Pop Protocol Essay, Research Paper
Network Working Group J. Myers
Request for Remarks: 1725 Carnegie Mellon
Obsoletes: 1460 M. Rose
Class: Standards Track Dover Beach Consulting, Inc.
November 1994
Post Office Protocol & # 8211 ; Version 3
Status of this Memo
This papers specifies an Internet criterions path protocol for the
Internet community, and petitions treatment and suggestions for
betterments. Please refer to the current edition of the & # 8220 ; Internet
Official Protocol Standards & # 8221 ; ( STD 1 ) for the standardisation province
and position of this protocol. Distribution of this memo is limitless.
Overview
This memo is a alteration to RFC 1460, a Draft Standard. It makes the
following alterations from that papers:
– removed text sing & # 8220 ; split-UA theoretical account & # 8221 ; , which didn & # 8217 ; t add
anything to the apprehension of POP
– clarified sentence structure of bids, keywords, and statements
– clarified behaviour on broken connexion
– explicitly permitted an inaction autologout timer
– clarified the demands of the & # 8220 ; exclusive-access lock & # 8221 ;
– removed implementation-specific diction sing the parsing of
the maildrop
– allowed waiters to shut the connexion after a failed
hallmark bid
– removed the LAST bid
– fixed misprint in illustration of TOP bid
– clarified that the 2nd statement to the TOP bid is non-
negative
– added the optional UIDL bid
Myers & A ; Rose [ Page 1 ]
RFC 1725 POP3 November 1994
– added warning sing length of shared secrets with APOP
– added extra warnings to the security considerations subdivision
1. Introduction
On certain types of smaller nodes in the Internet it is frequently
impractical to keep a message conveyance system ( MTS ) . For
illustration, a workstation may non hold sufficient resources ( rhythms,
disc infinite ) in order to allow a SMTP waiter [ RFC821 ] and associated
local mail bringing system to be kept resident and continuously
running. Similarly, it may be expensive ( or impossible ) to maintain a
personal computing machine interconnected to an IP-style web for long
sums of clip ( the node is missing the resource known as
& # 8220 ; connectivity & # 8221 ; ) .
Despite this, it is frequently really utile to be able to pull off mail on
these smaller nodes, and they frequently support a user agent ( UA ) to help
the undertakings of mail handling. To work out this job, a node which can
support an MTS entity offers a maildrop service to these less endowed
nodes. The Post Office Protocol & # 8211 ; Version 3 ( POP3 ) is intended to
license a workstation to dynamically entree a maildrop on a waiter
host in a utile manner. Normally, this means that the POP3 is used
to let a workstation to recover mail that the waiter is keeping
for it.
For the balance of this memo, the term & # 8220 ; client host & # 8221 ; refers to a
host devising usage of the POP3 service, while the term & # 8220 ; server host & # 8221 ;
refers to a host which offers the POP3 service.
2. A Short Digression
This memo does non stipulate how a client host enters mail into the
conveyance system, although a method consistent with the doctrine of
this memo is presented here:
When the user agent on a client host wants to come in a message
into the conveyance system, it establishes an SMTP connexion to
its relay host ( this relay host could be, but need non be, the
POP3 waiter host for the client host ) .
3. Basic Operation
Initially, the waiter host starts the POP3 service by listening on
TCP port 110. When a client host wants to do usage of the service,
it establishes a TCP connexion with the waiter host. When the
connexion is established, the POP3 waiter sends a salutation. The
client and POP3 server so interchange bids and responses
Myers & A ; Rose [ Page 2 ]
RFC 1725 POP3 November 1994
( severally ) until the connexion is closed or aborted.
Commands in the POP3 consist of a keyword, perchance followed by one
or more statements. All bids are terminated by a CRLF brace.
Keywords and statements consist of printable ASCII characters.
Keywords and statements are each separated by a individual Space
character. Keywords are three or four characters long. Each statement
may be up to 40 characters long.
Responses in the POP3 consist of a position index and a keyword
perchance followed by extra information. All responses are
terminated by a CRLF brace. There are presently two position
indexs: positive ( & # 8221 ; +OK & # 8221 ; ) and negative ( & # 8221 ; -ERR & # 8221 ; ) .
