801 C: A003 SELECT "gray council"
yuuji@0	802 ...
yuuji@0	803 C: A004 SEARCH SUBJECT shadows
yuuji@0	804 S: * SEARCH 8 10 13 14 15 16
yuuji@0	805 S: A004 OK SEARCH completed
yuuji@0	806 C: A005 FETCH 8,10,13:16 ALL
yuuji@0	807 ...
yuuji@0	808
yuuji@0	809 In the example above, the client has implementation-dependent
yuuji@0	810 choices. The authentication mechanism could be anything, including
yuuji@0	811 PREAUTH. The final FETCH command could fetch more or less
yuuji@0	812 information about the messages, depending on what it wishes to
yuuji@0	813 display to the user.
yuuji@0	814
yuuji@0	815 The URL:
yuuji@0	816
yuuji@0	817 <imap://john;AUTH=*@minbari.example.org/babylon5/personel?
yuuji@0	818 charset%20UTF-8%20SUBJECT%20%7B14+%7D%0D%0A%D0%98%D0%B2%
yuuji@0	819 D0%B0%D0%BD%D0%BE%D0%B2%D0%B0>
yuuji@0	820
yuuji@0	821 shows that 8-bit data can be sent using non-synchronizing literals
yuuji@0	822 [LITERAL+]. This could result in the following:
yuuji@0	823
yuuji@0	824 <connect to minbari.example.org, port 143>
yuuji@0	825 S: * OK Hi there
yuuji@0	826 C: A001 CAPABILITY
yuuji@0	827 S: * CAPABILITY IMAP4rev1 LITERAL+ AUTH=DIGEST-MD5
yuuji@0	828 S: A001 OK
yuuji@0	829 C: A002 AUTHENTICATE DIGEST-MD5
yuuji@0	830 <authentication exchange>
yuuji@0	831 S: A002 OK user john authenticated
yuuji@0	832 C: A003 SELECT babylon5/personel
yuuji@0	833 ...
yuuji@0	834 C: A004 SEARCH CHARSET UTF-8 SUBJECT {14+}
yuuji@0	835 C: XXXXXXXXXXXXXX
yuuji@0	836 S: * SEARCH 7 10 12
yuuji@0	837 S: A004 OK SEARCH completed
yuuji@0	838 C: A005 FETCH 7,10,12 ALL
yuuji@0	839
yuuji@0	840
yuuji@0	841
yuuji@0	842 Melnikov & Newman Standards Track [Page 15]
yuuji@0	843
yuuji@0	844 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	845
yuuji@0	846
yuuji@0	847 ...
yuuji@0	848
yuuji@0	849 where XXXXXXXXXXXXXX is 14 bytes of UTF-8 encoded data as specified
yuuji@0	850 in the URL above.
yuuji@0	851
yuuji@0	852 9.1. Examples of Relative URLs
yuuji@0	853
yuuji@0	854 The following absolute-path reference
yuuji@0	855
yuuji@0	856 </foo/;UID=20/..>
yuuji@0	857
yuuji@0	858 is the same as
yuuji@0	859
yuuji@0	860 </foo>
yuuji@0	861
yuuji@0	862 That is, both of them reference the mailbox "foo" located on the IMAP
yuuji@0	863 server described by the corresponding Base URI.
yuuji@0	864
yuuji@0	865 The following relative-path reference
yuuji@0	866
yuuji@0	867 <;UID=20>
yuuji@0	868
yuuji@0	869 references a message with UID in the mailbox specified by the Base
yuuji@0	870 URI.
yuuji@0	871
yuuji@0	872 The following edge case example demonstrates that the ;UIDVALIDITY=
yuuji@0	873 modifier is a part of the mailbox name as far as relative URI
yuuji@0	874 resolution is concerned:
yuuji@0	875
yuuji@0	876 <..;UIDVALIDITY=385759045/;UID=20>
yuuji@0	877
yuuji@0	878 In this example, ".." is not a dot-segment [URI-GEN].
yuuji@0	879
yuuji@0	880 10. Security Considerations
yuuji@0	881
yuuji@0	882 Security considerations discussed in the IMAP specification [IMAP4]
yuuji@0	883 and the URI specification [URI-GEN] are relevant. Security
yuuji@0	884 considerations related to authenticated URLs are discussed in Section
yuuji@0	885 3.2 of this document.
yuuji@0	886
yuuji@0	887 Many email clients store the plaintext password for later use after
yuuji@0	888 logging into an IMAP server. Such clients MUST NOT use a stored
yuuji@0	889 password in response to an IMAP URL without explicit permission from
yuuji@0	890 the user to supply that password to the specified host name.
yuuji@0	891
yuuji@0	892 Clients resolving IMAP URLs that wish to achieve data confidentiality
yuuji@0	893 and/or integrity SHOULD use the STARTTLS command (if supported by the
yuuji@0	894
yuuji@0	895
yuuji@0	896
yuuji@0	897
yuuji@0	898 Melnikov & Newman Standards Track [Page 16]
yuuji@0	899
yuuji@0	900 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	901
yuuji@0	902
yuuji@0	903 server) before starting authentication, or use a SASL mechanism, such
yuuji@0	904 as GSSAPI, that provides a confidentiality security layer.
yuuji@0	905
yuuji@0	906 10.1. Security Consideration Specific to URLAUTH Authorized URL
yuuji@0	907
yuuji@0	908 The "user+<userid>" <access> identifier limits resolution of that URL
yuuji@0	909 to a particular userid, whereas the "submit+<userid>" <access>
yuuji@0	910 identifier is more general and simply requires that the session be
yuuji@0	911 authorized by a user that has been granted a "submit" role within the
yuuji@0	912 authentication system. Use of either of these mechanisms limits the
yuuji@0	913 scope of the URL. An attacker who cannot authenticate using the
yuuji@0	914 appropriate credentials cannot make use of the URL.
yuuji@0	915
yuuji@0	916 The "authuser" and "anonymous" <access> identifiers do not have this
yuuji@0	917 level of protection. These access identifiers are primarily useful
yuuji@0	918 for public export of data from an IMAP server, without requiring that
yuuji@0	919 it be copied to a web or anonymous FTP server.
yuuji@0	920
yuuji@0	921 The decision to use the "authuser" <access> identifier should be made
yuuji@0	922 with caution. An "authuser" <access> identifier can be used by any
yuuji@0	923 authorized user of the IMAP server; therefore, use of this access
yuuji@0	924 identifier should be limited to content that may be disclosed to any
yuuji@0	925 authorized user of the IMAP server.
