summaryrefslogtreecommitdiff
path: root/doc/rfc/rfc3656.txt
blob: 6c0ab5b1fa17d9c5122648b2d20513d09d27b2f1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
Network Working Group                                      R. Siemborski
Request for Comments: 3656                    Carnegie Mellon University
Category: Experimental                                     December 2003


                     The Mailbox Update (MUPDATE)
                 Distributed Mailbox Database Protocol

Status of this Memo

   This memo defines an Experimental Protocol for the Internet
   community.  It does not specify an Internet standard of any kind.
   Discussion and suggestions for improvement are requested.
   Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   As the demand for high-performance mail delivery agents increases, it
   becomes apparent that single-machine solutions are inadequate to the
   task, both because of capacity limits and that the failure of the
   single machine means a loss of mail delivery for all users.  It is
   preferable to allow many machines to share the responsibility of mail
   delivery.

   The Mailbox Update (MUPDATE) protocol allows a group of Internet
   Message Access Protocol (IMAP) or Post Office Protocol - Version 3
   (POP3) servers to function with a unified mailbox namespace.  This
   document is intended to serve as a reference guide to that protocol.



















Siemborski                    Experimental                      [Page 1]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   3
   2.  Protocol Overview . . . . . . . . . . . . . . . . . . . . . .   3
       2.1.  Atoms . . . . . . . . . . . . . . . . . . . . . . . . .   4
       2.2.  Strings . . . . . . . . . . . . . . . . . . . . . . . .   4
   3.  Server Responses  . . . . . . . . . . . . . . . . . . . . . .   4
       3.1.  Response: OK  . . . . . . . . . . . . . . . . . . . . .   5
       3.2.  Response: NO  . . . . . . . . . . . . . . . . . . . . .   5
       3.3.  Response: BAD . . . . . . . . . . . . . . . . . . . . .   5
       3.4.  Response: BYE . . . . . . . . . . . . . . . . . . . . .   6
       3.5.  Response: RESERVE . . . . . . . . . . . . . . . . . . .   6
       3.6.  Response: MAILBOX . . . . . . . . . . . . . . . . . . .   6
       3.7.  Response: DELETE  . . . . . . . . . . . . . . . . . . .   7
       3.8.  Server Capability Response. . . . . . . . . . . . . . .   7
   4.  Client Commands . . . . . . . . . . . . . . . . . . . . . . .   8
       4.1.  Command: ACTIVATE . . . . . . . . . . . . . . . . . . .   8
       4.2.  Command: AUTHENTICATE . . . . . . . . . . . . . . . . .   8
       4.3.  Command: DEACTIVATE . . . . . . . . . . . . . . . . . .   9
       4.4.  Command: DELETE . . . . . . . . . . . . . . . . . . . .   9
       4.5.  Command: FIND . . . . . . . . . . . . . . . . . . . . .   9
       4.6.  Command: LIST . . . . . . . . . . . . . . . . . . . . .  10
       4.7.  Command: LOGOUT . . . . . . . . . . . . . . . . . . . .  10
       4.8.  Command: NOOP . . . . . . . . . . . . . . . . . . . . .  10
       4.9.  Command: RESERVE. . . . . . . . . . . . . . . . . . . .  10
       4.10. Command: STARTTLS . . . . . . . . . . . . . . . . . . .  11
       4.11. Command: UPDATE . . . . . . . . . . . . . . . . . . . .  12
   5.  MUPDATE Formal Syntax . . . . . . . . . . . . . . . . . . . .  12
   6.  MUPDATE URL Scheme. . . . . . . . . . . . . . . . . . . . . .  14
       6.1.  MUPDATE URL Scheme Registration Form. . . . . . . . . .  14
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .  15
   8.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .  16
   9.  Intellectual Property Rights. . . . . . . . . . . . . . . . .  16
   10. References. . . . . . . . . . . . . . . . . . . . . . . . . .  17
       10.1. Normative References. . . . . . . . . . . . . . . . . .  17
       10.2. Informative References. . . . . . . . . . . . . . . . .  17
   11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . .  18
   12. Author's Address. . . . . . . . . . . . . . . . . . . . . . .  18
   13. Full Copyright Statement. . . . . . . . . . . . . . . . . . .  19