Responses to certain bids are multi-line. In these instances, which
are clearly indicated below, after directing the first line of the
response and a CRLF, any extra lines are sent, each terminated
by a CRLF brace. When all lines of the response have been sent, a
concluding line is sent, dwelling of a expiration eight ( denary codification
046, & # 8220 ; . & # 8221 ; ) and a CRLF brace. If any line of the multi-line response
Begins with the expiration eight, the line is & # 8220 ; byte-stuffed & # 8221 ; by
pre-pending the expiration eight to that line of the response.
Therefore a multi-line response is terminated with the five eights
& # 8220 ; CRLF.CRLF & # 8221 ; . When analyzing a multi-line response, the client cheques
to see if the line begins with the expiration eight. If so and if
eights other than CRLF follow, the the first eight of the line ( the
expiration eight ) is stripped off. If so and if CRLF instantly
follows the expiration character, so the response from the POP
waiter is ended and the line incorporating & # 8220 ; .CRLF & # 8221 ; is non considered
portion of the multi-line response.
A POP3 session progresses through a figure of provinces during its
life-time. Once the TCP connexion has been opened and the POP3
waiter has sent the salutation, the session enters the Mandate
province. In this province, the client must place itself to the POP3
waiter. Once the client has successfully done this, the waiter
acquires resources associated with the client & # 8217 ; s maildrop, and the
session enters the TRANSACTION province. In this province, the client
petitions actions on the portion of the POP3 waiter. When the client has
issued the QUIT bid, the session enters the UPDATE province. In
this province, the POP3 waiter releases any resources acquired during
the TRANSACTION province and says adieu. The TCP connexion is so
closed.
A POP3 waiter MAY have an inaction autologout timer. Such a timer
MUST be of at least 10 proceedingss & # 8217 ; continuance. The reception of any bid
from the client during that interval should do to reset the
autologout timer. When the timer expires, the session does NOT come in
Myers & A ; Rose [ Page 3 ]
RFC 1725 POP3 November 1994
the UPDATE province & # 8211 ; the waiter should shut the TCP connexion without
taking any messages or directing any response to the client.
4. The AUTHORIZATION State
Once the TCP connexion has been opened by a POP3 client, the POP3
server issues a one line salutation. This can be any twine terminated
by CRLF. An illustration might be:
Second: +OK POP3 waiter ready
Note that this salutation is a POP3 answer. The POP3 waiter should
ever give a positive response as the salutation.
The POP3 session is now in the AUTHORIZATION province. The client must
now place and authenticate itself to the POP3 waiter. Two
possible mechanisms for making this are described in this papers,
the USER and PASS bid combination and the APOP bid. The APOP
bid is described subsequently in this papers.
To authenticate utilizing the USER and PASS bid combination, the
client must first publish the USER bid. If the POP3 waiter
responds with a positive position index ( & # 8221 ; +OK & # 8221 ; ) , so the client
may publish either the PASS bid to finish the hallmark, or
the QUIT bid to end the POP3 session. If the POP3 waiter
responds with a negative position index ( & # 8221 ; -ERR & # 8221 ; ) to the USER
bid, so the client may either publish a new hallmark
bid or may publish the QUIT bid.
When the client issues the PASS bid, the POP3 waiter uses the
statement brace from the USER and PASS commands to find if the
client should be given entree to the appropriate maildrop.
Once the POP3 waiter has determined through the usage of any
hallmark bid that the client should be given entree to the
appropriate maildrop, the POP3 waiter so acquires an exclusive-
entree lock on the maildrop, as necessary to forestall messages from
being modified or removed before the session enters the UPDATE province.
If the lock is successfully acquired, the POP3 waiter responds with a
positive position index. The POP3 session now enters the
TRANSACTION province, with no messages marked as deleted. If the the
maildrop can non be opened for some ground ( for illustration, a lock can
non be acquired, the client is denied entree to the appropriate
maildrop, or the maildrop can non be parsed ) , the POP3 waiter responds
with a negative position index. ( If a lock was acquired but the
POP3 waiter intends to react with a negative position index, the
POP3 waiter must let go of the lock prior to rejecting the bid. )
After returning a negative position index, the waiter may shut the
Myers & A ; Rose [ Page 4 ]
RFC 1725 POP3 November 1994
connexion. If the waiter does non shut the connexion, the client
may either publish a new hallmark bid and start once more, or the
client may publish the QUIT bid.