yuuji@0	926
yuuji@0	927 The decision to use the "anonymous" <access> identifier should be
yuuji@0	928 made with extreme caution. An "anonymous" <access> identifier can be
yuuji@0	929 used by anyone; therefore, use of this access identifier should be
yuuji@0	930 limited to content that may be disclosed to anyone.
yuuji@0	931
yuuji@0	932 11. ABNF for IMAP URL Scheme
yuuji@0	933
yuuji@0	934 Formal syntax is defined using ABNF [ABNF], extending the ABNF rules
yuuji@0	935 in Section 9 of [IMAP4]. Elements not defined here can be found in
yuuji@0	936 [ABNF], [IMAP4], [IMAPABNF], or [URI-GEN]. Strings are not case
yuuji@0	937 sensitive, and free insertion of linear white space is not permitted.
yuuji@0	938
yuuji@0	939 sub-delims-sh = "!" / "$" / "'" / "(" / ")" /
yuuji@0	940 "*" / "+" / ","
yuuji@0	941 ;; Same as [URI-GEN] sub-delims,
yuuji@0	942 ;; but without ";", "&" and "=".
yuuji@0	943
yuuji@0	944 uchar = unreserved / sub-delims-sh / pct-encoded
yuuji@0	945
yuuji@0	946 achar = uchar / "&" / "="
yuuji@0	947 ;; Same as [URI-GEN] 'unreserved / sub-delims /
yuuji@0	948 ;; pct-encoded', but ";" is disallowed.
yuuji@0	949
yuuji@0	950 bchar = achar / ":" / "@" / "/"
yuuji@0	951
yuuji@0	952
yuuji@0	953
yuuji@0	954 Melnikov & Newman Standards Track [Page 17]
yuuji@0	955
yuuji@0	956 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	957
yuuji@0	958
yuuji@0	959 enc-auth-type = 1*achar
yuuji@0	960 ; %-encoded version of [IMAP4] "auth-type"
yuuji@0	961
yuuji@0	962 enc-mailbox = 1*bchar
yuuji@0	963 ; %-encoded version of [IMAP4] "mailbox"
yuuji@0	964
yuuji@0	965 enc-search = 1*bchar
yuuji@0	966 ; %-encoded version of [IMAPABNF]
yuuji@0	967 ; "search-program". Note that IMAP4
yuuji@0	968 ; literals may not be used in
yuuji@0	969 ; a "search-program", i.e., only
yuuji@0	970 ; quoted or non-synchronizing
yuuji@0	971 ; literals (if the server supports
yuuji@0	972 ; LITERAL+ [LITERAL+]) are allowed.
yuuji@0	973
yuuji@0	974 enc-section = 1*bchar
yuuji@0	975 ; %-encoded version of [IMAP4] "section-spec"
yuuji@0	976
yuuji@0	977 enc-user = 1*achar
yuuji@0	978 ; %-encoded version of [IMAP4] authorization
yuuji@0	979 ; identity or "userid".
yuuji@0	980
yuuji@0	981 imapurl = "imap://" iserver ipath-query
yuuji@0	982 ; Defines an absolute IMAP URL
yuuji@0	983
yuuji@0	984 ipath-query = ["/" [ icommand ]]
yuuji@0	985 ; Corresponds to "path-abempty [ "?" query ]"
yuuji@0	986 ; in [URI-GEN]
yuuji@0	987
yuuji@0	988 Generic syntax for relative URLs is defined in Section 4.2 of
yuuji@0	989 [URI-GEN]. For ease of implementation, the relative IMAP URL syntax
yuuji@0	990 is defined below:
yuuji@0	991
yuuji@0	992 imapurl-rel = inetwork-path
yuuji@0	993
yuuji@0	994 / iabsolute-path
yuuji@0	995 / irelative-path
yuuji@0	996 / ipath-empty
yuuji@0	997
yuuji@0	998 inetwork-path = "//" iserver ipath-query
yuuji@0	999 ; Corresponds to '"//" authority path-abempty
yuuji@0	1000 ; [ "?" query ]' in [URI-GEN]
yuuji@0	1001
yuuji@0	1002 iabsolute-path = "/" [ icommand ]
yuuji@0	1003 ; icommand, if present, MUST NOT start with '/'.
yuuji@0	1004 ;
yuuji@0	1005 ; Corresponds to 'path-absolute [ "?" query ]'
yuuji@0	1006 ; in [URI-GEN]
yuuji@0	1007
yuuji@0	1008
yuuji@0	1009
yuuji@0	1010 Melnikov & Newman Standards Track [Page 18]
yuuji@0	1011
yuuji@0	1012 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1013
yuuji@0	1014
yuuji@0	1015 irelative-path = imessagelist /
yuuji@0	1016 imsg-or-part
yuuji@0	1017 ; Corresponds to 'path-noscheme [ "?" query ]'
yuuji@0	1018 ; in [URI-GEN]
yuuji@0	1019
yuuji@0	1020 imsg-or-part = ( imailbox-ref "/" iuid-only ["/" isection-only]
yuuji@0	1021 ["/" ipartial-only] ) /
yuuji@0	1022 ( iuid-only ["/" isection-only]
yuuji@0	1023 ["/" ipartial-only] ) /
yuuji@0	1024 ( isection-only ["/" ipartial-only] ) /
yuuji@0	1025 ipartial-only
yuuji@0	1026
yuuji@0	1027 ipath-empty = 0<pchar>
yuuji@0	1028 ; Zero characters.
yuuji@0	1029 ; The same-document reference.
yuuji@0	1030
yuuji@0	1031 The following three rules are only used in the presence of the IMAP
yuuji@0	1032 [URLAUTH] extension:
yuuji@0	1033
yuuji@0	1034 authimapurl = "imap://" iserver "/" imessagepart
yuuji@0	1035 ; Same as "imapurl" when "[icommand]" is
yuuji@0	1036 ; "imessagepart"
yuuji@0	1037
yuuji@0	1038 authimapurlfull = authimapurl iurlauth
yuuji@0	1039 ; Same as "imapurl" when "[icommand]" is
yuuji@0	1040 ; "imessagepart iurlauth"
yuuji@0	1041
yuuji@0	1042 authimapurlrump = authimapurl iurlauth-rump
yuuji@0	1043
yuuji@0	1044
yuuji@0	1045 enc-urlauth = 32*HEXDIG
yuuji@0	1046
yuuji@0	1047 iurlauth = iurlauth-rump iua-verifier
yuuji@0	1048
yuuji@0	1049 iua-verifier = ":" uauth-mechanism ":" enc-urlauth
yuuji@0	1050
yuuji@0	1051 iurlauth-rump = [expire] ";URLAUTH=" access
yuuji@0	1052
yuuji@0	1053 access = ("submit+" enc-user) / ("user+" enc-user) /
yuuji@0	1054 "authuser" / "anonymous"
yuuji@0	1055
yuuji@0	1056 expire = ";EXPIRE=" date-time
yuuji@0	1057 ; date-time is defined in [DATETIME]
yuuji@0	1058
yuuji@0	1059 uauth-mechanism = "INTERNAL" / 1*(ALPHA / DIGIT / "-" / ".")
