Re: POP3 mailbox names and IMAP userids

[Lawrence Greenfield <leg+@xxxxxxxxxxxxxx>]

   Date: Sun, 16 Feb 2003 11:34:58 -0500
   From: John C Klensin <john-ietf@xxxxxxx>
[...]
   In practice, POP3 and IMAP accounts (mailboxes and user ids, 
   respectively) have two important properties:

	   (i) Unlike email addresses, which people type, enter
	   into address books, and pass around to each other using
	   mechanisms other than mail headers and envelopes, they
	   are typically configured once per user (or at most, once
	   per client machine).  There are some separate issues
	   when these things are accessed through web interfaces
	   that simulate MUAs, but those are, well, separate issues.

This is incorrect. In IMAP they are manipulated on ACLs and may form
part of a hierarchy. Being able to understand another username
("principal" in the Kerberos world) is very important for any
collaborative system. It is also important to users that they match up
with e-mail addresses.

My Kerberos principal ("leg@xxxxxxxxxxxxxx") matches up nicely with my
e-mail address ("leg@xxxxxxxxxxxxxx") and both might appear in a
personal certificate.

Unfortunately there's no BCP on principal names and authorization, so
IETF protocols have different ideas of "user", "realm", "dn",
etc. While it's possible for these things to diverge from e-mail
addresses, it is highly undesirable that they do so.

Larry