After the POP3 waiter has opened the maildrop, it assigns a message-
figure to each message, and notes the size of each message in eights.
The first message in the maildrop is assigned a message-number of
& # 8220 ; 1 & # 8243 ; , the 2nd is assigned & # 8220 ; 2 & # 8243 ; , and so on, so that the n & # 8217 ; th message
in a maildrop is assigned a message-number of & # 8220 ; n & # 8221 ; . In POP3 bids
and responses, all message-number & # 8217 ; s and message sizes are expressed
in base-10 ( i.e. , decimal ) .
Here are sum-ups for the three POP3 bids discussed therefore far:
User name
Arguments:
a twine placing a letter box ( required ) , which is of
significance ONLY to the waiter
Restrictions:
may merely be given in the AUTHORIZATION province after the POP3
salutation or after an unsuccessful User or PASS bid
Possible Responses:
+OK name is a valid letter box
-ERR ne’er heard of letter box name
Examples:
Degree centigrades: USER mrose
Second: +OK mrose is a existent hoopy frood
& # 8230 ;
Degree centigrades: USER frated
Second: -ERR sorry, no letter box for frated here
PASS twine
Arguments:
a server/mailbox-specific watchword ( required )
Restrictions:
may merely be given in the AUTHORIZATION province after a
successful USER bid
Discussion:
Since the PASS bid has precisely one statement, a POP3
waiter may handle infinites in the statement as portion of the
watchword, alternatively of as statement centrifuges.
Myers & A ; Rose [ Page 5 ]
RFC 1725 POP3 November 1994
Possible Responses:
+OK maildrop locked and ready
-ERR invalid watchword
-ERR unable to lock maildrop
Examples:
Degree centigrades: USER mrose
Second: +OK mrose is a existent hoopy frood
Degree centigrades: PASS secret
Second: +OK mrose & # 8217 ; s maildrop has 2 messages ( 320 eights )
& # 8230 ;
Degree centigrades: USER mrose
Second: +OK mrose is a existent hoopy frood
Degree centigrades: PASS secret
Second: -ERR maildrop already locked
QUIT
Arguments: none
Restrictions: none
Possible Responses:
+OK
Examples:
Degree centigrades: Discontinue
Second: +OK Dewey POP3 server subscribing off
5. The TRANSACTION State
Once the client has successfully identified itself to the POP3 waiter
and the POP3 waiter has locked and opened the appropriate maildrop,
the POP3 session is now in the TRANSACTION province. The client may now
issue any of the undermentioned POP3 bids repeatedly. After each
bid, the POP3 waiter issues a response. Finally, the client
issues the QUIT bid and the POP3 session enters the UPDATE province.
Here are the POP3 commands valid in the TRANSACTION province:
STAT
Arguments: none
Restrictions:
may merely be given in the TRANSACTION province
Myers & A ; Rose [ Page 6 ]
RFC 1725 POP3 November 1994
Discussion:
The POP3 waiter issues a positive response with a line
incorporating information for the maildrop. This line is
called a & # 8220 ; bead listing & # 8221 ; for that maildrop.
In order to simplify parsing, all POP3 waiters required to
utilize a certain format for bead listings. The positive
response consists of & # 8220 ; +OK & # 8221 ; followed by a individual infinite, the
figure of messages in the maildrop, a individual infinite, and the
size of the maildrop in eights. This memo makes no
demand on what follows the maildrop size. Minimal
executions should merely stop that line of the response
with a CRLF brace. More advanced executions may
include other information.
Note: This memo STRONGLY discourages executions
from providing extra information in the bead
listing. Other, optional, installations are discussed
subsequently on which permit the client to parse the messages
in the maildrop.
Note that messages marked as deleted are non counted in
either sum.