Siemborski                    Experimental                      [Page 2]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


1.  Introduction

   In order to support an architecture where there are multiple [IMAP,
   POP3] servers sharing a common mailbox database, it is necessary to
   be able to provide atomic mailbox operations, as well as offer
   sufficient guarantees about database consistency.

   The primary goal of the MUPDATE protocol is to be simple to implement
   yet allow for database consistency between participants.

   The key words "MUST, "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
   "RECOMMENDED", and "MAY" in this document are to be interpreted as
   defined in BCP 14, RFC 2119 [KEYWORDS].

   In examples, "C:" and "S:" indicate lines sent by the client and
   server respectively.

2.  Protocol Overview

   The MUPDATE protocol assumes a reliable data stream such as a TCP
   network connection.  IANA has registered port 3905 with a short name
   of "mupdate" for this purpose.

   In the current implementation of the MUPDATE protocol there are three
   types of participants: a single master server, slave (or replica)
   servers, and clients.  The master server maintains an authoritative
   copy of the mailbox database.  Slave servers connect to the MUPDATE
   master server as clients, and function as replicas from the point of
   view of end clients.  End clients may connect to either the master or
   any slave and perform searches against the database, however
   operations that change the database can only be performed against the
   master.  For the purposes of protocol discussion we will consider a
   slave's connection to the master identical to that of any other
   client.

   After connection, all commands from a client to server must have an
   associated unique tag which is an alphanumeric string.  Commands MAY
   be pipelined from the client to the server (that is, the client need
   not wait for the response before sending the next command).  The
   server MUST execute the commands in the order they were received,
   however.

   If the server supports an inactivity login timeout, it MUST be at
   least 15 minutes.







Siemborski                    Experimental                      [Page 3]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


   MUPDATE uses data formats similar to those used in [ACAP].  That is,
   atoms and strings.  All commands and tags in the protocol are
   transmitted as atoms.  All other data is considered to a string, and
   must be quoted or transmitted as a literal.

   Outside of a literal, both clients and servers MUST support line
   lengths of at least 1024 octets (including the trailing CR and LF
   characters).  If a line of a longer length must be transmitted,
   implementations MUST make use of literals to do so.

2.1.  Atoms

   An atom consists of one or more alphanumeric characters.  Atoms MUST
   be less than 15 octets in length.

2.2.  Strings

   As in [ACAP], a string may be either literal or a quoted string.  A
   literal is a sequence of zero or more octets (including CR and LF),
   prefix-quoted with an octet count in the form of an open brace ("{"),
   the number of octets, an optional plus sign to indicate that the data
   follows immediately (a non-synchronized literal), a close brace
   ("}"), and a CRLF sequence.  If the plus sign is omitted (a
   synchronized literal), then the receiving side MUST send a "+ go
   ahead" response, and the sending side MUST wait for this response.
   Servers MUST support literals of atleast 4096 octets.

   Strings that are sent from server to client SHOULD NOT be in the
   synchronized literal format.

   A quoted string is a sequence of zero or more 7-bit characters,
   excluding CR, LF, and the double quote (<">), with double quote
   characters at each end.

   The empty string is represented as either "" (a quoted string with
   zero characters between double quotes) or as {0} followed by CRLF (a
   literal with an octet count of 0).

3.  Server Responses

   Every client command in the MUPDATE protocol may receive one or more
   tagged responses from the server.  Each response is preceded by the
   same tag as the command that elicited the response from the server.








Siemborski                    Experimental                      [Page 4]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


3.1.  Response: OK

   A tagged OK response indicates that the operation completed
   successfully.  There is a mandatory implementation-defined string
   after the OK response.  This response also indicates the beginning of
   the streaming update mode when given in response to an UPDATE
   command.

