S: +OK dewey POP3 server signing off (2 messages left) ... Rose [Page 10] RFC 1460 POP3 June 1993 7. Optional POP3 Commands The POP3 commands discussed above must be supported by all minimal implementations of POP3 servers. The optional POP3 commands described below permit a POP3 client greater freedom in message handling, while preserving a simple POP3 server implementation. NOTE: This memo STRONGLY encourages implementations to support these commands in lieu of developing augmented drop and scan listings. In short, the philosophy of this memo is to put intelligence in the part of the POP3 client and not the POP3 server. TOP msg n Arguments: a message-id (required) and a number. This message-id may NOT refer to a message marked as deleted. Restrictions: may only be given in the TRANSACTION state. Discussion: If the POP3 server issues a positive response, then the response given is multi-line. After the initial +OK, the POP3 server sends the headers of the message, the blank line separating the headers from the body, and then the number of lines indicated message's body, being careful to byte-stuff the termination character (as with all multi-line responses). Note that if the number of lines requested by the POP3 client is greater than than the number of lines in the body, then the POP3 server sends the entire message. Possible Responses: +OK top of message follows -ERR no such message Examples: C: TOP 10 S: +OK S: S: . ... C: TOP 100 S: -ERR no such message Rose [Page 11] RFC 1460 POP3 June 1993 APOP name digest Arguments: a server specific user-id and a digest string (both required). Restrictions: may only be given in the AUTHORIZATION state after the POP3 greeting Discussion: Normally, each POP3 session starts with a USER/PASS exchange. This results in a server/user-id specific password being sent in the clear on the network. For intermittent use of POP3, this may not introduce a sizable risk. However, many POP3 client implementations connect to the POP3 server on a regular basis -- to check for new mail. Further the interval of session initiation may be on the order of five minutes. Hence, the risk of password capture is greatly enhanced. An alternate method of authentication is required which provides for both origin authentication and replay protection, but which does not involve sending a password in the clear over the network. The APOP command provides this functionality. A POP3 server which implements the APOP command will include a timestamp in its banner greeting. The syntax of the timestamp corresponds to the "msg-id" in [RFC822], and MUST be different each time the POP3 server issues a banner greeting. For example, on a UNIX implementation in which a separate UNIX process is used for each instance of a POP3 server, the syntax of the timestamp might be: where "process-ID" is the decimal value of the process's PID, clock is the decimal value of the system clock, and hostname is the fully-qualified domain-name corresponding to the host where the POP3 server is running. The POP3 client makes note of this timestamp, and then issues the APOP command. The "name" parameter has identical semantics to the "name" parameter of the USER command. The "digest" parameter is calculated by applying the MD5 algorithm [RFC1321] to a string consisting of the timestamp (including angle-brackets) followed by a shared secret. This Rose [Page 12] RFC 1460 POP3 June 1993 shared secret is a string known only to the POP3 client and server. Great care should be taken to prevent unauthorized disclosure of the secret, as knowledge of the secret will allow any entity to successfully masquerade as the named user. The "digest" parameter itself is a 16-octet value which is sent in hexadecimal format, using lower-case ASCII characters. When the POP3 server receives the APOP command, it verifies the digest provided. If the digest is correct, the POP3 server issues a positive response, and the POP3 session enters the TRANSACTION state. Otherwise, a negative response is issued and the POP3 session remains in the AUTHORIZATION state. Possible Responses: +OK maildrop locked and ready -ERR permission denied Examples: S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us> C: APOP mrose c4c9334bac560ecc979e58001b3e22fb S: +OK maildrop has 1 message (369 octets) In this example, the shared secret is the string "tanstaaf". Hence, the MD5 algorithm is applied to the string <1896.697170952@dbc.mtview.ca.us>tanstaaf which produces a digest value of c4c9334bac560ecc979e58001b3e22fb 8. POP3 Command Summary Minimal POP3 Commands: USER name valid in the AUTHORIZATION state PASS string QUIT STAT valid in the TRANSACTION state LIST [msg] RETR msg DELE msg NOOP LAST RSET Rose [Page 13] RFC 1460 POP3 June 1993 QUIT valid in the UPDATE state Optional POP3 Commands: APOP name digest valid in the AUTHORIZATION state TOP msg n valid in the TRANSACTION state POP3 Replies: +OK -ERR Note that with the exception of the STAT command, the reply given by the POP3 server to any command is significant only to "+OK" and "-ERR". Any text occurring after this reply may be ignored by the client. 