Possible Responses:
+OK nn millimeter
Examples:
Degree centigrades: STAT
Second: +OK 2 320
LIST [ monosodium glutamate ]
Arguments:
a message-number ( optional ) , which, if present, may NOT
refer to a message marked as deleted
Restrictions:
may merely be given in the TRANSACTION province
Discussion:
If an statement was given and the POP3 waiter issues a
positive response with a line incorporating information for
that message. This line is called a & # 8220 ; scan listing & # 8221 ; for
that message.
If no statement was given and the POP3 waiter issues a
positive response, so the response given is multi-line.
Myers & A ; Rose [ Page 7 ]
RFC 1725 POP3 November 1994
After the initial +OK, for each message in the maildrop,
the POP3 waiter responds with a line incorporating information
for that message. This line is besides called a & # 8220 ; scan
naming & # 8221 ; for that message.
In order to simplify parsing, all POP3 waiters are required
to utilize a certain format for scan listings. A scan listing
consists of the message-number of the message, followed by
a individual infinite and the exact size of the message in eights.
This memo makes no demand on what follows the message
size in the scan listing. Minimal executions should
merely stop that line of the response with a CRLF brace. More
advanced executions may include other information, as
parsed from the message.
Note: This memo STRONGLY discourages executions
from providing extra information in the scan
listing. Other, optional, installations are discussed
subsequently on which permit the client to parse the messages
in the maildrop.
Note that messages marked as deleted are non listed.
Possible Responses:
+OK scan listing follows
-ERR no such message
Examples:
Degree centigrades: List
Second: +OK 2 messages ( 320 eights )
Second: 1 120
Second: 2 200
Second: .
& # 8230 ;
Degree centigrades: List 2
Second: +OK 2 200
& # 8230 ;
Degree centigrades: List 3
Second: -ERR no such message, merely 2 messages in maildrop
RETR monosodium glutamate
Arguments:
a message-number ( required ) which may non mention to a
message marked as deleted
Restrictions:
may merely be given in the TRANSACTION province
Myers & A ; Rose [ Page 8 ]
RFC 1725 POP3 November 1994
Discussion:
If the POP3 waiter issues a positive response, so the
response given is multi-line. After the initial +OK, the
POP3 waiter sends the message matching to the given
message-number, being careful to byte-stuff the expiration
character ( as with all multi-line responses ) .
Possible Responses:
+OK message follows
-ERR no such message
Examples:
Degree centigrades: RETR 1
Second: +OK 120 eights
Second:
Second: .
DELE monosodium glutamate
Arguments:
a message-number ( required ) which may non mention to a
message marked as deleted
Restrictions:
may merely be given in the TRANSACTION province
Discussion:
The POP3 waiter marks the message as deleted. Any hereafter
mention to the message-number associated with the message
in a POP3 bid generates an mistake. The POP3 waiter does
non really cancel the message until the POP3 session
enters the UPDATE province.
Possible Responses:
+OK message deleted
-ERR no such message
Examples:
Degree centigrades: DELE 1
Second: +OK message 1 deleted
& # 8230 ;
Degree centigrades: DELE 2
Second: -ERR message 2 already deleted
NOOP
Arguments: none
Myers & A ; Rose [ Page 9 ]
RFC 1725 POP3 November 1994
Restrictions:
may merely be given in the TRANSACTION province
Discussion:
The POP3 waiter does nil, it simply replies with a
positive response.
Possible Responses:
+OK
Examples:
Degree centigrades: NOOP
Second: +OK
RSET
Arguments: none
Restrictions:
may merely be given in the TRANSACTION province
Discussion:
If any messages have been marked as deleted by the POP3
waiter, they are unmarked. The POP3 waiter so answers
with a positive response.
Possible Responses:
+OK
Examples:
Degree centigrades: RSET
Second: +OK maildrop has 2 messages ( 320 eights )
6. The UPDATE State
When the client issues the QUIT bid from the TRANSACTION province,
the POP3 session enters the UPDATE province. ( Note that if the client
issues the QUIT bid from the AUTHORIZATION province, the POP3
session terminates but does NOT come in the UPDATE province. )
If a session terminates for some ground other than a client-issued
QUIT bid, the POP3 session does NOT come in the UPDATE province and
MUST non take any messages from the maildrop.