   Example:

C: N01 NOOP
S: N01 OK "NOOP Complete"

3.2.  Response: NO

   A tagged NO response indicates that the operation was explicitly
   denied by the server or otherwise failed.  There is a mandatory
   implementation-defined string after the NO response that SHOULD
   explain the reason for denial.

   Example:

C: A01 AUTHENTICATE "PLAIN"
S: A01 NO "PLAIN is not a supported SASL mechanism"

3.3.  Response: BAD

   A tagged BAD response indicates that the command from the client
   could not be parsed or understood.  There is a mandatory
   implementation-defined string after the BAD response to provide
   additional information about the error.  Note that untagged BAD
   responses are allowed if it is unclear what the tag for a given
   command is (for example, if a blank line is received by the mupdate
   server, it can generate an untagged BAD response).  In the case of an
   untagged response, the tag should be replaced with a "*".

   Example:

C: C01 SELECT "INBOX"
S: C01 BAD "This is not an IMAP server"
C:
S: * BAD "Need Command"









Siemborski                    Experimental                      [Page 5]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


3.4.  Response: BYE

   A tagged BYE response indicates that the server has decided to close
   the connection.  There is a mandatory implementation-defined string
   after the BYE response that SHOULD explain the reason for closing the
   connection.  The server MUST close the connection immediately after
   transmitting the BYE response.

   Example:

C: L01 LOGOUT
S: L01 BYE "User Logged Out"

3.5.  Response: RESERVE

   A tagged RESERVE response may only be given in response to a FIND,
   LIST, or UPDATE command.  It includes two parameters: the name of the
   mailbox that is being reserved (in mUTF-7 encoding, as specified in
   [IMAP]) and a location string whose contents is defined by the
   clients that are using the database, though it is RECOMMENDED that
   the format of this string be the hostname of the server which is
   storing the mailbox.

   This response indicates that the given name is no longer available in
   the namespace, though it does not indicate that the given mailbox is
   available to clients at the current time.

   Example:

S: U01 RESERVE "internet.bugtraq" "mail2.example.org"

3.6.  Response: MAILBOX

   A tagged MAILBOX response may only be given in response to a FIND,
   LIST, or UPDATE command.  It includes three parameters: the name of
   the mailbox, a location string (as with RESERVE), and a client-
   defined string that specifies the IMAP ACL [IMAP-ACL] of the mailbox.
   This message indicates that the given mailbox is ready to be accessed
   by clients.

   Example:

S: U01 MAILBOX "internet.bugtraq" "mail2.example.org" "anyone rls"








Siemborski                    Experimental                      [Page 6]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


3.7.  Response: DELETE

   A tagged DELETE response may only be given in response to an UPDATE
   command, and MUST NOT be given before the OK response to the UPDATE
   command is given.  It contains a single parameter, that of the
   mailbox that should be deleted from the slave's database.  This
   response indicates that the given mailbox no longer exists in the
   namespace of the database, and may be given for any mailbox name,
   active, reserved, or nonexistent.  (Though implementations SHOULD NOT
   issue DELETE responses for nonexistent mailboxes).

   Example:

S: U01 DELETE "user.rjs3.sent-mail-jan-2002"

3.8.  Server Capability Response

   Upon connection of the client to the server, and directly following a
   successful STARTTLS command, the server MUST issue a capabilities
   banner, of the following format:

   The banner MUST contain a line that begins with "* AUTH" and contain
   a space-separated list of SASL mechanisms that the server will accept
   for authentication.  The mechanism names are transmitted as atoms.
   Servers MAY advertise no available mechanisms (to indicate that
   STARTTLS must be completed before authentication may occur).  If
   STARTTLS is not supported by the server, then the line MUST contain
   at least one mechanism.

