Difference between revisions of "RFC3206"
Line 5: | Line 5: | ||
The SYS and AUTH POP Response Codes | The SYS and AUTH POP Response Codes | ||
− | Status of this Memo | + | '''Status of this Memo''' |
This document specifies an Internet standards track protocol for the | This document specifies an Internet standards track protocol for the | ||
Internet community, and requests discussion and suggestions for | Internet community, and requests discussion and suggestions for | ||
improvements. Please refer to the current edition of the "Internet | improvements. Please refer to the current edition of the "Internet | ||
− | Official Protocol Standards" (STD 1) for the standardization state | + | Official Protocol Standards" ([[STD1|STD 1]]) for the standardization state |
and status of this protocol. Distribution of this memo is unlimited. | and status of this protocol. Distribution of this memo is unlimited. | ||
− | Copyright Notice | + | '''Copyright Notice''' |
Copyright (C) The Internet Society (2002). All Rights Reserved. | Copyright (C) The Internet Society (2002). All Rights Reserved. | ||
− | Abstract | + | '''Abstract''' |
This memo proposes two response codes: SYS and AUTH, which enable | This memo proposes two response codes: SYS and AUTH, which enable | ||
Line 23: | Line 23: | ||
authentication failure. In addition, a new capability (AUTH-RESP- | authentication failure. In addition, a new capability (AUTH-RESP- | ||
CODE) is defined. | CODE) is defined. | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
== Introduction == | == Introduction == | ||
− | RFC 2449 [POP3-EXT] defined extended [POP3] response codes, to give | + | [[RFC2449|RFC 2449]] [POP3-EXT] defined extended [POP3] response codes, to give |
clients more information about errors so clients can respond more | clients more information about errors so clients can respond more | ||
appropriately. In addition to the mechanism, two initial response | appropriately. In addition to the mechanism, two initial response | ||
Line 58: | Line 44: | ||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | ||
− | document are to be interpreted as described in RFC 2119 [KEYWORDS]. | + | document are to be interpreted as described in [[RFC2119|RFC 2119]] [KEYWORDS]. |
== Background == | == Background == | ||
− | RFC 2449 [POP3-EXT] introduced the IN-USE and LOGIN-DELAY response | + | [[RFC2449|RFC 2449]] [POP3-EXT] introduced the IN-USE and LOGIN-DELAY response |
codes. The intent is to allow clients to clearly determine the | codes. The intent is to allow clients to clearly determine the | ||
underlying cause of a failure in order to respond. For example, | underlying cause of a failure in order to respond. For example, | ||
Line 157: | Line 143: | ||
IANA has added the AUTH-RESP-CODE capability to the list of POP3 | IANA has added the AUTH-RESP-CODE capability to the list of POP3 | ||
− | capabilities (established by RFC 2449 [POP3-EXT]). | + | capabilities (established by [[RFC2449|RFC 2449]] [POP3-EXT]). |
IANA has also added the SYS and AUTH response codes to the list of | IANA has also added the SYS and AUTH response codes to the list of | ||
− | POP3 response codes (also established by RFC 2449 [POP3-EXT]). | + | POP3 response codes (also established by [[RFC2449|RFC 2449]] [POP3-EXT]). |
== Security Considerations == | == Security Considerations == | ||
Line 170: | Line 156: | ||
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate | [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate | ||
− | Requirement Levels", BCP 14, RFC 2119, March 1997. | + | Requirement Levels", [[BCP14|BCP 14]], [[RFC2119|RFC 2119]], March 1997. |
[POP3] Myers, J. and M. Rose, "Post Office Protocol -- Version | [POP3] Myers, J. and M. Rose, "Post Office Protocol -- Version | ||
− | 3", STD 53, RFC 1939, May 1996. | + | 3", [[STD53|STD 53]], [[RFC1939|RFC 1939]], May 1996. |
[POP3-EXT] Gellens, R., Newman, C. and L. Lundblade, "POP3 Extension | [POP3-EXT] Gellens, R., Newman, C. and L. Lundblade, "POP3 Extension | ||
− | Mechanism", RFC 2449, November 1998. | + | Mechanism", [[RFC2449|RFC 2449]], November 1998. |
10. Author's Address | 10. Author's Address | ||
Line 221: | Line 207: | ||
Funding for the RFC Editor function is currently provided by the | Funding for the RFC Editor function is currently provided by the | ||
Internet Society. | Internet Society. | ||
+ | |||
+ | [[Category:Standards Track]] |
Latest revision as of 21:34, 3 October 2020
Network Working Group R. Gellens Request for Comments: 3206 QUALCOMM Category: Standards Track February 2002
The SYS and AUTH POP Response Codes
Status of this Memo
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
Copyright Notice
Copyright (C) The Internet Society (2002). All Rights Reserved.