QUIT
Arguments: none
Myers & A ; Rose [ Page 10 ]
RFC 1725 POP3 November 1994
Restrictions: none
Discussion:
The POP3 waiter removes all messages marked as deleted from
the maildrop. It so releases any exclusive-access lock
on the maildrop and answers as to the position of these
operations. The TCP connexion is so closed.
Possible Responses:
+OK
Examples:
Degree centigrades: Discontinue
Second: +OK Dewey POP3 server subscribing off ( maildrop empty )
& # 8230 ;
Degree centigrades: Discontinue
Second: +OK Dewey POP3 server subscribing off ( 2 messages left )
& # 8230 ;
7. Optional POP3 Commands
The POP3 bids discussed above must be supported by all minimum
executions of POP3 waiters.
The optional POP3 bids described below license a POP3 client
greater freedom in message handling, while continuing a simple POP3
server execution.
Note: This memo STRONGLY encourages executions to back up
these bids in stead of developing augmented bead and scan
listings. In short, the doctrine of this memo is to set
intelligence in the portion of the POP3 client and non the POP3
waiter.
Top monosodium glutamate N
Arguments:
a message-number ( required ) which may NOT mention to to a
message marked as deleted, and a non-negative figure
( required )
Restrictions:
may merely be given in the TRANSACTION province
Discussion:
If the POP3 waiter issues a positive response, so the
response given is multi-line. After the initial +OK, the
POP3 waiter sends the headings of the message, the space
Myers & A ; Rose [ Page 11 ]
RFC 1725 POP3 November 1994
line dividing the headings from the organic structure, and so the
figure of lines indicated message & # 8217 ; s organic structure, being careful to
byte-stuff the expiration character ( as with all multi-
line responses ) .
Note that if the figure of lines requested by the POP3
client is greater than than the figure of lines in the
organic structure, so the POP3 waiter sends the full message.
Possible Responses:
+OK top of message follows
-ERR no such message
Examples:
Degree centigrades: Top 1 10
Second: +OK
Second:
Second: .
& # 8230 ;
Degree centigrades: Top 100 3
Second: -ERR no such message
UIDL [ monosodium glutamate ]
Arguments:
a message-number ( optionally ) If a message-number is given,
it may NOT mention to a message marked as deleted.
Restrictions:
may merely be given in the TRANSACTION province.
Discussion:
If an statement was given and the POP3 waiter issues a positive
response with a line incorporating information for that message.
This line is called a & # 8220 ; unique-id listing & # 8221 ; for that message.
If no statement was given and the POP3 waiter issues a positive
response, so the response given is multi-line. After the
initial +OK, for each message in the maildrop, the POP3 waiter
responds with a line incorporating information for that message.
This line is called a & # 8220 ; unique-id listing & # 8221 ; for that message.
In order to simplify parsing, all POP3 waiters are required to
utilize a certain format for unique-id listings. A unique-id
naming consists of the message-number of the message,
followed by a individual infinite and the unique-id of the message.
Myers & A ; Rose [ Page 12 ]
RFC 1725 POP3 November 1994
No information follows the unique-id in the unique-id listing.
The unique-id of a message is an arbitrary server-determined
twine, dwelling of characters in the scope 0 & # 215 ; 21 to 0 & # 215 ; 7E,
which unambiguously identifies a message within a maildrop and
which persists across Sessionss. The waiter should ne’er recycle
an unique-id in a given maildrop, for every bit long as the entity
utilizing the unique-id exists.
Note that messages marked as deleted are non listed.
Possible Responses:
+OK unique-id listing follows
-ERR no such message
Examples:
Degree centigrades: UIDL
Second: +OK
Second: 1 whqtswO00WBw418f9t5JxYwZ
Second: 2 QhdPYR:00WBw1Ph7 & # 215 ; 7
Second: .