   If the banner is being issued without a TLS layer, and the server
   supports the STARTTLS command, the banner MUST contain the line "*
   STARTTLS".  If the banner is being issued under a TLS layer (or the
   server does not support STARTTLS), the banner MUST NOT contain this
   line.

   The last line of the banner MUST start with "* OK MUPDATE" and be
   followed by four strings: the server's hostname, an implementation-
   defined string giving the name of the implementation, an
   implementation-defined string giving the version of the
   implementation, and a string that indicates if the server is a master
   or a slave.  The master/slave indication MUST be either "(master)" or
   an MUPDATE URL that defines where the master can be contacted.

   Any unrecognized responses before the "* OK MUPDATE" response MUST be
   ignored by the client.






Siemborski                    Experimental                      [Page 7]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


   Example:

S: * AUTH KERBEROS_V4 GSSAPI
S: * STARTTLS
S: * OK MUPDATE "mupdate.example.org" "Cyrus" "v2.1.2" "(master)"

4.  Client Commands

   The following are valid commands that a client may send to the
   MUPDATE server: AUTHENTICATE, ACTIVATE, DEACTIVATE, DELETE, FIND,
   LIST, LOGOUT, NOOP, RESERVE, STARTTLS, and UPDATE.

   Before a successful AUTHENTICATE command has occurred, the server
   MUST NOT accept any commands except for AUTHENTICATE, STARTTLS, and
   LOGOUT (and SHOULD reply with a NO response for all other commands).

4.1.  Command: ACTIVATE

   The ACTIVATE command has 3 parameters: the mailbox name, its
   location, and its ACL.  This command MUST NOT not be issued to a
   slave server.

   This command can also be used to update the ACL or location
   information of a mailbox.  Note that it is not a requirement for a
   mailbox to be reserved (or even exist in the database) for an
   ACTIVATE command to succeed, implementations MUST allow this behavior
   as it facilitates synchronization of the database with the current
   state of the mailboxes.

4.2.  Command: AUTHENTICATE

   The AUTHENTICATE command initiates a [SASL] negotiation session
   between the client and the server.  It has two parameters.  The first
   parameter is mandatory, and is a string indicating the desired [SASL]
   mechanism.  The second is a string containing an optional BASE64
   encoded (as defined in section 6.8 of [MIME]) client first send.

   All of the remaining SASL blobs that are sent MUST be sent across the
   wire must be in BASE64 encoded format, and followed by a CR and LF
   combination.  They MUST NOT be encoded as strings.

   Clients may cancel authentication by sending a * followed by a CR and
   LF.

   The [SASL] service name for the MUPDATE protocol is "mupdate".
   Implementations are REQUIRED to implement the GSSAPI [SASL]
   mechanism, though they SHOULD implement as many mechanisms as
   possible.



Siemborski                    Experimental                      [Page 8]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


   If a security layer is negotiated, it should be used directly
   following the CR and LF combination at the end of the server's OK
   response (i.e., beginning with the client's next command) Only one
   successful AUTHENTICATE command may be issued per session.

4.3.  Command: DEACTIVATE

   The DEACTIVATE command takes two parameters, the mailbox name and
   location data.  The mailbox MUST already exist and be activated on
   the MUPDATE server.  If the server responds OK, then the mailbox name
   has been moved to the RESERVE state.  If the server responds NO, then
   the mailbox name has not been moved (for example, the mailbox was not
   already active).  Any ACL information that is known about the mailbox
   MAY be lost when a DEACTIVATE succeeds.  This command MUST NOT be
   issued to a slave.

   Example:

C: A01 DEACTIVATE "user.rjs3.new" "mail3.example.org!u4"
S: A01 OK "Mailbox Reserved."

4.4.  Command: DELETE

   The DELETE command takes only a single parameter, the mailbox name to
   be removed from the database's namespace.  The server SHOULD give a
   NO response if the mailbox does not exist.  This command MUST NOT be
   issued to a slave server.

