]> diplodocus.org Git - nmh/blob - docs/historical/mh-6.8.5/support/pop/RCS/pop-more.txt,v
projects / nmh / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Generalized condition for support of parameter value tests.
[nmh] / docs / historical / mh-6.8.5 / support / pop / RCS / pop-more.txt,v
1 head 1.2;
2 access;
3 symbols;
4 locks; strict;
5 comment @# @;
6
7
8 1.2
9 date 92.10.26.16.46.29; author jromine; state Exp;
10 branches;
11 next 1.1;
12
13 1.1
14 date 92.10.26.16.45.51; author jromine; state Exp;
15 branches;
16 next ;
17
18
19 desc
20 @@
21
22
23 1.2
24 log
25 @MD5 API changes forced APOP changes
26 @
27 text
28 @
29
30
31
32 draft POP Version 3: More Service Offerings Apr 92
33
34
35 Post Office Protocol: Version 3
36 More Service Offerings
37
38 Fri Apr 17 21:03:20 1992
39
40
41 Marshall T. Rose
42 Dover Beach Consulting, Inc.
43 mrose@@dbc.mtview.ca.us
44
45
46
47
48
49
50 1. Status of this Memo
51
52 This memo provides information for the Internet community. It
53 does not specify any standard. Distribution of this memo is
54 unlimited. Please send comments to the author.
55
56
57 2. Abstract
58
59 This memo suggests some modest enhancements to version 3 of
60 the Post Office Protocol (RFC 1081). All of these extensions
61 are optional. In particular, administrators should examine
62 their environment to see if any of these enhancements are
63 useful.
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85 M. Rose [Page 1]
86 \f
87
88
89
90
91 draft POP Version 3: More Service Offerings Apr 92
92
93
94 3. Historical Overview
95
96 The Post Office Protocol (POP) was developed to provide a
97 simple mechanism for workstations to download their mailboxes
98 from workgroup and departmental servers. Typically, the
99 workstations and servers are interconnected via a LAN or
100 perhaps an internet-mesh with reasonable throughput and
101 latency.
102
103 As use of the Internet suite of protocols has grown, different
104 kind of environments are beginning to use the POP. This memo
105 suggests optional enhancements to the POP to allow it to
106 function better in these environments.
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144 M. Rose [Page 2]
145 \f
146
147
148
149
150 draft POP Version 3: More Service Offerings Apr 92
151
152
153 4. The APOP command
154
155 Each POP session starts with a USER/PASS exchange. This
156 results in a POP-subscriber password being sent in the clear
157 on the network. For intermittent use of POP, this may not
158 introduce a sizable risk. However, many POP client
159 implementations connect to the POP server on a regular
160 basis -- to check for new mail. Further the interval of
161 session initiation may be on the order of five minutes.
162 Hence, the risk of password capture is greatly enhanced.
163
164 A new method of authentication is required which provides for
165 both origin authentication and replay protection, but which
166 does not involve sending a password in the clear over the
167 network. This memo introduces a new command, APOP, to provide
168 this functionality.
169
170 A POP server which implements the APOP command will include a
171 timestamp in its banner greeting. The syntax of the timestamp
172 corresponds to the `msg-id' in RFC 822, and MUST be different
173 each time the POP server issues a banner greeting. For
174 example, on a UNIX implementation in which a separate UNIX
175 process is used for each instance of a POP server, the syntax
176 of the timestamp might be:
177
178 <process-ID.clock@@hostname>
179
180 where `process-ID' is the decimal value of the process's PID,
181 clock is the decimal value of the system clock, and hostname
182 is the fully-qualified domain-name corresponding to the host
183 where the POP server is running.
184
185 The POP client makes note of this timestamp, and then issues
186 the APOP command. The syntax of this command is:
187
188 APOP name digest
189
190 The `name' parameter is a locally-significant string which
191 identifies a particular POP-subscriber. The `digest'
192 parameter is calculated by applying the MD5 algorithm[1] to a
193 string consisting of the timestamp (including angle-brackets)
194 followed by a shared secret. This shared secret is a string
195 known only to the POP client and POP server. Great care
196 should be taken to prevent unauthorized disclosure of the
197 secret, as knowledge of the secret will allow any entity to
198
199
200
201
202
203 M. Rose [Page 3]
204 \f
205
206
207
208
209 draft POP Version 3: More Service Offerings Apr 92
210
211
212 successfully masquerade as the named POP-subscriber. The
213 `digest' parameter itself is a 16-octet value which is sent in
214 hexadecimal format.
215
216 When the POP server receives the APOP command, it verifies the
217 digest provided. If the digest is correct, the POP server
218 issues a positive response, and the POP session enters the
219 TRANSACTION state. Otherwise, a negative response is issued
220 and the POP session remains in the AUTHORIZATION state.
221
222 4.1. Usage Example
223
224 S: +OK POP server ready <1896.697170952@@dbc.mtview.ca.us>
225 C: USER mrose
226 S: +OK password required for mrose
227 C: APOP c4c9334bac560ecc979e58001b3e22fb
228 S: +OK maildrop has 1 message (369 octets)
229
230 In this example, the shared secret is the string `tanstaaf'.
231 Hence, the MD5 algorithm is applied to the string
232
233 <1896.697170952@@dbc.mtview.ca.us>tanstaaf
234
235 which produces a digest value of
236
237 c4c9334bac560ecc979e58001b3e22fb
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262 M. Rose [Page 4]
263 \f
264
265
266
267
268 draft POP Version 3: More Service Offerings Apr 92
269
270
271 5. The XTND SCAN command
272
273 The current POP model works best when network latency and
274 throughput is on the order provided by most LANs. However,
275 when POP is used over low-speed connections (e.g., 2400 baud
276 dialup lines), the POP does not work well.
