[Imap-protocol] reporting/detecting expunged messages

Arnt Gulbrandsen arnt at gulbrandsen.priv.no
Thu Sep 14 03:45:45 PDT 2006


Mark Crispin writes:

> On Tue, 12 Sep 2006, Arnt Gulbrandsen wrote:

>> Bill Shannon writes:

>>> I'd be happy to have both 4.1.2 and 4.1.3 declared as not allowed behavior.

>> That would leave us with only 4.1.1 and 4.1.4, which make it

>> practically impossible to delete a message. I don't like the

>> security implications of that.

>

> It would require an extremely abusive client to cause that result; one

> that was active but only did FETCH, STORE, and SEARCH commands for an

> extended period of time, thus blocking the untagged EXPUNGE.


Yes.


> To date, this has not been a problem.


Sure. The average case is OK, what I dislike is the lack of a proper
transaction. Or you could say I don't like the fuzzy semantics of the
EXPUNGE command. When a client issues EXPUNGE and the server issues a
tagged OK, what is the server promising the client?

If that OK means "the messages have been deleted", I think that's a fine
promise. A transaction has been committed and that's how it is.

If the OK means "the messages have been deleted, but some other active
clients can see the old version of the mailbox for as much as two
minutes from now", I think that's still good. Not ideal, but still
clear and firm.

If the OK means "the messages will be deleted, except that a
nasty-minded client can make me keep them around forever", I don't like
that. It hollows out EXPUNGE too much (even though as you say, noone's
been nasty-minded so far). Do you understand my concern?


> If this were to become a problem, a server would be perfectly within

> its rights to set a maximum time that this could go on, and when the

> time is exceeded it issues an untagged BYE.

>

> I would not mind adding text to that effect to the base specification

> if there is concensus that such text is a good idea.


IMO, it depends on the precise text. Requiring that all clients offer
the server an opportunity to send EXPUNGE every so often can't be all
that bad, but how often? "EXPUNGE may not take effect completely until
half an hour after the tagged OK" sounds overly long to me. "Clients
must give the server the opportunity to send EXPUNGE at two-minute
intervals or more often" sounds much too short. Ten minutes sounds both
too short and too long. All partly subjective of course.

Arnt



More information about the Imap-protocol mailing list