4.5.  Command: FIND

   The FIND command takes a single parameter, a mailbox name.  The
   server then responds with the current record for the given mailbox,
   if any, and an OK response.

   Example (mailbox does not exist):

C: F01 FIND "user.rjs3.xyzzy"
S: F01 OK "Search Complete"

   Example (mailbox is reserved):

C: F01 FIND "user.rjs3"
S: F01 RESERVE "user.rjs3" "mail4.example.org"
S: F01 OK "Search Complete"







Siemborski                    Experimental                      [Page 9]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


4.6.  Command: LIST

   The LIST command is similar to running FIND across the entire
   database.  The LIST command takes a single optional parameter, which
   is a prefix to try to match against the location field of the
   records.  Without the parameter, LIST returns every record in the
   database.

   For each mailbox that matches, either a MAILBOX or a RESERVE response
   (as applicable) is sent to the client.  When all responses are
   complete, an OK response is issued.

   Example:

C: L01 LIST
S: L01 RESERVE "user.rjs3" "mail4.example.org!u2"
S: L01 MAILBOX "user.leg" "mail2.example.org!u1" "leg lrswipcda"
S: L01 OK "List Complete"
C: L02 LIST "mail4.example.org!"
S: L02 RESERVE "user.rjs3" "mail4.example.org!u2"
S: L02 OK "List Complete"

4.7.  Command: LOGOUT

   The LOGOUT command tells the server to close the connection.  Its
   only valid response is the BYE response.  The LOGOUT command takes no
   parameters.

4.8.  Command: NOOP

   The NOOP command takes no parameters.  Provided the client is
   authenticated, its only acceptable response is an OK.  Any idle
   timeouts that the server may have on the connection SHOULD be reset
   upon receipt of this command.

   If this command is issued after an UPDATE command has been issued,
   then the OK response also indicates that all pending database updates
   have been sent to the client.  That is, the slave can guarantee that
   its local database is up to date as of a certain time by issuing a
   NOOP and waiting for the OK.  The OK MUST NOT return until all
   updates that were pending at the time of the NOOP have been sent.

4.9.  Command: RESERVE

   The RESERVE command takes two parameters (just like the RESERVE
   response), the mailbox name to reserve and location data.  If the
   server responds OK, then the mailbox name has been reserved.  If the
   server responds NO, then the mailbox name has not been reserved (for



Siemborski                    Experimental                     [Page 10]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


   example, another server has reserved it already).  This command MUST
   NOT be issued to a slave.

   The typical sequence for mailbox creation is:

C: R01 RESERVE "user.rjs3.new" "mail3.example.org!u4"
S: R01 OK "Mailbox Reserved."
<client does local mailbox create operations>
C: A01 ACTIVATE "user.rjs3.new" "mail3.example.org!u4" "rjs3 lrswipcda"
S: A01 OK "Mailbox Activated."

4.10.  Command: STARTTLS

   The STARTTLS command requests the commencement of a [TLS]
   negotiation.  The negotiation begins immediately after the CRLF in
   the OK response.  After a client issues a STARTTLS command, it MUST
   NOT issue further commands until a server response is seen and the
   [TLS] negotiation is complete.

   The STARTTLS command is only valid in non-authenticated state.  The
   server remains in non-authenticated state, even if client credentials
   are supplied during the [TLS] negotiation.  The [SASL] EXTERNAL
   mechanism MAY be used to authenticate once [TLS] client credentials
   are successfully exchanged.  Note that servers are not required to
   support the EXTERNAL mechanism.

   After the [TLS] layer is established, the server MUST re-issue the
   initial response banner (see Section 3.8).  This is necessary to
   protect against man-in-the-middle attacks which alter the
   capabilities list prior to STARTTLS, as well as to advertise any new
   SASL mechanisms (or other capabilities) that may be available under
   the layer.  The client MUST discard cached capability information and
   replace it with the new information.