277
278 Historically, the POP model has been to make only minimal
279 requirements on the POP server. In order to more effectively
280 operate over low-speed connections, this model must be
281 modified somewhat. Implementation experience shows that the
282 largest improvement can be achieved by making one shift:
283 having the POP server generate a scan listing for the POP
284 client. This memo introduces a new command, XTND SCAN, to
285 provide this functionality.
286
287 A POP client issues the XTND SCAN command during the
288 TRANSACTION state. The syntax of this command is:
289
290 XTND SCAN width [format]
291
292 The `width' parameter is the maximum length for a scan
293 listing. The optional `format' parameter is a quoted-string
294 with the semantics of an mh-format(5) string[2]. If the
295 `format' parameter is not given, the POP server uses a
296 locally-defined default value. Note that the resulting format
297 string must not contain CR or LF.
298
299 The `format' parameter is the only token in the POP which must
300 be enclosed in double-quotation marks. Within the string, two
301 special sequences are recognized:
302
303 \" - double-quote
304 \\ - single-\
305
306 Otherwise, each character is used verbatim. Note that this
307 string can be quite long (on the order of 400 characters).
308
309 When the POP server receives the XTND SCAN command and if it
310 implements it, it issues a positive response. Otherwise a
311 negative response is issued. Thereafter, whenever the POP
312 client issues a LIST command, the syntax of the resulting
313 `scan listing' is of the form:
314
315 msgno size #string
316
317
318
319
320
321 M. Rose [Page 5]
322 \f
323
324
325
326
327 draft POP Version 3: More Service Offerings Apr 92
328
329
330 As with the standard POP, the `msgno' field gives the message
331 number and the `size' field gives the size of the message in
332 octets. The `string' parameter, which immediately follows the
333 `#' character is the string calculated when the formatting
334 string is applied to the message. Note that the `string' may
335 not be multiline.
336
337 5.1. Usage Example
338
339 S: XTND SCAN 80 "%4(msg)%<(cur)+%| %>%<{replied}-%|...
340 C: +OK SCAN
341 S: LIST 1
342 C: +OK 1 369 # 1 02/03 17:49PST To:mrose test<<
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380 M. Rose [Page 6]
381 \f
382
383
384
385
386 draft POP Version 3: More Service Offerings Apr 92
387
388
389 6. Implementations
390
391 MH 6.7.4 implements the POP extensions described in this memo.
392 Contact Bug-MH@@ics.uci.edu for information on how to get MH.
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439 M. Rose [Page 7]
440 \f
441
442
443
444
445 draft POP Version 3: More Service Offerings Apr 92
446
447
448 7. Acknowledgements
449
450 The author gratefully acknowledges the comments of Alfred
451 Grimstad and Neil Ostroff of Bellcore, and Keith McCloghrie of
452 Hughes LAN Systems.
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498 M. Rose [Page 8]
499 \f
500
501
502
503
504 draft POP Version 3: More Service Offerings Apr 92
505
506
507 8. References
508
509 [1] R.L. Rivest, The MD5 Message-Digest Algorithm. Request
510 for Comments 1321, (April, 1992).
511
512 [2] M.T. Rose, J.L. Romine, The Rand MH Message Handling
513 System: User's Manual, November, 1985.
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557 M. Rose [Page 9]
558 \f
559
560
561
562
563 draft POP Version 3: More Service Offerings Apr 92
564
565
566 Table of Contents
567
568
569 1 Status of this Memo ................................... 1
570 2 Abstract .............................................. 1
571 3 Historical Overview ................................... 2
572 4 The APOP command ...................................... 3
573 4.1 Usage Example ....................................... 4
574 5 The XTND SCAN command ................................. 5
575 5.1 Usage Example ....................................... 6
576 6 Implementations ....................................... 7
577 7 Acknowledgements ...................................... 8
578 8 References ............................................ 9
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616 M. Rose [Page 10]
617 \f
618 @
619
620
621 1.1
622 log
623 @Initial revision
624 @
625 text
626 @d5 1
627 a5 1
628 draft POP Version 3: More Service Offerings Feb 92
629 d11 1
630 a11 1
631 Tue Feb 4 08:30:31 1992
632 d64 1
633 a64 1
634 draft POP Version 3: More Service Offerings Feb 92
635 d123 1
636 a123 1
637 draft POP Version 3: More Service Offerings Feb 92
638 d182 1
639 a182 1
640 draft POP Version 3: More Service Offerings Feb 92
641 d198 3
642 a200 1
643 C: APOP mrose c4c9334bac560ecc979e58001b3e22fb
644 a234 2
645
646
647 d241 1
648 a241 1
649 draft POP Version 3: More Service Offerings Feb 92
650 d273 2
651 a274 2
652 be enclosed in double-quotation marks. Within the string,
653 three special sequences are recognized:
654 a275 1
655 \n - newline
656 d288 1
657 d300 1
658 a300 1
659 draft POP Version 3: More Service Offerings Feb 92
660 a302 2
661 msgno size #string
662
663 d351 2
664 d359 1
665 a359 1
666 draft POP Version 3: More Service Offerings Feb 92
667 d362 1
668 a362 1
669 6. Acknowledgements
670 d364 59
671 d424 2
672 a425 1
673 Grimstad and Neil Ostroff of Bellcore.
674 d471 2
675 d474 116
676 a589 1
677 M. Rose [Page 7]
678 @
Fork of https://git.savannah.nongnu.org/cgit/nmh.git