9. Example POP3 Session S: ... C: S: +OK POP3 server ready <1896.697170952@dbc.mtview.ca.us> C: APOP mrose c4c9334bac560ecc979e58001b3e22fb S: +OK mrose's maildrop has 2 messages (320 octets) C: STAT S: +OK 2 320 C: LIST S: +OK 2 messages (320 octets) S: 1 120 S: 2 200 S: . C: RETR 1 S: +OK 120 octets S: S: . C: DELE 1 S: +OK message 1 deleted C: RETR 2 S: +OK 200 octets S: S: . C: DELE 2 S: +OK message 2 deleted C: QUIT S: +OK dewey POP3 server signing off (maildrop empty) C: S: Rose [Page 14] RFC 1460 POP3 June 1993 10. Message Format All messages transmitted during a POP3 session are assumed to conform to the standard for the format of Internet text messages [RFC822]. It is important to note that the byte count for a message on the server host may differ from the octet count assigned to that message due to local conventions for designating end-of-line. Usually, during the AUTHORIZATION state of the POP3 session, the POP3 client can calculate the size of each message in octets when it parses the maildrop into messages. For example, if the POP3 server host internally represents end-of-line as a single character, then the POP3 server simply counts each occurrence of this character in a message as two octets. Note that lines in the message which start with the termination octet need not be counted twice, since the POP3 client will remove all byte-stuffed termination characters when it receives a multi-line response. 11. The POP and the Split-UA model The underlying paradigm in which the POP3 functions is that of a split-UA model. The POP3 client host, being a remote PC based workstation, acts solely as a client to the message transport system. It does not provide delivery/authentication services to others. Hence, it is acting as a UA, on behalf of the person using the workstation. Furthermore, the workstation uses SMTP to enter mail into the MTS. In this sense, we have two UA functions which interface to the message transport system: Posting (SMTP) and Retrieval (POP3). The entity which supports this type of environment is called a split-UA (since the user agent is split between two hosts which must interoperate to provide these functions). ASIDE: Others might term this a remote-UA instead. There are arguments supporting the use of both terms. This memo has explicitly referenced TCP as the underlying transport agent for the POP3. This need not be the case. In the MZnet split- UA, for example, personal micro-computer systems are used which do not have IP-style networking capability [MZnet]. To connect to the POP3 server host, a PC establishes a terminal connection using some simple protocol (PhoneNet). A program on the PC drives the connection, first establishing a login session as a normal user. The login shell for this pseudo-user is a program which drives the other half of the terminal protocol and communicates with one of two servers. Although MZnet can support several PCs, a single pseudo- user login is present on the server host. The user-id and password Rose [Page 15] RFC 1460 POP3 June 1993 for this pseudo-user login is known to all members of MZnet. Hence, the first action of the login shell, after starting the terminal protocol, is to demand a USER/PASS authorization pair from the PC. This second level of authorization is used to ascertain who is interacting with the MTS. Although the server host is deemed to support a "trusted" MTS entity, PCs in MZnet are not. Naturally, the USER/PASS authorization pair for a PC is known only to the owner of the PC (in theory, at least). After successfully verifying the identity of the client, a modified SMTP server is started, and the PC posts mail with the server host. After the QUIT command is given to the SMTP server and it terminates, a modified POP3 server is started, and the PC retrieves mail from the server host. After the QUIT command is given to the POP3 server and it terminates, the login shell for the pseudo-user terminates the terminal protocol and logs the job out. The PC then closes the terminal connection to the server host. The SMTP server used by MZnet is modified in the