1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
|
Network Working Group D. Cridland
Request for Comments: 5524 Isode Limited
Category: Standards Track May 2009
Extended URLFETCH for Binary and Converted Parts
Status of This Memo
This document specifies an Internet standards track protocol for the
Internet community, and requests discussion and suggestions for
improvements. Please refer to the current edition of the "Internet
Official Protocol Standards" (STD 1) for the standardization state
and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
The URLFETCH command defined as part of URLAUTH provides a mechanism
for third parties to gain access to data held within messages in a
user's private store; however, this data is sent verbatim, which is
not suitable for a number of applications. This memo specifies a
method for obtaining data in forms suitable for non-mail
applications.
Cridland Standards Track [Page 1]
^L
RFC 5524 URLFETCH Binary May 2009
Table of Contents
1. Introduction ....................................................2
2. Conventions Used in This Document ...............................2
3. Extended URLFETCH ...............................................2
3.1. Command Parameters .........................................3
3.2. Response Metadata ..........................................3
4. Example Exchanges ...............................................4
5. Formal Syntax ...................................................6
6. IANA Considerations .............................................7
7. Security Considerations .........................................7
8. Acknowledgements ................................................7
9. References ......................................................8
9.1. Normative References .......................................8
9.2. Informative References .....................................8
1. Introduction
Although [URLAUTH] provides a URLFETCH command that can be used to
dereference a URL and return the body-part data, it does so by
returning the encoded form, without sufficient metadata to decode.
This is suitable for use in mail applications such as [BURL], where
the encoded form is suitable, but not where access to the actual
content is required, such as in [STREAMING].
This memo specifies a mechanism that returns additional metadata
about the part, such as its [MEDIATYPE] type, as well as removes any
content transfer encoding that was used on the body part.
2. Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [KEYWORDS].
Protocol examples are line-wrapped for clarity. Protocol strings are
prefixed with C: and S: for client and server respectively, and
elided data is represented by [...]. Implementors should note these
notations are for editorial clarity only.
3. Extended URLFETCH
This extension is available in any IMAP server implementation that
includes URLAUTH=BINARY within its capability string.
Such servers accept additional, per-URL parameters to the URLFETCH
command and will provide, upon request, specific data for each URL
dereferenced.
Cridland Standards Track [Page 2]
^L
RFC 5524 URLFETCH Binary May 2009
3.1. Command Parameters
The URLFETCH command is extended by the provision of optional
parameters. The extended URLFETCH command is distinct by enclosing
each URL and associated parameters in a parenthesized list. Cases
where there is an absence of any parameters or where the URL is sent
unenclosed cause the command to behave precisely as specified in
[URLAUTH].
Similarly, if the URL is invalid, the command will behave precisely
as specified in [URLAUTH] and return a simple NIL.
Available parameters are:
BODYPARTSTRUCTURE
Provide a BODYPARTSTRUCTURE.
BODYPARTSTRUCTURE is defined in [CONVERT] and provides metadata
useful for processing applications, such as the type of data.
BINARY
Provide the data without any Content-Transfer-Encoding.
In particular, this means that the data MAY contain NUL octets and
not be formed from textual lines. Data containing NUL octets MUST
be transferred using the literal8 syntax defined in [BINARY].
BODY
Provide the data as-is.
This will provide the same data as the unextended [URLAUTH] as a
metadata item.
Metadata items MUST NOT appear more than once per URL requested, and
clients MUST NOT request both BINARY and BODY.
3.2. Response Metadata
In order to carry any requested metadata and provide additional
information to the consumer, the URLFETCH response is similarly
extended.
Following the URL itself, servers will include a series of
parenthesized metadata elements. Defined metadata elements are as
follows:
Cridland Standards Track [Page 3]
^L
RFC 5524 URLFETCH Binary May 2009
BODYPARTSTRUCTURE
The BODYPARTSTRUCTURE provides information about the data
contained in the response, as it has been returned. It will
reflect any conversions or decoding that have taken place. In
particular, this will show an identity encoding if BINARY is also
requested.
BINARY
The BINARY item provides the content, without any content transfer
encoding applied. If this is not possible (for example, the
content transfer encoding is unknown to the server), then this MAY
contain NIL. Servers MUST understand all identity content
transfer encodings defined in [MIME], as well as the
transformation encodings "Base64" [BASE64] and "Quoted-Printable"
[MIME].
BODY
The BODY item provides the content as found in the message, with
any content transfer encoding still applied. Requesting only the
BODY will provide equivalent functionality to the unextended
[URLAUTH], however, using the extended syntax described herein.
Note that unlike [CONVERT], BODYPARTSTRUCTURE is not appended with
the part specifier, as this is implicit in the URL.
4. Example Exchanges
A client requests the data with no content transfer encoding.
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=1.2;urlauth=anonymous:internal:
91354a473744909de610943775f92038" BINARY)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=1.2;urlauth=anonymous:internal:
91354a473744909de610943775f92038" (BINARY {28}
S: Si vis pacem, para bellum.
S:
S: )
S: A001 OK URLFETCH completed
Note that the data here does not contain a NUL octet; therefore, a
literal -- not literal8 -- syntax has been used.
A client again requests data with no content transfer encoding, but
this time requests the body structure.
Cridland Standards Track [Page 4]
^L
RFC 5524 URLFETCH Binary May 2009
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" BINARY BODYPARTSTRUCTURE)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" (BODYPARTSTRUCTURE
("IMAGE" "PNG" () NIL NIL "BINARY" 123)) (BINARY ~{123}
S: [123 octets of data, some of which is NUL])
S: A001 OK URLFETCH completed
A client requests only the body structure.