yuuji@0	1060 ; Case-insensitive.
yuuji@0	1061 ; New mechanisms MUST be registered with IANA.
yuuji@0	1062
yuuji@0	1063
yuuji@0	1064
yuuji@0	1065
yuuji@0	1066 Melnikov & Newman Standards Track [Page 19]
yuuji@0	1067
yuuji@0	1068 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1069
yuuji@0	1070
yuuji@0	1071 iauth = ";AUTH=" ( "*" / enc-auth-type )
yuuji@0	1072
yuuji@0	1073 icommand = imessagelist /
yuuji@0	1074 imessagepart [iurlauth]
yuuji@0	1075
yuuji@0	1076 imailbox-ref = enc-mailbox [uidvalidity]
yuuji@0	1077
yuuji@0	1078 imessagelist = imailbox-ref [ "?" enc-search ]
yuuji@0	1079 ; "enc-search" is [URI-GEN] "query".
yuuji@0	1080
yuuji@0	1081 imessagepart = imailbox-ref iuid [isection] [ipartial]
yuuji@0	1082
yuuji@0	1083 ipartial = "/" ipartial-only
yuuji@0	1084
yuuji@0	1085 ipartial-only = ";PARTIAL=" partial-range
yuuji@0	1086
yuuji@0	1087 isection = "/" isection-only
yuuji@0	1088
yuuji@0	1089 isection-only = ";SECTION=" enc-section
yuuji@0	1090
yuuji@0	1091 iserver = [iuserinfo "@"] host [ ":" port ]
yuuji@0	1092 ; This is the same as "authority" defined
yuuji@0	1093 ; in [URI-GEN]. See [URI-GEN] for "host"
yuuji@0	1094 ; and "port" definitions.
yuuji@0	1095
yuuji@0	1096 iuid = "/" iuid-only
yuuji@0	1097
yuuji@0	1098 iuid-only = ";UID=" nz-number
yuuji@0	1099 ; See [IMAP4] for "nz-number" definition
yuuji@0	1100
yuuji@0	1101 iuserinfo = enc-user [iauth] / [enc-user] iauth
yuuji@0	1102 ; conforms to the generic syntax of
yuuji@0	1103 ; "userinfo" as defined in [URI-GEN].
yuuji@0	1104
yuuji@0	1105 partial-range = number ["." nz-number]
yuuji@0	1106 ; partial FETCH. The first number is
yuuji@0	1107 ; the offset of the first byte,
yuuji@0	1108 ; the second number is the length of
yuuji@0	1109 ; the fragment.
yuuji@0	1110
yuuji@0	1111 uidvalidity = ";UIDVALIDITY=" nz-number
yuuji@0	1112 ; See [IMAP4] for "nz-number" definition
yuuji@0	1113
yuuji@0	1114
yuuji@0	1115
yuuji@0	1116
yuuji@0	1117
yuuji@0	1118
yuuji@0	1119
yuuji@0	1120
yuuji@0	1121
yuuji@0	1122 Melnikov & Newman Standards Track [Page 20]
yuuji@0	1123
yuuji@0	1124 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1125
yuuji@0	1126
yuuji@0	1127 12. IANA Considerations
yuuji@0	1128
yuuji@0	1129 IANA has updated the "imap" definition in the "Uniform Resource
yuuji@0	1130 Identifier scheme registry" to point to this document.
yuuji@0	1131
yuuji@0	1132 The registration template (as per [URI-REG]) is specified in Section
yuuji@0	1133 12.1 of this document.
yuuji@0	1134
yuuji@0	1135 12.1. IANA Registration of imap: URI Scheme
yuuji@0	1136
yuuji@0	1137 This section provides the information required to register the imap:
yuuji@0	1138 URI scheme.
yuuji@0	1139
yuuji@0	1140 URI scheme name: imap
yuuji@0	1141
yuuji@0	1142 Status: permanent
yuuji@0	1143
yuuji@0	1144 URI scheme syntax:
yuuji@0	1145
yuuji@0	1146 See Section 11 of [RFC5092].
yuuji@0	1147
yuuji@0	1148 URI scheme semantics:
yuuji@0	1149
yuuji@0	1150 The imap: URI scheme is used to designate IMAP servers, mailboxes,
yuuji@0	1151 messages, MIME bodies [MIME] and their parts, and search programs
yuuji@0	1152 on Internet hosts accessible using the IMAP protocol.
yuuji@0	1153
yuuji@0	1154 There is no MIME type associated with this URI.
yuuji@0	1155
yuuji@0	1156 Encoding considerations:
yuuji@0	1157
yuuji@0	1158 See Section 8 of [RFC5092].
yuuji@0	1159
yuuji@0	1160 Applications/protocols that use this URI scheme name:
yuuji@0	1161
yuuji@0	1162 The imap: URI is intended to be used by applications that might
yuuji@0	1163 need access to an IMAP mailstore. Such applications may include
yuuji@0	1164 (but are not limited to) IMAP-capable web browsers; IMAP clients
yuuji@0	1165 that wish to access a mailbox, message, or edit a message on the
yuuji@0	1166 server using [CATENATE]; [SUBMIT] clients and servers that are
yuuji@0	1167 requested to assemble a complete message on submission using
yuuji@0	1168 [BURL].
yuuji@0	1169
yuuji@0	1170 Interoperability considerations:
yuuji@0	1171
yuuji@0	1172 A widely deployed IMAP client Netscape Mail (and possibly
yuuji@0	1173 Mozilla/Thunderbird/Seamonkey) uses a different imap: scheme
yuuji@0	1174 internally.
yuuji@0	1175
yuuji@0	1176
yuuji@0	1177
yuuji@0	1178 Melnikov & Newman Standards Track [Page 21]
yuuji@0	1179
yuuji@0	1180 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1181
yuuji@0	1182
yuuji@0	1183 Security considerations:
yuuji@0	1184
yuuji@0	1185 See Security Considerations (Section 10) of [RFC5092].