sense that it knows that it's talking to a user agent and not a "trusted" entity in the message transport system. Hence, it does performs the validation activities normally performed by an entity in the MTS when it accepts a message from a UA. The POP3 server used by MZnet is modified in the sense that it does not require a USER/PASS combination before entering the TRANSACTION state. The reason for this (of course) is that the PC has already identified itself during the second-level authorization step described above. NOTE: Truth in advertising laws require that the author of this memo state that MZnet has not actually been fully implemented. The concepts presented and proven by the project led to the notion of the MZnet split-slot model. This notion has inspired the split-UA concept described in this memo, led to the author's interest in the POP, and heavily influenced the the description of the POP3 herein. In fact, some UAs present in the Internet already support the notion of posting directly to an SMTP server and retrieving mail directly from a POP3 server, even if the POP3 server and client resided on the same host! ASIDE: this discussion raises an issue which this memo purposedly avoids: how does SMTP know that it's talking to a "trusted" MTS entity? Rose [Page 16] RFC 1460 POP3 June 1993 12. References [MZnet] Stefferud, E., Sweet, J., and T. Domae, "MZnet: Mail Service for Personal Micro-Computer Systems,: Proceedings, IFIP 6.5 International Conference on Computer Message Systems, Nottingham, U.K., May 1984. [RFC821] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821, USC/Information Sciences Institute, August 1982. [RFC822] Crocker, D., "Standard for the Format of ARPA-Internet Text Messages", STD 11, RFC 822, University of Delaware, August 1982. [RFC1321] Rivest, R. "The MD5 Message-Digest Algorithm", MIT Laboratory for Computer Science, April 1992. 13. Security Considerations It is conjectured that use of the APOP command provides origin identification and replay protection for a POP3 session. Accordingly, a POP3 server which implements both the PASS and APOP commands must not allow both methods of access for a given user; that is, for a given "USER name" either the PASS or APOP command is allowed, but not both. Otherwise, security issues are not discussed in this memo. 14. Acknowledgements The POP family has a long and checkered history. Although primarily a minor revision to [RFC1225], POP3 is based on the ideas presented in RFCs 918, 937, and 1081. In addition, Alfred Grimstad, Keith McCloghrie, and Neil Ostroff provided significant comments on the APOP command. 15. Author's Address Marshall T. Rose Dover Beach Consulting, Inc. Mountain View, CA 94043-2186 Phone: +1 415 968 1052 Fax: +1 415 968 2510 EMail: mrose@dbc.mtview.ca.us X.500: rose, dbc, us Rose [Page 17] Network Working Group D. Throop Request for Comments: 1461 Data General Corporation May 1993 SNMP MIB extension for Multiprotocol Interconnect over X.25 Status of this Memo This RFC specifies an IAB standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "IAB Official Protocol Standards" for the standardization state and status of this protocol. Distribution of this memo is unlimited. Abstract This memo defines a portion of the Management Information Base (MIB) for use with network management protocols in TCP/IP-based internets. In particular, it defines objects for managing Multiprotocol Interconnect (including IP) traffic carried over X.25. The objects defined here, along with the objects in the "SNMP MIB extension for the Packet Layer of X.25"[8], "SNMP MIB extension for LAPB"[7], and the "Definitions of Managed Objects for RS-232-like Hardware Devices" [6], combine to allow management of the traffic over an X.25 protocol stack. Table of Contents 1. The Network Management Framework ......................... 1 2. Objects .................................................. 2 2.1 Format of Definitions ................................... 2 3. Overview ................................................. 3 3.1 Scope ................................................... 3 3.2 Structure of MIB objects ................................ 3 4. Definitions .............................................. 4 5. Acknowledgements ......................................... 19 6. References ............................................... 20 7. Security Considerations ................................... 21 8. Author's Address ......................................... 