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" BODYPARTSTRUCTURE)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" (BODYPARTSTRUCTURE
("IMAGE" "PNG" () NIL NIL "BASE64" 164))
S: A001 OK URLFETCH completed
A client requests the body structure and the original content.
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" BODYPARTSTRUCTURE BODY)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=1.3;urlauth=anonymous:internal:
ae354a473744909de610943775f92038" (BODYPARTSTRUCTURE
("IMAGE" "PNG" () NIL NIL "BASE64" 164)) (BODY {164}
S: [164 octets of base64 encoded data])
S: A001 OK URLFETCH completed
Some parts cannot be decoded, so the server will provide the
BODYPARTSTRUCTURE of the part as is and provide NIL for the binary
content:
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=1.4;urlauth=anonymous:internal:
87ecbd02095b815e699503fc20d869c8" BODYPARTSTRUCTURE BINARY)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=1.4;urlauth=anonymous:internal:
87ecbd02095b815e699503fc20d869c8" (BODYPARTSTRUCTURE
("IMAGE" "PNG" () NIL NIL "X-BLURDYBLOOP" 123))
(BINARY NIL)
S: A001 OK URLFETCH completed
Cridland Standards Track [Page 5]
^L
RFC 5524 URLFETCH Binary May 2009
If a part simply doesn't exist, however, or the URI is invalid for
some other reason, then NIL is returned instead of metadata:
C: A001 URLFETCH ("imap://joe@example.com/INBOX/;uid=20/;
section=200;urlauth=anonymous:internal:
88066d37e2e5410e1a6486350a8836ee" BODYPARTSTRUCTURE BODY)
S: * URLFETCH "imap://joe@example.com/INBOX/;uid=20/;
section=200;urlauth=anonymous:internal:
88066d37e2e5410e1a6486350a8836ee" NIL
S: A001 OK URLFETCH completed
5. Formal Syntax
This formal syntax uses ABNF as specified in [ABNF], and includes
productions defined in [URLAUTH], [BINARY], and [IMAP].
capability =/ "URLAUTH=BINARY"
; Command parameters; see Section 3.1
urlfetch = "URLFETCH" 1*(SP url-fetch-arg)
url-fetch-arg = url-fetch-simple / url-fetch-ext
url-fetch-simple = url-full
; Unextended URLFETCH.
url-fetch-ext = "(" url-full *(SP url-fetch-param) ")"
; If no url-fetch-param present, as unextended.
url-fetch-param = "BODY" / "BINARY" / "BODYPARTSTRUCTURE" / atom
; Response; see Section 3.2
urlfetch-data = "*" SP "URLFETCH"
1*(SP (urldata-simple / urldata-ext /
urldata-error))
urldata-error = SP url-full SP nil
urldata-simple = SP url-full SP nstring
; If client issues url-fetch-simple, server MUST respond with
; urldata-simple.
urldata-ext = SP url-full url-metadata
url-metadata = 1*(SP "(" url-metadata-el ")")
Cridland Standards Track [Page 6]
^L
RFC 5524 URLFETCH Binary May 2009
url-metadata-el = url-meta-bodystruct / url-meta-body /
url-meta-binary
url-meta-bodystruct = "BODYPARTSTRUCTURE" SP body
url-meta-binary = "BINARY" SP ( nstring / literal8 )
; If content contains a NUL octet, literal8 MUST be used.
; Otherwise, content SHOULD use nstring.
; On decoding error, NIL should be used.
url-meta-body = "BODY" SP nstring
6. IANA Considerations
IMAP4 capabilities are registered by publishing a Standards Track or
IESG-approved Experimental RFC.
This document defines the URLFETCH=BINARY IMAP capability. IANA has
added it to the registry accordingly.
7. Security Considerations
Implementors are directed to the security considerations within
[IMAP], [URLAUTH], and [BINARY].
The ability of the holder of a URL to be able to fetch metadata about
the content pointed to by the URL as well as the content itself
allows a potential attacker to discover more about the content than
was previously possible, including its original filename and user-
supplied description.
The additional value of this information to an attacker is marginal,
and applies only to those URLs for which the attacker does not have
direct access, such as those produced by [URLAUTH]. Implementors are
therefore directed to the security considerations present in
[URLAUTH].
8. Acknowledgements
Comments were received on this idea and/or document from Neil Cook,
Philip Guenther, Alexey Melnikov, Ken Murchison, and others. Whether
in agreement or dissent, the comments have refined and otherwise
influenced this document.
Cridland Standards Track [Page 7]
^L
RFC 5524 URLFETCH Binary May 2009
9. References
9.1. Normative References
[ABNF] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008.
[BASE64] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006.
[BINARY] Nerenberg, L., "IMAP4 Binary Content Extension",
RFC 3516, April 2003.
[CONVERT] Melnikov, A. and P. Coates, "Internet Message Access
Protocol - CONVERT Extension", RFC 5259, July 2008.
[IMAP] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
4rev1", RFC 3501, March 2003.
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[MIME] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[URLAUTH] Crispin, M., "Internet Message Access Protocol (IMAP) -
URLAUTH Extension", RFC 4467, May 2006.
9.2. Informative References
[BURL] Newman, C., "Message Submission BURL Extension",
RFC 4468, May 2006.
[MEDIATYPE] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046,
November 1996.
[STREAMING] Cook, N., "Streaming Internet Messaging Attachments",
Work in Progress, March 2009.
Cridland Standards Track [Page 8]
^L
RFC 5524 URLFETCH Binary May 2009
Author's Address
Dave Cridland
Isode Limited
5 Castle Business Village
36, Station Road
Hampton, Middlesex TW12 2BX
GB
EMail: dave.cridland@isode.com
Cridland Standards Track [Page 9]
^L
|