[Imap-protocol] Namespace separators

Mark Crispin mrc at CAC.Washington.EDU
Wed Jun 27 12:01:24 PDT 2007


On Wed, 27 Jun 2007, Timo Sirainen wrote:

>> Any server that automatically lists all other users' mailboxes by default

>> has huge privacy problem.

> Not by default. I meant it lists all mailboxes where the mailbox owner

> has given permission with ACLs (so filesystem permissions won't be

> enough).


That isn't enough. Most organizations consider it to be a privacy and
security violation to reveal the identities of other users. There isn't
any ACL that applies to the userid space.


> I guess this all depends on what kinds of namespaces you have. Having a

> #news. namespace listed using LIST is bad, but I think having "shared

> mailboxes" namespace visible with LIST isn't.


It should be visible only if you are listing the shared mailboxes
namespace.

If you list the shared mailboxes namespace in a list of the default
namespace, then you do not have a shared mailboxes namespace. You have
shared mailboxes in the default namespace.

Either implement a namespace or mash everything into the default
namespace. Don't do one and pretend that you are doing the other.

What's more, you're presuming that "shared mailboxes" is a small enough
set of names that is reasonable to list by default. Suppose this is a
university, and every class list is in shared mailboxes. What if your
client is accessed over wireless, or from a third world country in which
the user pays by the KB?

Think about the scaling implications!


> Actually it looks like Cyrus is doing exactly what I was going to:

>

> 1 namespace

> * NAMESPACE (("" "/")) (("Other Users/" "/")) (("Shared Folders/" "/"))

> 1 OK Completed

> 2 list "" *

> * LIST (\Noinferiors) "/" "INBOX"

> * LIST (\HasNoChildren) "/" "Other Users/foo/support"

> 2 OK Completed (0.000 secs 10 calls)


That is a design misfeature in Cyrus. A server which does that doesn't
have namespaces. It's apparently just using the NAMESPACE extension to
give a clue as to how to access those mailboxes in the default namespace.


> There you have a LIST that lists multiple namespaces. Do you consider

> this bad as well?


Yes, this is bad; although not as bad as mashing multiple namespaces with
different hierarchy semantics together which is what you were talking
about earlier.

The bad thing is that it means that I, as the user, can not create a
personal hierarchy called "Other Users" or "Shared Folders" that have
entirely different purposes. For some reason, undisclosed to my client
that does not do NAMESPACE, these name are stolen from me, and I as the
user will be surprised when bad things happen.


>> This happens with stupid clients that implement NAMESPACE and then proceed

>> to list all of those. The user complaints are continuous and regular:

>> they want to know how to delete these junk names from their account.

> I've actually no idea how I would implement NAMESPACE support for

> clients in a way you consider good.


The default namespace is the user's own mailboxes.

Using the # convention and/or some well-defined alternative leading
character breakout (such as UNIX ~ and /), enable access to mailboxes that
are other than the user's own.

-- Mark --

http://panda.com/mrc
Democracy is two wolves and a sheep deciding what to eat for lunch.
Liberty is a well-armed sheep contesting the vote.



More information about the Imap-protocol mailing list