Abstract
This memo proposes two response codes: SYS and AUTH, which enable clients to unambiguously determine an optimal response to an authentication failure. In addition, a new capability (AUTH-RESP- CODE) is defined.
Contents
Introduction
RFC 2449 [POP3-EXT] defined extended [POP3] response codes, to give clients more information about errors so clients can respond more appropriately. In addition to the mechanism, two initial response codes were defined (IN-USE and LOGIN-DELAY), in an attempt to differentiate between authentication failures related to user credentials, and other errors.
In practice, these two response codes, while helpful, do not go far enough. This memo proposes two additional response codes: SYS and AUTH, which enable clients to unambiguously determine an optimal response to an authentication failure.
In addition, a new capability (AUTH-RESP-CODE) is defined.
Conventions Used in this Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [KEYWORDS].
Background
RFC 2449 [POP3-EXT] introduced the IN-USE and LOGIN-DELAY response codes. The intent is to allow clients to clearly determine the underlying cause of a failure in order to respond. For example, clients need to know if the user should be asked for new credentials, or if the POP3 session should simply be tried again later. (Some deployed POP3 clients attempt to parse the text of authentication failure errors, looking for strings known to be issued by various servers which indicate the mailbox is locked.)
IN-USE indicates that an exclusive lock could not be obtained for the user's mailbox, probably because another POP3 session is in progress. LOGIN-DELAY informs the client that the user has not waited long enough before authenticating again.
However, there are other error conditions which do not require new credentials, some of which should be brought to the user's attention.
Despite the IN-USE and LOGIN-DELAY responses, clients cannot be sure if any other error requires new user credentials.
The SYS Response Code
The SYS response code announces that a failure is due to a system error, as opposed to the user's credentials or an external condition. It is hierarchical, with two possible second-level codes: TEMP and PERM. (Case is not significant at any level of the hierarchy.)
SYS/TEMP indicates a problem which is likely to be temporary in nature, and therefore there is no need to alarm the user, unless the failure persists. Examples might include a central resource which is currently locked or otherwise temporarily unavailable, insufficient free disk or memory, etc.
SYS/PERM is used for problems which are unlikely to be resolved without intervention. It is appropriate to alert the user and suggest that the organization's support or assistance personnel be contacted. Examples include corrupted mailboxes, system configuration errors, etc.
The SYS response code is valid with an -ERR response to any command.
The AUTH Response Code
The AUTH response code informs the client that there is a problem with the user's credentials. This might be an incorrect password, an unknown user name, an expired account, an attempt to authenticate in violation of policy (such as from an invalid location or during an unauthorized time), or some other problem.
The AUTH response code is valid with an -ERR response to any authentication command including AUTH, USER (see note), PASS, or APOP.
Servers which include the AUTH response code with any authentication failure SHOULD support the CAPA command [POP3-EXT] and SHOULD include the AUTH-RESP-CODE capability in the CAPA response. AUTH-RESP-CODE assures the client that only errors with the AUTH code are caused by credential problems.
NOTE: Returning the AUTH response code to the USER command reveals to the client that the specified user exists. It is strongly RECOMMENDED that the server not issue this response code to the USER command.
The AUTH-RESP-CODE Capability
CAPA tag:
AUTH-RESP-CODE
Arguments:
none
Added commands:
none
Standard commands affected:
none
Announced states / possible differences:
both / no
Commands valid in states:
n/a
Specification reference:
this document
Discussion:
The AUTH-RESP-CODE capability indicates that the server includes the AUTH response code with any authentication error caused by a problem with the user's credentials.
IANA Considerations
IANA has added the AUTH-RESP-CODE capability to the list of POP3 capabilities (established by RFC 2449 [POP3-EXT]).
IANA has also added the SYS and AUTH response codes to the list of POP3 response codes (also established by RFC 2449 [POP3-EXT]).
Security Considerations
Section 5, The AUTH Response Code, discusses the security issues related to use of the AUTH response code with the USER command.
References
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[POP3] Myers, J. and M. Rose, "Post Office Protocol -- Version
3", STD 53, RFC 1939, May 1996.
[POP3-EXT] Gellens, R., Newman, C. and L. Lundblade, "POP3 Extension
Mechanism", RFC 2449, November 1998.
10. Author's Address
Randall Gellens QUALCOMM Incorporated 5775 Morehouse Drive San Diego, CA 92121-2779 U.S.A.
Phone: +1 858 651 5115 EMail: [email protected]
11. Full Copyright Statement
Copyright (C) The Internet Society (2002). All Rights Reserved.
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement
Funding for the RFC Editor function is currently provided by the Internet Society.