   After the a successful STARTTLS command, the server SHOULD return a
   NO response to additional STARTTLS commands.

   Servers MAY choose to not implement STARTTLS.  In this case, they
   MUST NOT advertise STARTTLS in their capabilities banner, and SHOULD
   return a BAD response to the STARTTLS command, if it is issued.

   Example:

C: S01 STARTTLS
S: S01 OK "Begin TLS negotiation now"
<TLS negotiation, further commands are under TLS layer>
S: * AUTH KERBEROS_V4 GSSAPI PLAIN
S: * OK MUPDATE "mupdate.example.org" "Cyrus" "v2.1.2" "(master)"



Siemborski                    Experimental                     [Page 11]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


4.11.  Command: UPDATE

   The UPDATE command is how a slave initializes an update stream from
   the master (though it is also valid to issue this command to a
   slave).  In response to the command, the server returns a list of all
   mailboxes in its database (the same results as a parameterless LIST
   command) followed by an OK response.  From this point forward,
   whenever an update occurs to the master database, it MUST stream the
   update to the slave within 30 seconds.  That is, it will send
   RESERVE, MAILBOX, or DELETE responses as they are applicable.

   After a client has issued an UPDATE command, it may only issue NOOP
   and LOGOUT commands for the remainder of the session.

   Example:

C: U01 UPDATE
S: U01 MAILBOX "user.leg" "mail2.example.org!u1" "leg lrswipcda"
S: U01 MAILBOX "user.rjs3" "mail3.example.org!u4" "rjs3 lrswipcda"
S: U01 RESERVE "internet.bugtraq" "mail1.example.org!u5" "anyone lrs"
S: U01 OK "Streaming Begins"
<some time goes by, and another client creates a new mailbox>
S: U01 RESERVE "user.leg.new" "mail2.example.org!u1"
<some more time passes, and the create succeeds>
S: U01 MAILBOX "user.leg.new" "mail2.example.org!u1" "leg lrswipcda"
<much more time passes, and the slave decides to send a NOOP to reset
its inactivity timer>
C: N01 NOOP
S: U01 DELETE "user.leg.new"
S: N01 OK "NOOP Complete"

5.  MUPDATE Formal Syntax

   The following syntax specification uses the Augmented Backus-Naur
   Form (ABNF) notation as specified in [ABNF].  This uses the ABNF core
   rules as specified in Appendix A of [ABNF].

   Except as noted otherwise, all alphabetic characters are case-
   insensitive.  The use of upper or lower case characters to define
   token strings is for editorial clarity only.  Implementations MUST
   accept these strings in a case-insensitive fashion.

   Note that this specification also uses some terminals from section 8
   of [ACAP].

   cmd-activate = "ACTIVATE" SP string SP string SP string

   cmd-authenticate = "AUTHENTICATE" SP sasl-mech [ SP string ]



Siemborski                    Experimental                     [Page 12]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


   cmd-delete = "DELETE" SP string

   cmd-find = "FIND" SP string

   cmd-list = "LIST" [ SP string ]

   cmd-logout = "LOGOUT"

   cmd-noop = "NOOP"

   cmd-reserve = "RESERVE" SP string SP string

   cmd-starttls = "STARTTLS"

   cmd-update = "UPDATE"

   command = tag SP command-type CRLF

   command-type = cmd-activate / cmd-authenticate / cmd-delete /
                  cmd-find / cmd-list / cmd-logout / cmd-noop /
                  cmd-reserve / cmd-starttls / cmd-update

   response = tag SP response-type CRLF

   response-type = rsp-ok / rsp-no / rsp-bad / rsp-bye / rsp-mailbox /
                   rsp-reserve / rsp-delete

   rsp-bad = "BAD" SP string

   rsp-bye = "BYE" SP string

   rsp-mailbox = "MAILBOX" SP string SP string SP string

   rsp-no = "NO" SP string

   rsp-ok = "OK" SP string

   rsp-reserve = "RESERVE" SP string SP string

   rsp-delete = "DELETE" SP string

   sasl-mech = 1*ATOM-CHAR
      ; ATOM-CHAR is defined in [ACAP]

   string = quoted / literal
      ; quoted and literal are defined in [ACAP]





