From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.2 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 512161F55F; Wed, 13 Sep 2023 22:03:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org; s=selector1; t=1694642606; bh=jEF/xeR3F3fKy/SU6+plNWDmBPTVrwfc7K6iuqO8+hM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=yqq9ZykpqvNIwQIraiHU3yw7CUw/jTYXlItqO/rpB0LHT3W8roYGUSicsQiSb6GIj 74iC5V0Jc8rw5mWspEcL47xvxxlNDtvQ+b1D+e+DUmbekeIg3gZjUqYQcPplRnotK6 BG0/tqRO4NwZyQ1+4+NpyHF3C0MLBV2KeMeAFn2E= Date: Wed, 13 Sep 2023 22:03:26 +0000 From: Eric Wong To: Konstantin Ryabitsev Cc: meta@public-inbox.org Subject: Re: [RFC] pop3: support `?limit=$NUM' parameter in mailbox name Message-ID: <20230913220326.M198766@dcvr> References: <20230912-impart-swinger-4c2434@meerkat> <20230912224034.M689061@dcvr> <20230913062040.M617670@dcvr> <20230913-sizzling-uncoated-629002@meerkat> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230913-sizzling-uncoated-629002@meerkat> List-Id: Konstantin Ryabitsev wrote: > On Wed, Sep 13, 2023 at 06:20:40AM +0000, Eric Wong wrote: > > Eric Wong wrote: > > > I'm not sure if `?' or `=' are allowed characters in POP3 > > > mailbox names. In fact, I can't find any information on > > > valid characters allowed in RFC 1081 nor RFC 1939. > > It's a username, though, not mailbox name? There's no restriction on the > characters or length of the username, though I'm guessing some UI clients may > have their own limits regarding the length of the username field. username == mailbox name as far as POP3 goes. > > Of course, the parameters and all manner of special characters > > can also be placed the password, so `anonymous?limit=1000'. > > > > But somehow putting parameters in the "password" (even a > > well-known and obvious one) feels wrong. > > What if we move the uuid into the password field -- it seems it belongs there > anyway, as it's tied to the user cookie. I've thought about that, too; but it can get tricky since passwords aren't visible in most UIs. I've also seen some UIs (not POP3) which forbid copy+paste in password fields. Furthermore, if a user wants to migrate to a different POP3 client; carrying their UUID with them is easier when it's readable in the username. (I'm assuming users won't be bothered backup their UUID anywhere) > username: newsgroup.name?params > password: $(uuidgen) > > So, in my example it becomes: > > username: org.kernel.vger.git?limit=1000 > password: 288e5e35-1a35-46ef-b3d5-6d94c20aeab8 > > This could be backward-compatible with the current implementation -- if there > is an @ in the username field, then the cookie is based on what's preceding > it. If there's none, then we use the password field (unless it's "anonymous"). > > This way we're less likely to run into any problems with username length > limitations set by MUAs. Right, backwards compatibility isn't a problem either way. I'm open to supporting both ways; but I'm also not inclined to do so unless there's evidence of real-world POP3 clients being unable to handle the user names. Documenting both ways can be overwhelming to users. Thanks.