yuuji@0	1186
yuuji@0	1187 Contact:
yuuji@0	1188
yuuji@0	1189 Alexey Melnikov <alexey.melnikov@isode.com>
yuuji@0	1190
yuuji@0	1191 Author/Change controller:
yuuji@0	1192
yuuji@0	1193 IESG
yuuji@0	1194
yuuji@0	1195 References:
yuuji@0	1196
yuuji@0	1197 [RFC5092] and [IMAP4].
yuuji@0	1198
yuuji@0	1199 13. References
yuuji@0	1200
yuuji@0	1201 13.1. Normative References
yuuji@0	1202
yuuji@0	1203 [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
yuuji@0	1204 Requirement Levels", BCP 14, RFC 2119, March 1997.
yuuji@0	1205
yuuji@0	1206 [IMAP4] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
yuuji@0	1207 4rev1", RFC 3501, March 2003.
yuuji@0	1208
yuuji@0	1209 [IMAPABNF] Melnikov, A. and C. Daboo, "Collected Extensions to
yuuji@0	1210 IMAP4 ABNF", RFC 4466, April 2006.
yuuji@0	1211
yuuji@0	1212 [ABNF] Crocker, D., Ed., and P. Overell, "Augmented BNF for
yuuji@0	1213 Syntax Specifications: ABNF", RFC 4234, October 2005.
yuuji@0	1214
yuuji@0	1215 [MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
yuuji@0	1216 Extensions (MIME) Part One: Format of Internet Message
yuuji@0	1217 Bodies", RFC 2045, November 1996.
yuuji@0	1218
yuuji@0	1219 [URI-GEN] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
yuuji@0	1220 Resource Identifier (URI): Generic Syntax", STD 66, RFC
yuuji@0	1221 3986, January 2005.
yuuji@0	1222
yuuji@0	1223 [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
yuuji@0	1224 10646", STD 63, RFC 3629, November 2003.
yuuji@0	1225
yuuji@0	1226 [NAMESPACE] Gahrns, M. and C. Newman, "IMAP4 Namespace", RFC 2342,
yuuji@0	1227 May 1998.
yuuji@0	1228
yuuji@0	1229 [LITERAL+] Myers, J., "IMAP4 non-synchronizing literals", RFC 2088,
yuuji@0	1230 January 1997.
yuuji@0	1231
yuuji@0	1232
yuuji@0	1233
yuuji@0	1234 Melnikov & Newman Standards Track [Page 22]
yuuji@0	1235
yuuji@0	1236 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1237
yuuji@0	1238
yuuji@0	1239 [ANONYMOUS] Zeilenga, K., "Anonymous Simple Authentication and
yuuji@0	1240 Security Layer (SASL) Mechanism", RFC 4505, June 2006.
yuuji@0	1241
yuuji@0	1242 [DATETIME] Klyne, G. and C. Newman, "Date and Time on the Internet:
yuuji@0	1243 Timestamps", RFC 3339, July 2002.
yuuji@0	1244
yuuji@0	1245 [URLAUTH] Crispin, M., "Internet Message Access Protocol (IMAP) -
yuuji@0	1246 URLAUTH Extension", RFC 4467, May 2006.
yuuji@0	1247
yuuji@0	1248 13.2. Informative References
yuuji@0	1249
yuuji@0	1250 [SUBMIT] Gellens, R. and J. Klensin, "Message Submission for
yuuji@0	1251 Mail", RFC 4409, April 2006.
yuuji@0	1252
yuuji@0	1253 [BURL] Newman, C., "Message Submission BURL Extension", RFC
yuuji@0	1254 4468, May 2006.
yuuji@0	1255
yuuji@0	1256 [CATENATE] Resnick, P., "Internet Message Access Protocol (IMAP)
yuuji@0	1257 CATENATE Extension", RFC 4469, April 2006.
yuuji@0	1258
yuuji@0	1259 [SASL] Melnikov, A., Ed., and K. Zeilenga, Ed., "Simple
yuuji@0	1260 Authentication and Security Layer (SASL)", RFC 4422,
yuuji@0	1261 June 2006.
yuuji@0	1262
yuuji@0	1263 [GSSAPI] Melnikov, A., Ed., "The Kerberos V5 ("GSSAPI") Simple
yuuji@0	1264 Authentication and Security Layer (SASL) Mechanism", RFC
yuuji@0	1265 4752, November 2006.
yuuji@0	1266
yuuji@0	1267 [DIGEST-MD5] Leach, P. and C. Newman, "Using Digest Authentication as
yuuji@0	1268 a SASL Mechanism", RFC 2831, May 2000.
yuuji@0	1269
yuuji@0	1270 [URI-REG] Hansen, T., Hardie, T., and L. Masinter, "Guidelines and
yuuji@0	1271 Registration Procedures for New URI Schemes", BCP 115,
yuuji@0	1272 RFC 4395, February 2006.
yuuji@0	1273
yuuji@0	1274
yuuji@0	1275
yuuji@0	1276
yuuji@0	1277
yuuji@0	1278
yuuji@0	1279
yuuji@0	1280
yuuji@0	1281
yuuji@0	1282
yuuji@0	1283
yuuji@0	1284
yuuji@0	1285
yuuji@0	1286
yuuji@0	1287
yuuji@0	1288
yuuji@0	1289
yuuji@0	1290 Melnikov & Newman Standards Track [Page 23]
yuuji@0	1291
yuuji@0	1292 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1293
yuuji@0	1294
yuuji@0	1295 Appendix A. Sample Code
yuuji@0	1296
yuuji@0	1297 Here is sample C source code to convert between URL paths and IMAP
yuuji@0	1298 mailbox names, taking into account mapping between IMAP's modified
yuuji@0	1299 UTF-7 [IMAP4] and hex-encoded UTF-8, which is more appropriate for
yuuji@0	1300 URLs. This code has not been rigorously tested nor does it
yuuji@0	1301 necessarily behave reasonably with invalid input, but it should serve
yuuji@0	1302 as a useful example. This code just converts the mailbox portion of
yuuji@0	1303 the URL and does not deal with parameters, query, or server
yuuji@0	1304 components of the URL.
yuuji@0	1305
yuuji@0	1306 /* Copyright (C) The IETF Trust (2007). This version of
yuuji@0	1307 sample C code is part of RFC XXXX; see the RFC itself
yuuji@0	1308 for full legal notices.