Siemborski                    Experimental                     [Page 13]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


   tag = 1*ATOM-CHAR
      ; ATOM-CHAR is defined in [ACAP]

6.  MUPDATE URL Scheme

   This document defines the a URL scheme for the purposes of
   referencing MUPDATE resources, according to the requirements in
   [RFC2717].  This includes both MUPDATE servers as a whole, along with
   individual mailbox entries on a given MUPDATE server.

   There is no MIME type associated with these resources.  It is
   intended that a URL consumer would either retrieve the MUPDATE record
   in question, or simply connect to the MUPDATE server running on the
   specified host.  Note that the consumer will need to have
   authentication credentials for the specified host.

   The MUPDATE URL scheme is similar to the IMAP URL scheme [IMAP-URL].
   However, it only takes one of two possible forms:

      mupdate://<iserver>/
      mupdate://<iserver>/<mailbox>

   The first form refers to a MUPDATE server as a whole, the second form
   indicates both the server and a mailbox to run a FIND against once
   authenticated to the server.  Note that part of <iserver> may include
   username and authentication information along with a hostname and
   port.

6.1.  MUPDATE URL Scheme Registration Form

   URL scheme name: "mupdate"

   URL scheme syntax:

      This defines the MUPDATE URL Scheme in [ABNF].  Terminals from the
      BNF of IMAP URLs [IMAP-URL] are also used.

         mupdateurl = "mupdate://" iserver "/" [ enc_mailbox ]
            ; iserver and enc_mailbox are as defined in [IMAP-URL]

   Character encoding considerations:

      Identical to those described in [IMAP-URL] for the appropriate
      terminals.







Siemborski                    Experimental                     [Page 14]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


   Intended Usage:

      The form of the URL without an associated mailbox is intended to
      designate a MUPDATE server only.  If a mailbox name is included in
      the URL, then the consumer is expected to execute a FIND command
      for that mailbox on the specified server.

   Applications and/or protocols which use this URL scheme name:

      The protocol described in this document.

   Interoperability Considerations:

      None.

   Security Considerations:

      Users of the MUPDATE URL Scheme should review the security
      considerations that are discussed in [IMAP-URL].  In particular,
      the consequences of including authentication mechanism information
      in a URL should be reviewed.

   Relevant Publications:

      This document and [IMAP-URL].

   Author, Change Controller, and Contact for Further Information:

      Author of this document.

7.  Security Considerations

   While no unauthenticated users may make modifications or even perform
   searches on the database, it is important to note that this
   specification assumes no protections of any type for authenticated
   users.

   All authenticated users have complete access to the database.  For
   this reason it is important to ensure that accounts that are making
   use of the database are well secured.

   A more secure deployment might have all read only access go through a
   slave, and only have accounts which need write access use the master.
   This has the disadvantage of a marginally longer time for updates to
   reach the clients.






Siemborski                    Experimental                     [Page 15]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


   The protocol assumes that all authenticated users are cooperating to
   maintain atomic operations.  Therefore, all new mailboxes SHOULD be
   RESERVEd before they are ACTIVATEd, despite the fact that the
   protocol does not require this, and it is therefore possible for a
   set of participants which do not obey the provided locking to create
   an inconsistent database.  RESERVEing the mailbox first is not
   required to perform an activate because this behavior simplifies
   synchronization with the actual location of the mailboxes.

8.  IANA Considerations

   The IANA has assigned TCP port number 3905 to "mupdate".

   The IANA has registered a URL scheme for the MUPDATE protocol, as
   defined in section 6.1 of this document.