21 1. The Network Management Framework The Internet-standard Network Management Framework consists of three components. These components give the rules for defining objects, the definitions of objects, and the protocol for manipulating objects. Throop [Page 1] RFC 1461 Multiprotocol Interconnect on X.25 MIB May 1993 The network management framework structures objects in an abstract information tree. The branches of the tree name objects and the leaves of the tree contain the values manipulated to effect management. This tree is called the Management Information Base or MIB. The concepts of this tree are given in STD 16, RFC 1155, "The Structure of Management Information" or SMI [1]. The SMI defines the trunk of the tree and the types of objects used when defining the leaves. STD 16, RFC 1212, "Towards Concise MIB Definitions" [3], defines a more concise description mechanism that preserves all the principals of the SMI. The core MIB definitions for the Internet suite of protocols can be found in STD 17, RFC 1213 [4], "Management Information Base for Network Management of TCP/IP-based internets". STD 15, RFC 1157 [2] defines the SNMP protocol itself. The protocol defines how to manipulate the objects in a remote MIB. The tree structure of the MIB allows new objects to be defined for the purpose of experimentation and evaluation. 2. Objects The definition of an object in the MIB requires an object name and type. Object names and types are defined using the subset of Abstract Syntax Notation One (ASN.1) [5] defined in the SMI [1]. Objects are named using ASN.1 object identifiers, administratively assigned names, to specify object types. The object name, together with an optional object instance, uniquely identifies a specific instance of an object. For human convenience, we often use a textual string, termed the descriptor, to refer to objects. Objects also have a syntax that defines the abstract data structure corresponding to that object type. The ASN.1 language [5] provides the primitives used for this purpose. The SMI [1] purposely restricts the ASN.1 constructs which may be used for simplicity and ease of implementation. 2.1. Format of Definitions Section 4 contains the specification of all object types contained in this MIB module. The object types are defined using the conventions defined in the SMI, as amended by the extensions specified in "Towards Concise MIB Definitions" [3]. Throop [Page 2] RFC 1461 Multiprotocol Interconnect on X.25 MIB May 1993 3. Overview 3.1. Scope Instances of the objects defined below provide management information for Multiprotocol Interconnect traffic on X.25 as defined in RFC 1356 [9]. That RFC describes how X.25 can be used to exchange IP or network level protocols. The multiprotocol packets (IP, CLNP, ES-IS, or SNAP) are encapsulated in X.25 frames for transmission between nodes. All nodes that implement RFC 1356 must implement this MIB. The objects in this MIB apply to the software in the node that manages X.25 connections and performs the protocol encapsulation. A node in this usage maybe the end node source or destination host for the packet, or it may be a router or bridge responsible for forwarding the packet. Since RFC 1356 requires X.25, nodes that implement RFC 1356 must also implement the X.25 MIB, RFC 1382. This MIB only applies to Multiprotocol Interconnect over X.25 service. It does not apply to other software that may also use X.25 (for example PAD). Thus the presence, absence, or operation of such software will not directly affect any of these objects. (However connections in use by that software will appear in the X.25 MIB). 3.2. Structure of MIB objects The objects of this MIB are organized into three tables: the mioxPleTable, the mioxPeerTable, and the mioxPeerEncTable. All objects in all tables are mandatory for conformance with this MIB. The mioxPleTable defines information relative to an interface used to carry Multiprotocol Interconnect traffic over X.25. Such interfaces are identified by an ifType object in the Internet-standard MIB [4] of ddn-x25 or rfc877-x25. Interfaces of type ddn-x25 have a self contained algorithm for translating between IP addresses and X.121 addresses. Interfaces of type rfc877-x25 do not have such an algorithm. Note that not all X.25 Interfaces will be used to carry Multiprotocol Interconnect traffic. Those interfaces not carrying such traffic will not have entries in the mioxPleTable. The entries in the mioxPleTable are only for interfaces that do carry Multiprotocol Interconnect traffic over X.25. Entries in the mioxPleTable are indexed by ifIndex to make it easy to find the mioxPleTable entry for an interface. The mioxPeerTable contains information needed to co