yuuji@0	1309
yuuji@0	1310 Regarding this sample C code (or any portion of it), the authors
yuuji@0	1311 make no guarantees and are not responsible for any damage
yuuji@0	1312 resulting from its use. The authors grant irrevocable permission
yuuji@0	1313 to anyone to use, modify, and distribute it in any way that does
yuuji@0	1314 not diminish the rights of anyone else to use, modify, and
yuuji@0	1315 distribute it, provided that redistributed derivative works do
yuuji@0	1316 not contain misleading author or version information.
yuuji@0	1317
yuuji@0	1318 Derivative works need not be licensed under similar terms.
yuuji@0	1319 */
yuuji@0	1320
yuuji@0	1321 #include <stdio.h>
yuuji@0	1322 #include <string.h>
yuuji@0	1323
yuuji@0	1324 /* hexadecimal lookup table */
yuuji@0	1325 static const char hex[] = "0123456789ABCDEF";
yuuji@0	1326
yuuji@0	1327 #define XX 127
yuuji@0	1328 /*
yuuji@0	1329 * Table for decoding hexadecimal in %encoding
yuuji@0	1330 */
yuuji@0	1331 static const char index_hex[256] = {
yuuji@0	1332 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1333 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1334 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1335 0, 1, 2, 3, 4, 5, 6, 7, 8, 9,XX,XX, XX,XX,XX,XX,
yuuji@0	1336 XX,10,11,12, 13,14,15,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1337 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1338 XX,10,11,12, 13,14,15,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1339 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1340 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1341 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1342 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1343
yuuji@0	1344
yuuji@0	1345
yuuji@0	1346 Melnikov & Newman Standards Track [Page 24]
yuuji@0	1347
yuuji@0	1348 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1349
yuuji@0	1350
yuuji@0	1351 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1352 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1353 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1354 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1355 XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX, XX,XX,XX,XX,
yuuji@0	1356 };
yuuji@0	1357 #define HEXCHAR(c) (index_hex[(unsigned char)(c)])
yuuji@0	1358
yuuji@0	1359 /* "gen-delims" excluding "/" but including "%" */
yuuji@0	1360 #define GENERAL_DELIMS_NO_SLASH ":?#[]@" "%"
yuuji@0	1361
yuuji@0	1362 /* "gen-delims" (excluding "/", but including "%")
yuuji@0	1363 plus subset of "sub-delims" */
yuuji@0	1364 #define GENERAL_UNSAFE_NO_SLASH GENERAL_DELIMS_NO_SLASH ";&=+"
yuuji@0	1365 #define OTHER_UNSAFE " \"<>\\^`{\|}"
yuuji@0	1366
yuuji@0	1367 /* URL unsafe printable characters */
yuuji@0	1368 static const char mailbox_url_unsafe[] = GENERAL_UNSAFE_NO_SLASH
yuuji@0	1369 OTHER_UNSAFE;
yuuji@0	1370
yuuji@0	1371 /* UTF7 modified base64 alphabet */
yuuji@0	1372 static const char base64chars[] =
yuuji@0	1373 "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+,";
yuuji@0	1374
yuuji@0	1375 #define UNDEFINED 64
yuuji@0	1376
yuuji@0	1377 /* UTF16 definitions */
yuuji@0	1378 #define UTF16MASK 0x03FFUL
yuuji@0	1379 #define UTF16SHIFT 10
yuuji@0	1380 #define UTF16BASE 0x10000UL
yuuji@0	1381 #define UTF16HIGHSTART 0xD800UL
yuuji@0	1382 #define UTF16HIGHEND 0xDBFFUL
yuuji@0	1383 #define UTF16LOSTART 0xDC00UL
yuuji@0	1384 #define UTF16LOEND 0xDFFFUL
yuuji@0	1385
yuuji@0	1386 /* Convert an IMAP mailbox to a URL path
yuuji@0	1387 * dst needs to have roughly 4 times the storage space of src
yuuji@0	1388 * Hex encoding can triple the size of the input
yuuji@0	1389 * UTF-7 can be slightly denser than UTF-8
yuuji@0	1390 * (worst case: 8 octets UTF-7 becomes 9 octets UTF-8)
yuuji@0	1391 */
yuuji@0	1392 void MailboxToURL(char dst, char src)
yuuji@0	1393 {
yuuji@0	1394 unsigned char c, i, bitcount;
yuuji@0	1395 unsigned long ucs4, utf16, bitbuf;
yuuji@0	1396 unsigned char base64[256], utf8[6];
yuuji@0	1397
yuuji@0	1398 /* initialize modified base64 decoding table */
yuuji@0	1399
yuuji@0	1400
yuuji@0	1401
yuuji@0	1402 Melnikov & Newman Standards Track [Page 25]
yuuji@0	1403
yuuji@0	1404 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1405
yuuji@0	1406
yuuji@0	1407 memset(base64, UNDEFINED, sizeof (base64));
yuuji@0	1408 for (i = 0; i < sizeof (base64chars); ++i) {
yuuji@0	1409 base64[(int) base64chars[i]] = i;
yuuji@0	1410 }
yuuji@0	1411
yuuji@0	1412 /* loop until end of string */
yuuji@0	1413 while (*src != '\0') {
yuuji@0	1414 c = *src++;