& # 8230 ;
Degree centigrades: UIDL 2
Second: +OK 2 QhdPYR:00WBw1Ph7 & # 215 ; 7
& # 8230 ;
Degree centigrades: UIDL 3
Second: -ERR no such message, merely 2 messages in maildrop
APOP name digest
Arguments:
a twine placing a letter box and a MD5 digest twine
( both required )
Restrictions:
may merely be given in the AUTHORIZATION province after the POP3
recognizing
Discussion:
Normally, each POP3 session starts with a USER/PASS
exchange. This consequences in a server/user-id particular
watchword being sent in the clear on the web. For
intermittent usage of POP3, this may non present a ample
hazard. However, many POP3 client executions connect to
the POP3 waiter on a regular footing & # 8212 ; to look into for new
mail. Further the interval of session induction may be on
the order of five proceedingss. Hence, the hazard of watchword
gaining control is greatly enhanced.
Myers & A ; Rose [ Page 13 ]
RFC 1725 POP3 November 1994
An alternate method of hallmark is required which
provides for both origin hallmark and rematch
protection, but which does non affect directing a watchword
in the clear over the web. The APOP bid provides
this functionality.
A POP3 waiter which implements the APOP bid will
include a timestamp in its streamer salutation. The sentence structure of
the timestamp corresponds to the `msg-id & # 8217 ; in [ RFC822 ] , and
MUST be different each clip the POP3 waiter issues a streamer
salutation. For illustration, on a UNIX execution in which a
separate UNIX procedure is used for each case of a POP3
waiter, the sentence structure of the timestamp might be:
where `process-ID & # 8217 ; is the denary value of the procedure & # 8217 ; s
PID, clock is the denary value of the system clock, and
hostname is the fully-qualified domain-name corresponding
to the host where the POP3 waiter is running.
The POP3 client makes note of this timestamp, and so
issues the APOP bid. The `name & # 8217 ; parametric quantity has
indistinguishable semantics to the `name & # 8217 ; parametric quantity of the USER
bid. The `digest & # 8217 ; parametric quantity is calculated by using
the MD5 algorithm [ RFC1321 ] to a threading consisting of the
timestamp ( including angle-brackets ) followed by a shared
secret. This shared secret is a threading known merely to the
POP3 client and waiter. Great attention should be taken to
prevent unauthorised revelation of the secret, as cognition
of the secret will let any entity to successfully
mask as the named user. The `digest & # 8217 ; parametric quantity
itself is a 16-octet value which is sent in hexadecimal
format, utilizing lower-case ASCII characters.
When the POP3 waiter receives the APOP bid, it verifies
the digest provided. If the digest is right, the POP3
server issues a positive response, and the POP3 session
enters the TRANSACTION province. Otherwise, a negative
response is issued and the POP3 session remains in the
AUTHORIZATION province.
Note that as the length of the shared secret additions, so
does the trouble of deducing it. As such, shared
secrets should be long strings ( well longer than
the 8-character illustration shown below ) .
Myers & A ; Rose [ Page 14 ]
RFC 1725 POP3 November 1994
Possible Responses:
+OK maildrop locked and ready
-ERR permission denied
Examples:
Second: +OK POP3 waiter ready
Degree centigrades: APOP mrose c4c9334bac560ecc979e58001b3e22fb
Second: +OK maildrop has 1 message ( 369 eights )
In this illustration, the shared secret is the threading `tan-
staaf & # 8217 ; . Hence, the MD5 algorithm is applied to the twine
tanstaaf
which produces a digest value of
c4c9334bac560ecc979e58001b3e22fb
8. POP3 Command Summary
Minimal POP3 Commands:
USER name valid in the AUTHORIZATION province
PASS twine
QUIT
STAT valid in the TRANSACTION province
LIST [ monosodium glutamate ]
RETR monosodium glutamate
DELE monosodium glutamate
NOOP
RSET
QUIT valid in the UPDATE province
Optional POP3 Commands:
APOP name digest valid in the AUTHORIZATION province
Top monosodium glutamate N valid in the TRANSACTION province
UIDL [ monosodium glutamate ]
POP3 Answers:
+OK
-ERR
Myers & A ; Rose [ Page 15 ]
RFC 1725 POP3 November 1994
Note that with the exclusion of the STAT, LIST, and UIDL bids,
the answer given by the POP3 waiter to any bid is important merely
to & # 8220 ; +OK & # 8221 ; and & # 8220 ; -ERR & # 8221 ; . Any text occurring after this answer may be
ignored by the client.
