DAV ACL "authenticated" principal bug?

[alecpl]

I'm setting ACL on a folder like this

ACL: https://host/dav/addressbooks/user/user@host/Default/

<?xml version="1.0" encoding="utf-8"?>
<d:acl xmlns:d="DAV:">
  <d:ace>
    /* cut all privileges for self */
  </d:ace>
  <d:ace>
    <d:principal>
      <d:authenticated/>
    </d:principal>
    <d:grant>
      <d:privilege>
        <d:read/>
      </d:privilege>
    </d:grant>
  </d:ace>
</d:acl>

it succeeds, but after this I got:

        <d:acl>
          <d:ace>
            /* cut all privileges for self */
          </d:ace>
          <d:ace>
            <d:principal>
              <d:all/>
            </d:principal>
            <d:grant>
              <d:privilege>
                <d:read/>
              </d:privilege>
            </d:grant>
          </d:ace>
          <d:ace>
            <d:principal>
              <d:unauthenticated/>
            </d:principal>
            <d:deny>
              <d:privilege>
                <d:read/>
              </d:privilege>
            </d:deny>
          </d:ace>
        </d:acl>

So it looks that a request to set "authenticated" user privileges results in two ace elements for "all" and "unauthenticated" that looks like an equivalent to that single "authenticated" rule. But it makes writing a client to manage ACL more complicated. Can this be improved?

[alecpl]

Looks like, according to ctl_mboxlist -d, internal ACL representation is:

"acl": {
    "user@host": "lrwipkxtecdan",
    "anyone": "lr",
    "-anonymous": "lr"
}