yuuji@0	1415 /* deal with literal characters and &- */
yuuji@0	1416 if (c != '&' \|\| *src == '-') {
yuuji@0	1417 /* NB: There are no "URL safe" characters after the '~' */
yuuji@0	1418 if (c < ' ' \|\| c > '~' \|\|
yuuji@0	1419 strchr(mailbox_url_unsafe, c) != NULL) {
yuuji@0	1420 /* hex encode if necessary */
yuuji@0	1421 dst[0] = '%';
yuuji@0	1422 dst[1] = hex[c >> 4];
yuuji@0	1423 dst[2] = hex[c & 0x0f];
yuuji@0	1424 dst += 3;
yuuji@0	1425 } else {
yuuji@0	1426 /* encode literally */
yuuji@0	1427 *dst++ = c;
yuuji@0	1428 }
yuuji@0	1429 /* skip over the '-' if this is an &- sequence */
yuuji@0	1430 if (c == '&') ++src;
yuuji@0	1431
yuuji@0	1432 } else {
yuuji@0	1433 /* convert modified UTF-7 -> UTF-16 -> UCS-4 -> UTF-8 -> HEX */
yuuji@0	1434 bitbuf = 0;
yuuji@0	1435 bitcount = 0;
yuuji@0	1436 ucs4 = 0;
yuuji@0	1437 while ((c = base64[(unsigned char) *src]) != UNDEFINED) {
yuuji@0	1438 ++src;
yuuji@0	1439 bitbuf = (bitbuf << 6) \| c;
yuuji@0	1440 bitcount += 6;
yuuji@0	1441 /* enough bits for a UTF-16 character? */
yuuji@0	1442 if (bitcount >= 16) {
yuuji@0	1443 bitcount -= 16;
yuuji@0	1444 utf16 = (bitcount ? bitbuf >> bitcount
yuuji@0	1445 : bitbuf) & 0xffff;
yuuji@0	1446 /* convert UTF16 to UCS4 */
yuuji@0	1447 if
yuuji@0	1448 (utf16 >= UTF16HIGHSTART && utf16 <= UTF16HIGHEND) {
yuuji@0	1449 ucs4 = (utf16 - UTF16HIGHSTART) << UTF16SHIFT;
yuuji@0	1450 continue;
yuuji@0	1451 } else if
yuuji@0	1452 (utf16 >= UTF16LOSTART && utf16 <= UTF16LOEND) {
yuuji@0	1453 ucs4 += utf16 - UTF16LOSTART + UTF16BASE;
yuuji@0	1454 } else {
yuuji@0	1455
yuuji@0	1456
yuuji@0	1457
yuuji@0	1458 Melnikov & Newman Standards Track [Page 26]
yuuji@0	1459
yuuji@0	1460 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1461
yuuji@0	1462
yuuji@0	1463 ucs4 = utf16;
yuuji@0	1464 }
yuuji@0	1465 /* convert UTF-16 range of UCS4 to UTF-8 */
yuuji@0	1466 if (ucs4 <= 0x7fUL) {
yuuji@0	1467 utf8[0] = (unsigned char) ucs4;
yuuji@0	1468 i = 1;
yuuji@0	1469 } else if (ucs4 <= 0x7ffUL) {
yuuji@0	1470 utf8[0] = 0xc0 \| (unsigned char) (ucs4 >> 6);
yuuji@0	1471 utf8[1] = 0x80 \| (unsigned char) (ucs4 & 0x3f);
yuuji@0	1472 i = 2;
yuuji@0	1473 } else if (ucs4 <= 0xffffUL) {
yuuji@0	1474 utf8[0] = 0xe0 \| (unsigned char) (ucs4 >> 12);
yuuji@0	1475 utf8[1] = 0x80 \| (unsigned char) ((ucs4 >> 6) & 0x3f);
yuuji@0	1476 utf8[2] = 0x80 \| (unsigned char) (ucs4 & 0x3f);
yuuji@0	1477 i = 3;
yuuji@0	1478 } else {
yuuji@0	1479 utf8[0] = 0xf0 \| (unsigned char) (ucs4 >> 18);
yuuji@0	1480 utf8[1] = 0x80 \| (unsigned char) ((ucs4 >> 12) & 0x3f);
yuuji@0	1481 utf8[2] = 0x80 \| (unsigned char) ((ucs4 >> 6) & 0x3f);
yuuji@0	1482 utf8[3] = 0x80 \| (unsigned char) (ucs4 & 0x3f);
yuuji@0	1483 i = 4;
yuuji@0	1484 }
yuuji@0	1485 /* convert utf8 to hex */
yuuji@0	1486 for (c = 0; c < i; ++c) {
yuuji@0	1487 dst[0] = '%';
yuuji@0	1488 dst[1] = hex[utf8[c] >> 4];
yuuji@0	1489 dst[2] = hex[utf8[c] & 0x0f];
yuuji@0	1490 dst += 3;
yuuji@0	1491 }
yuuji@0	1492 }
yuuji@0	1493 }
yuuji@0	1494 /* skip over trailing '-' in modified UTF-7 encoding */
yuuji@0	1495 if (*src == '-') ++src;
yuuji@0	1496 }
yuuji@0	1497 }
yuuji@0	1498 /* terminate destination string */
yuuji@0	1499 *dst = '\0';
yuuji@0	1500 }
yuuji@0	1501
yuuji@0	1502 /* Convert hex coded UTF-8 URL path to modified UTF-7 IMAP mailbox
yuuji@0	1503 * dst should be about twice the length of src to deal with non-hex
yuuji@0	1504 * coded URLs
yuuji@0	1505 */
yuuji@0	1506 int URLtoMailbox(char dst, char src)
yuuji@0	1507 {
yuuji@0	1508 unsigned int utf8pos = 0;
yuuji@0	1509 unsigned int utf8total, i, c, utf7mode, bitstogo, utf16flag;
yuuji@0	1510 unsigned long ucs4 = 0, bitbuf = 0;
yuuji@0	1511
yuuji@0	1512
yuuji@0	1513
yuuji@0	1514 Melnikov & Newman Standards Track [Page 27]
yuuji@0	1515
yuuji@0	1516 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1517
yuuji@0	1518
yuuji@0	1519 utf7mode = 0; /* is the output UTF7 currently in base64 mode? */
yuuji@0	1520 utf8total = 0; /* how many octets is the current input UTF-8 char;
yuuji@0	1521 0 == between characters */
yuuji@0	1522 bitstogo = 0; /* bits that need to be encoded into base64; if
yuuji@0	1523 bitstogo != 0 then utf7mode == 1 */
yuuji@0	1524 while ((c = (unsigned char)*src) != '\0') {
yuuji@0	1525 ++src;
yuuji@0	1526 /* undo hex-encoding */
yuuji@0	1527 if (c == '%' && src[0] != '\0' && src[1] != '\0') {
yuuji@0	1528 c = HEXCHAR(src[0]);
yuuji@0	1529 i = HEXCHAR(src[1]);
yuuji@0	1530 if (c == XX \|\| i == XX) {
yuuji@0	1531 return 0;
yuuji@0	1532 } else {
yuuji@0	1533 c = (char)((c << 4) \| i);