9. Example POP3 Session
Second:
Degree centigrades:
Second: +OK POP3 waiter ready
Degree centigrades: APOP mrose c4c9334bac560ecc979e58001b3e22fb
Second: +OK mrose & # 8217 ; s maildrop has 2 messages ( 320 eights )
Degree centigrades: STAT
Second: +OK 2 320
Degree centigrades: List
Second: +OK 2 messages ( 320 eights )
Second: 1 120
Second: 2 200
Second: .
Degree centigrades: RETR 1
Second: +OK 120 eights
Second:
Second: .
Degree centigrades: DELE 1
Second: +OK message 1 deleted
Degree centigrades: RETR 2
Second: +OK 200 eights
Second:
Second: .
Degree centigrades: DELE 2
Second: +OK message 2 deleted
Degree centigrades: Discontinue
Second: +OK Dewey POP3 server subscribing off ( maildrop empty )
Degree centigrades:
Second:
10. Message Format
All messages transmitted during a POP3 session are assumed to conform
to the criterion for the format of Internet text messages [ RFC822 ] .
It is of import to observe that the eight count for a message on the
server host may differ from the eight count assigned to that message
due to local conventions for denominating end-of-line. Normally,
during the AUTHORIZATION province of the POP3 session, the POP3 waiter
can cipher the size of each message in eights when it opens the
maildrop. For illustration, if the POP3 waiter host internally represents
end-of-line as a individual character, so the POP3 waiter merely counts
Myers & A ; Rose [ Page 16 ]
RFC 1725 POP3 November 1994
each happening of this character in a message as two eights. Note
that lines in the message which start with the expiration eight demand
non be counted twice, since the POP3 client will take all byte-
stuffed expiration characters when it receives a multi-line
response.
11. Mentions
[ RFC821 ] Postel, J. , & # 8220 ; Simple Mail Transfer Protocol & # 8221 ; , STD 10, RFC
821, USC/Information Sciences Institute, August 1982.
[ RFC822 ] Crocker, D. , & # 8220 ; Standard for the Format of ARPA-Internet Text
Messages & # 8221 ; , STD 11, RFC 822, University of Delaware, August 1982.
[ RFC1321 ] Rivest, R. & # 8220 ; The MD5 Message-Digest Algorithm & # 8221 ; , RFC 1321,
MIT Laboratory for Computer Science, April, 1992.
12. Security Considerations
It is conjectured that usage of the APOP bid provides beginning
designation and rematch protection for a POP3 session.
Consequently, a POP3 waiter which implements both the PASS and APOP
bids must non let both methods of entree for a given user ; that
is, for a given & # 8220 ; USER name & # 8221 ; either the PASS or APOP bid is
allowed, but non both.
Further, note that as the length of the shared secret additions, so
does the trouble of deducing it.
Waiters that answer -ERR to the USER bid are giving possible
aggressors hints about which names are valid
Use of the PASS bid sends watchwords in the clear over the
web.
Use of the RETR and TOP commands sends mail in the clear over the
web.
Otherwise, security issues are non discussed in this memo.
13. Recognitions
The POP household has a long and checked history. Although chiefly
a minor alteration to RFC 1460, POP3 is based on the thoughts presented in
RFCs 918, 937, and 1081.
In add-on, Alfred Grimstad, Keith McCloghrie, and Neil Ostroff
provided important remarks on the APOP bid.
Myers & A ; Rose [ Page 17 ]
RFC 1725 POP3 November 1994
14. Authors & # 8217 ; Addresss
John G. Myers
Carnegie-Mellon University
5000 Forbes Ave
Pittsburgh, PA 15213
Electronic mail: jgm+ @ cmu.edu
Marshall T. Rose
Dover Beach Consulting, Inc.
420 Whisman Court
Mountain View, CA 94043-2186
Electronic mail: mrose @ dbc.mtview.ca.us
Myers & A ; Rose [ Page 18 ]
.