]> FastMail Pty Ltd

Level 2, 114 William Street Melbourne VIC 3000 Australia murch@fastmailteam.com

FastMail Pty Ltd

Level 2, 114 William Street Melbourne VIC 3000 Australia brong@fastmailteam.com

ART EXTRA IMAP4 LIST MYRIGHTS This document defines an extension to the Internet Message Access Protocol (IMAP) LIST command that allows the client to request the set of rights that the logged-in user has been granted on mailboxes, along with other information typically returned by the LIST command.

IMAP clients typically fetch the set of rights granted on mailboxes so they can expose the allowed functionality to the logged-in user. In order to do that, the client is forced to issue a LIST or LSUB command to list all available mailboxes, followed by a MYRIGHTS command for each mailbox found. This document defines an extension to the to IMAP LIST command that is identified by the capability string "LIST-MYRIGHTS". The LIST-MYRIGHTS extension allows the client to request the set of rights that the logged-in user has been granted on mailboxes, along with other information typically returned by the LIST command.

In examples, "C:" indicates lines sent by a client that is connected to a server. "S:" indicates lines sent by the server to the client. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

defines the MYRIGHTS command which is used by an IMAP client to determine the set of rights that the logged-in user has been granted on a given mailbox. Frequently, a client will have to look up the rights for some or all of the mailboxes returned by the LIST command. Doing so in multiple MYRIGHTS commands wastes bandwidth and can degrade performance if the client does not pipeline the requests. This document extends the LIST command with a new "MYRIGHTS" return option, which allows the client to request all of the desired information in a single command. For each listable mailbox matching the list pattern and selection options, the server MUST return an untagged LIST response and SHOULD also return an untagged MYRIGHTS response containing the set of rights granted to the logged-in user. The ordering of the responses is significant only in that the server MUST NOT send a MYRIGHTS response for a given mailbox before it sends the LIST response for that mailbox. If the server is unable to look up the set of rights for a given mailbox, it does not send the MYRIGHTS reply for that mailbox. Client authors ought to note that generating the MYRIGHTS responses for a large number of mailboxes may be an expensive operation for the server. Clients SHOULD use a suitable match pattern and/or selection option to limit the set of mailboxes returned to only those whose rights in which they are interested.

In this example the "bar" mailbox doesn't exist, so it has no MYRIGHTS reply.

In this example the LIST reply for the "foo" mailbox is returned because it has matching children, but no MYRIGHTS reply is returned because "foo" itself doesn't match the selection criteria.

The following syntax specification uses the augmented Backus-Naur Form (BNF) as described in . Terms not defined here are taken from .

In addition to the security described in , this extension makes it a bit easier for clients to overload the server by requesting MYRIGHTS information for a large number of mailboxes. However, as already noted in the introduction, existing clients already try to do that by generating a large number of MYRIGHTS commands for each mailbox in which they are interested. While performing MYRIGHTS information retrieval for big lists of mailboxes, a server implementation needs to make sure that it can still serve other IMAP connections and yield execution to other connections, when necessary.

This specification does not introduce any additional privacy concerns beyond those described in .

This document defines the "LIST-MYRIGHTS" IMAP capability to be added to the "IMAP Capabilities" registry: .

This section registers the "MYRIGHTS" option to be added to the "LIST-EXTENDED options" registry: . MYRIGHTS RETURN Causes the LIST command to return MYRIGHTS responses in addition to LIST responses. RFC XXXX, RFC XXXX, COMMON Kenneth Murchison <murch@fastmail.com> IESG <iesg@ietf.org>

This document is based largely on . The authors would like to thank the authors of that document for providing both inspiration and some borrowed text for this document. The authors would also like to thank the following individuals for contributing their ideas and support for writing this specification: Barry Leiba.

&rfc2119; &rfc3501; &rfc4314; &rfc5234; &rfc5258; &rfc8174; &rfc5819;

Changes from draft-ietf-extra-imap-list-myrights-05: Updated Keywords boilerplate. Referenced security concerns in RFC 4314. Reworded first sentence in second paragraph of Section 3. Added informative reference to RFC5819. Changes from draft-ietf-extra-imap-list-myrights-04: Added references for "IMAP" and "return option". Changes from draft-ietf-extra-imap-list-myrights-03: Fixed a typo in the Abstract. Changes from draft-ietf-extra-imap-list-myrights-02: WGLC editorial changes from Barry Leiba. Changes from draft-ietf-extra-imap-list-myrights-01: Removed 'n' right from example. Added advice to client authors regarding expense of calculating MYRIGHTS. Replicated Security Considerations section from RFC 5819. Changes from draft-ietf-extra-imap-list-myrights-00: Corrected contact email address in IANA registration. Fixed typos (extra SP) in examples. Changes from draft-murchison-imap-list-myrights-01: Renamed document to be a work product of the EXTRA WG. Updated authors' addresses. Changes from draft-murchison-imap-list-myrights-00: Augmented Introduction with mention of "LIST-MYRIGHTS" capability string. Minor editorial changes.