yuuji@0	1534 }
yuuji@0	1535 src += 2;
yuuji@0	1536 }
yuuji@0	1537 /* normal character? */
yuuji@0	1538 if (c >= ' ' && c <= '~') {
yuuji@0	1539 /* switch out of UTF-7 mode */
yuuji@0	1540 if (utf7mode) {
yuuji@0	1541 if (bitstogo) {
yuuji@0	1542 *dst++ = base64chars[(bitbuf << (6 - bitstogo)) & 0x3F];
yuuji@0	1543 }
yuuji@0	1544 *dst++ = '-';
yuuji@0	1545 utf7mode = 0;
yuuji@0	1546 bitstogo = bitbuf = 0;
yuuji@0	1547 }
yuuji@0	1548 *dst++ = c;
yuuji@0	1549 /* encode '&' as '&-' */
yuuji@0	1550 if (c == '&') {
yuuji@0	1551 *dst++ = '-';
yuuji@0	1552 }
yuuji@0	1553 continue;
yuuji@0	1554 }
yuuji@0	1555 /* switch to UTF-7 mode */
yuuji@0	1556 if (!utf7mode) {
yuuji@0	1557 *dst++ = '&';
yuuji@0	1558 utf7mode = 1;
yuuji@0	1559 }
yuuji@0	1560 /* Encode US-ASCII characters as themselves */
yuuji@0	1561 if (c < 0x80) {
yuuji@0	1562 ucs4 = c;
yuuji@0	1563 utf8total = 1;
yuuji@0	1564 } else if (utf8total) {
yuuji@0	1565 /* this is a subsequent octet of a multi-octet character */
yuuji@0	1566 /* save UTF8 bits into UCS4 */
yuuji@0	1567
yuuji@0	1568
yuuji@0	1569
yuuji@0	1570 Melnikov & Newman Standards Track [Page 28]
yuuji@0	1571
yuuji@0	1572 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1573
yuuji@0	1574
yuuji@0	1575 ucs4 = (ucs4 << 6) \| (c & 0x3FUL);
yuuji@0	1576 if (++utf8pos < utf8total) {
yuuji@0	1577 continue;
yuuji@0	1578 }
yuuji@0	1579 } else {
yuuji@0	1580 /* this is the first octet of a multi-octet character */
yuuji@0	1581 utf8pos = 1;
yuuji@0	1582 if (c < 0xE0) {
yuuji@0	1583 utf8total = 2;
yuuji@0	1584 ucs4 = c & 0x1F;
yuuji@0	1585 } else if (c < 0xF0) {
yuuji@0	1586 utf8total = 3;
yuuji@0	1587 ucs4 = c & 0x0F;
yuuji@0	1588 } else {
yuuji@0	1589 /* NOTE: can't convert UTF8 sequences longer than 4 */
yuuji@0	1590 utf8total = 4;
yuuji@0	1591 ucs4 = c & 0x03;
yuuji@0	1592 }
yuuji@0	1593 continue;
yuuji@0	1594 }
yuuji@0	1595 /* Finished with UTF-8 character. Make sure it isn't an
yuuji@0	1596 overlong sequence. If it is, return failure. */
yuuji@0	1597 if ((ucs4 < 0x80 && utf8total > 1) \|\|
yuuji@0	1598 (ucs4 < 0x0800 && utf8total > 2) \|\|
yuuji@0	1599 (ucs4 < 0x00010000 && utf8total > 3) \|\|
yuuji@0	1600 (ucs4 < 0x00200000 && utf8total > 4) \|\|
yuuji@0	1601 (ucs4 < 0x04000000 && utf8total > 5) \|\|
yuuji@0	1602 (ucs4 < 0x80000000 && utf8total > 6)) {
yuuji@0	1603 return 0;
yuuji@0	1604 }
yuuji@0	1605 /* loop to split ucs4 into two utf16 chars if necessary */
yuuji@0	1606 utf8total = 0;
yuuji@0	1607 do {
yuuji@0	1608 if (ucs4 >= UTF16BASE) {
yuuji@0	1609 ucs4 -= UTF16BASE;
yuuji@0	1610 bitbuf = (bitbuf << 16) \| ((ucs4 >> UTF16SHIFT)
yuuji@0	1611 + UTF16HIGHSTART);
yuuji@0	1612 ucs4 = (ucs4 & UTF16MASK) + UTF16LOSTART;
yuuji@0	1613 utf16flag = 1;
yuuji@0	1614 } else {
yuuji@0	1615 bitbuf = (bitbuf << 16) \| ucs4;
yuuji@0	1616 utf16flag = 0;
yuuji@0	1617 }
yuuji@0	1618 bitstogo += 16;
yuuji@0	1619 /* spew out base64 */
yuuji@0	1620 while (bitstogo >= 6) {
yuuji@0	1621 bitstogo -= 6;
yuuji@0	1622 *dst++ = base64chars[(bitstogo ? (bitbuf >> bitstogo)
yuuji@0	1623
yuuji@0	1624
yuuji@0	1625
yuuji@0	1626 Melnikov & Newman Standards Track [Page 29]
yuuji@0	1627
yuuji@0	1628 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1629
yuuji@0	1630
yuuji@0	1631 : bitbuf)
yuuji@0	1632 & 0x3F];
yuuji@0	1633 }
yuuji@0	1634 } while (utf16flag);
yuuji@0	1635 }
yuuji@0	1636 /* if in UTF-7 mode, finish in ASCII */
yuuji@0	1637 if (utf7mode) {
yuuji@0	1638 if (bitstogo) {
yuuji@0	1639 *dst++ = base64chars[(bitbuf << (6 - bitstogo)) & 0x3F];
yuuji@0	1640 }
yuuji@0	1641 *dst++ = '-';
yuuji@0	1642 }
yuuji@0	1643 /* tie off string */
yuuji@0	1644 *dst = '\0';
yuuji@0	1645 return 1;
yuuji@0	1646 }
yuuji@0	1647
yuuji@0	1648 Appendix B. List of Changes since RFC 2192
yuuji@0	1649
yuuji@0	1650 Updated boilerplate, list of editor's, etc.
yuuji@0	1651 Updated references.
yuuji@0	1652 Updated ABNF not to use _, to use SP instead of SPACE, etc.
yuuji@0	1653 Updated example domains to use example.org.
yuuji@0	1654 Fixed ABNF error in "imessagelist" non-terminal.
yuuji@0	1655 Updated ABNF, due to changes in RFC 3501, RFC 4466, and RFC 3986.
yuuji@0	1656 Renamed "iuserauth" non-terminal to <iuserinfo>.
yuuji@0	1657 Clarified that the userinfo component describes both authorization
yuuji@0	1658 identity and mailbox naming scope.
yuuji@0	1659 Allow for non-synchronizing literals in "enc-search".
yuuji@0	1660 Added "ipartial" specifier that denotes a partial FETCH.
yuuji@0	1661 Moved URLAUTH text from RFC 4467 to this document.