   IANA has registered a GSSAPI service name of "mupdate" for the
   MUPDATE protocol in the registry maintained at:

   http://www.iana.org/assignments/gssapi-service-names

9.  Intellectual Property Rights

   The IETF takes no position regarding the validity or scope of any
   intellectual property or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; neither does it represent that it
   has made any effort to identify any such rights.  Information on the
   IETF's procedures with respect to rights in standards-track and
   standards-related documentation can be found in BCP-11.  Copies of
   claims of rights made available for publication and any assurances of
   licenses to be made available, or the result of an attempt made to
   obtain a general license or permission for the use of such
   proprietary rights by implementors or users of this specification can
   be obtained from the IETF Secretariat.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights which may cover technology that may be required to practice
   this standard.  Please address the information to the IETF Executive
   Director.









Siemborski                    Experimental                     [Page 16]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


10.  References

10.1.  Normative References

   [KEYWORDS]  Bradner, S., "Key words for use in RFCs to Indicate
               Requirement Levels", BCP 14, RFC 2119, March 1997.

   [IMAP]      Crispin, M., "Internet Message Access Protocol - Version
               4", RFC 3501, March 2003.

   [ABNF]      Crocker, D., Ed. and P. Overell, "Augmented BNF for
               Syntax Specifications: ABNF", RFC 2234, November 1997.

   [MIME]      Freed, N. and N. Bornstein, "Multipurpose Internet Mail
               Extensions (MIME) Part One: Format of Internet Message
               Bodies", RFC 2045, November 1996.

   [IMAP-ACL]  Myers, J., "IMAP4 ACL extension", RFC 2086, January 1997.

   [SASL]      Myers, J., "Simple Authentication and Security Layer
               (SASL)", RFC 2222, October 1997.

   [IMAP-URL]  Newman, C., "IMAP URL Scheme", RFC 2192, September 1997.

   [ACAP]      Newman, C. and J. Myers, "ACAP -- Application
               Configuration Access Protocol", RFC 2244, November 1997.

   [TLS]       Dierks, T. and C. Allen, "The TLS Protocol Version 1.0",
               RFC 2246, January 1999.

10.2.  Informative References

   [POP3]      Myers, J. and M. Rose, "Post Office Protocol - Version
               3", STD 53, RFC 1939, May 1996.

   [RFC2717]   Petke, R. and I. King, "Registration Procedures for URL
               Scheme Names", BCP 35, RFC 2717, November 1999.














Siemborski                    Experimental                     [Page 17]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


11.  Acknowledgments

   Lawrence Greenfield and Ken Murchison, for a great deal of input on
   both the protocol and the text of the documents.

12.  Author's  Address

   Robert Siemborski
   Carnegie Mellon, Andrew Systems Group
   Cyert Hall 207
   5000 Forbes Avenue
   Pittsburgh, PA  15213

   Phone: (412) 268-7456
   EMail: rjs3+@andrew.cmu.edu




































Siemborski                    Experimental                     [Page 18]
^L
RFC 3656     MUPDATE Distributed Mailbox Database Protocol December 2003


13.  Full Copyright Statement

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

   This document and translations of it may be copied and furnished to
   others, and derivative works that comment on or otherwise explain it
   or assist in its implementation may be prepared, copied, published
   and distributed, in whole or in part, without restriction of any
   kind, provided that the above copyright notice and this paragraph are
   included on all such copies and derivative works.  However, this
   document itself may not be modified in any way, such as by removing
   the copyright notice or references to the Internet Society or other
   Internet organizations, except as needed for the purpose of
   developing Internet standards in which case the procedures for
   copyrights defined in the Internet Standards process must be
   followed, or as required to translate it into languages other than
   English.

   The limited permissions granted above are perpetual and will not be
   revoked by the Internet Society or its successors or assignees.

   This document and the information contained herein is provided on an
   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Acknowledgement

   Funding for the RFC Editor function is currently provided by the
   Internet Society.



















Siemborski                    Experimental                     [Page 19]
^L