[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lemonade] draft-gulbrandsen-imap-enable-03

To: Dan Karp <dkarp@xxxxxxxxxx>
Subject: Re: [lemonade] draft-gulbrandsen-imap-enable-03
From: Timo Sirainen <tss@xxxxxx>
Date: Sat, 10 Nov 2007 15:54:02 +0200
Cc: Peter Coates <peter.coates@xxxxxxx>, lemonade@xxxxxxxx, ietf-imapext@xxxxxxx, Alexey Melnikov <alexey.melnikov@xxxxxxxxx>, Arnt Gulbrandsen <arnt@xxxxxxxx>
In-reply-to: <90089910.86811194630213289.JavaMail.root@xxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-imapext/mail-archive/>
List-id: <ietf-imapext.imc.org>
List-unsubscribe: <mailto:ietf-imapext-request@imc.org?body=unsubscribe>
References: <90089910.86811194630213289.JavaMail.root@xxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-imapext@xxxxxxxxxxxx

On Fri, 2007-11-09 at 09:43 -0800, Dan Karp wrote:
> I think that we're unnecessarily complicating a fundamentally simple
> idea.  Why not just have ENABLE fail unless all the requested
> capabilities are implemented and enable-able?  This would generally
> require waiting until after authentication to call ENABLE, but I'm not
> even sure why it's ever useful in the NOT AUTHENTICATED state...

I'd really like if it worked only after authentication. I think NOT
AUTHENTICATED state should be as simple as possible. The user is still
untrusted at that point, so the less features server needs to worry
about at that point, the less chances there are for bugs/security holes.

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- Re: [lemonade] draft-gulbrandsen-imap-enable-03
  - From: Dan Karp

Prev by Date: Re: [lemonade] draft-gulbrandsen-imap-enable-03
Previous by thread: Re: [lemonade] draft-gulbrandsen-imap-enable-03
Next by thread: Re: [lemonade] draft-gulbrandsen-imap-enable-03
Index(es):
- Date
- Thread