yuuji@0	1662 Updated ABNF for the whole server to allow missing trailing "/"
yuuji@0	1663 (e.g., "imap://imap.example.com" is now valid and is the same as
yuuji@0	1664 "imap://imap.example.com/").
yuuji@0	1665 Clarified how relative-path references are constructed.
yuuji@0	1666 Added more examples demonstrating relative-path references.
yuuji@0	1667 Added rules for relative URLs and restructured ABNF as the result.
yuuji@0	1668 Removed text on use of relative URLs in MHTML.
yuuji@0	1669 Added examples demonstrating security considerations when resolving
yuuji@0	1670 URLs.
yuuji@0	1671 Recommend usage of STARTTLS/SASL security layer to protect
yuuji@0	1672 confidential data.
yuuji@0	1673 Removed some advices about connection reuse that were incorrect.
yuuji@0	1674 Removed URLs referencing a list of mailboxes, as this feature
yuuji@0	1675 hasn't seen any deployments.
yuuji@0	1676 Clarified that user name "anonymous" is case-insensitive.
yuuji@0	1677
yuuji@0	1678
yuuji@0	1679
yuuji@0	1680
yuuji@0	1681
yuuji@0	1682 Melnikov & Newman Standards Track [Page 30]
yuuji@0	1683
yuuji@0	1684 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1685
yuuji@0	1686
yuuji@0	1687 Appendix C. List of Changes since RFC 4467
yuuji@0	1688
yuuji@0	1689 Renamed <mechanism> to <uauth-mechanism>. Restructured ABNF.
yuuji@0	1690
yuuji@0	1691 Appendix D. Acknowledgments
yuuji@0	1692
yuuji@0	1693 Text describing URLAUTH was lifted from [URLAUTH] by Mark Crispin.
yuuji@0	1694
yuuji@0	1695 Stephane H. Maes contributed some ideas to this document; he also
yuuji@0	1696 co-edited early versions of this document.
yuuji@0	1697
yuuji@0	1698 The editors would like to thank Mark Crispin, Ken Murchison, Ted
yuuji@0	1699 Hardie, Zoltan Ordogh, Dave Cridland, Kjetil Torgrim Homme, Lisa
yuuji@0	1700 Dusseault, Spencer Dawkins, Filip Navara, Shawn M. Emery, Sam
yuuji@0	1701 Hartman, Russ Housley, and Lars Eggert for the time they devoted to
yuuji@0	1702 reviewing this document and/or for the comments received.
yuuji@0	1703
yuuji@0	1704 Authors' Addresses
yuuji@0	1705
yuuji@0	1706 Chris Newman (Author/Editor)
yuuji@0	1707 Sun Microsystems
yuuji@0	1708 3401 Centrelake Dr., Suite 410
yuuji@0	1709 Ontario, CA 91761
yuuji@0	1710 EMail: chris.newman@sun.com
yuuji@0	1711
yuuji@0	1712 Alexey Melnikov (Editor)
yuuji@0	1713 Isode Limited
yuuji@0	1714 5 Castle Business Village
yuuji@0	1715 36 Station Road
yuuji@0	1716 Hampton, Middlesex
yuuji@0	1717 TW12 2BX, UK
yuuji@0	1718 EMail: Alexey.Melnikov@isode.com
yuuji@0	1719 URI: http://www.melnikov.ca/
yuuji@0	1720
yuuji@0	1721
yuuji@0	1722
yuuji@0	1723
yuuji@0	1724
yuuji@0	1725
yuuji@0	1726
yuuji@0	1727
yuuji@0	1728
yuuji@0	1729
yuuji@0	1730
yuuji@0	1731
yuuji@0	1732
yuuji@0	1733
yuuji@0	1734
yuuji@0	1735
yuuji@0	1736
yuuji@0	1737
yuuji@0	1738 Melnikov & Newman Standards Track [Page 31]
yuuji@0	1739
yuuji@0	1740 RFC 5092 IMAP URL Scheme November 2007
yuuji@0	1741
yuuji@0	1742
yuuji@0	1743 Full Copyright Statement
yuuji@0	1744
yuuji@0	1745 Copyright (C) The IETF Trust (2007).
yuuji@0	1746
yuuji@0	1747 This document is subject to the rights, licenses and restrictions
yuuji@0	1748 contained in BCP 78, and except as set forth therein, the authors
yuuji@0	1749 retain all their rights.
yuuji@0	1750
yuuji@0	1751 This document and the information contained herein are provided on an
yuuji@0	1752 "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
yuuji@0	1753 OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
yuuji@0	1754 THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
yuuji@0	1755 OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
yuuji@0	1756 THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
yuuji@0	1757 WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
yuuji@0	1758
yuuji@0	1759 Intellectual Property
yuuji@0	1760
yuuji@0	1761 The IETF takes no position regarding the validity or scope of any
yuuji@0	1762 Intellectual Property Rights or other rights that might be claimed to
yuuji@0	1763 pertain to the implementation or use of the technology described in
yuuji@0	1764 this document or the extent to which any license under such rights
yuuji@0	1765 might or might not be available; nor does it represent that it has
yuuji@0	1766 made any independent effort to identify any such rights. Information
yuuji@0	1767 on the procedures with respect to rights in RFC documents can be
yuuji@0	1768 found in BCP 78 and BCP 79.
yuuji@0	1769
yuuji@0	1770 Copies of IPR disclosures made to the IETF Secretariat and any
yuuji@0	1771 assurances of licenses to be made available, or the result of an
yuuji@0	1772 attempt made to obtain a general license or permission for the use of
yuuji@0	1773 such proprietary rights by implementers or users of this
yuuji@0	1774 specification can be obtained from the IETF on-line IPR repository at
yuuji@0	1775 http://www.ietf.org/ipr.
yuuji@0	1776
yuuji@0	1777 The IETF invites any interested party to bring to its attention any
yuuji@0	1778 copyrights, patents or patent applications, or other proprietary
yuuji@0	1779 rights that may cover technology that may be required to implement
yuuji@0	1780 this standard. Please address the information to the IETF at
yuuji@0	1781 ietf-ipr@ietf.org.
yuuji@0	1782
yuuji@0	1783
yuuji@0	1784
yuuji@0	1785
yuuji@0	1786
yuuji@0	1787
yuuji@0	1788
yuuji@0	1789
yuuji@0	1790
yuuji@0	1791
yuuji@0	1792
yuuji@0	1793
yuuji@0	1794 Melnikov & Newman Standards Track [Page 32]
yuuji@0	1795