Downgrading Mechanism for Email Address Internationalization
draft-ietf-eai-downgrade-12
The information below is for an old version of the document that is already published as an RFC.
Document | Type |
This is an older version of an Internet-Draft that was ultimately published as RFC 5504.
|
|
---|---|---|---|
Authors | Yoshiro Yoneya , Kazunori Fujiwara | ||
Last updated | 2015-10-14 (Latest revision 2009-03-03) | ||
RFC stream | Internet Engineering Task Force (IETF) | ||
Intended RFC status | Experimental | ||
Formats | |||
Additional resources | Mailing list discussion | ||
Stream | WG state | WG Document | |
Document shepherd | (None) | ||
IESG | IESG state | Became RFC 5504 (Experimental) | |
Action Holders |
(None)
|
||
Consensus boilerplate | Unknown | ||
Telechat date | (None) | ||
Responsible AD | Chris Newman | ||
Send notices to | (None) |
draft-ietf-eai-downgrade-12
Email Address Internationalization K. Fujiwara, Ed. (EAI) Y. YONEYA, Ed. Internet-Draft JPRS Intended status: Experimental March 2, 2009 Expires: September 3, 2009 Downgrading mechanism for Email Address Internationalization draft-ietf-eai-downgrade-12.txt Status of this Memo This Internet-Draft is submitted to IETF in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 3, 2009. Copyright Notice Copyright (c) 2009 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents in effect on the date of publication of this document (http://trustee.ietf.org/license-info). Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Abstract Traditional mail systems handle only ASCII characters in SMTP envelope and mail header fields. The Email Address Fujiwara & YONEYA Expires September 3, 2009 [Page 1] Internet-Draft UTF8SMTP Downgrade March 2009 Internationalization (UTF8SMTP) extension allows UTF-8 characters in SMTP envelope and mail header fields. To avoid rejecting internationalized Email messages when a server in the delivery path does not support the UTF8SMTP extension, some sort of converting mechanism is required. This document describes a downgrading mechanism for Email Address Internationalization. Note that this is a way to downgrade, not tunnel. There is no associated up-conversion mechanism, although internationalized email clients might use original internationalized addresses or other data when displaying or replying to downgraded messages. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5 3. New header fields definition . . . . . . . . . . . . . . . . . 5 3.1. Envelope information preservation header fields . . . . . 6 3.2. Address header field preservation header fields . . . . . 6 3.3. Unknown header fields preservation header fields . . . . 7 4. SMTP Downgrading . . . . . . . . . . . . . . . . . . . . . . . 8 4.1. Path element downgrading . . . . . . . . . . . . . . . . 8 4.2. ORCPT downgrading . . . . . . . . . . . . . . . . . . . . 9 5. Email header fields downgrading . . . . . . . . . . . . . . . 9 5.1. Downgrading method for each ABNF element . . . . . . . . 9 5.1.1. RECEIVED downgrading . . . . . . . . . . . . . . . . . 9 5.1.2. UNSTRUCTURED downgrading . . . . . . . . . . . . . . . 9 5.1.3. WORD downgrading . . . . . . . . . . . . . . . . . . . 10 5.1.4. COMMENT downgrading . . . . . . . . . . . . . . . . . 10 5.1.5. MIME-VALUE downgrading . . . . . . . . . . . . . . . . 10 5.1.6. DISPLAY-NAME downgrading . . . . . . . . . . . . . . . 10 5.1.7. MAILBOX downgrading . . . . . . . . . . . . . . . . . 10 5.1.8. ENCAPSULATION downgrading . . . . . . . . . . . . . . 11 5.1.9. TYPED-ADDRESS downgrading . . . . . . . . . . . . . . 11 5.2. Downgrading method for each header field . . . . . . . . 11 5.2.1. Address header fields which contain <address>s . . . . 11 5.2.2. Address header fields with typed addresses . . . . . . 12 5.2.3. Downgrading Non-ASCII in comments . . . . . . . . . . 12 5.2.4. Received header field . . . . . . . . . . . . . . . . 12 5.2.5. MIME Content header fields . . . . . . . . . . . . . . 12 5.2.6. Non-ASCII in <unstructured> . . . . . . . . . . . . . 13 5.2.7. Non-ASCII in <phrase> . . . . . . . . . . . . . . . . 13 5.2.8. Other header fields . . . . . . . . . . . . . . . . . 13 6. MIME body part header fields downgrading . . . . . . . . . . . 13 7. Security considerations . . . . . . . . . . . . . . . . . . . 14 8. Implementation notes . . . . . . . . . . . . . . . . . . . . . 15 8.1. RFC 2047 encoding . . . . . . . . . . . . . . . . . . . . 15 8.2. Trivial downgrading . . . . . . . . . . . . . . . . . . . 16 Fujiwara & YONEYA Expires September 3, 2009 [Page 2] Internet-Draft UTF8SMTP Downgrade March 2009 8.3. 7bit transport consideration . . . . . . . . . . . . . . 16 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 19 11. Change History . . . . . . . . . . . . . . . . . . . . . . . . 19 11.1. draft-yoneya-ima-downgrade: Version 00 . . . . . . . . . 19 11.2. draft-yoneya-ima-downgrade: Version 01 . . . . . . . . . 19 11.3. draft-ietf-eai-downgrade: Version 00 . . . . . . . . . . 20 11.4. draft-ietf-eai-downgrade: Version 01 . . . . . . . . . . 20 11.5. draft-ietf-eai-downgrade: Version 02 . . . . . . . . . . 20 11.6. draft-ietf-eai-downgrade: Version 03 . . . . . . . . . . 20 11.7. draft-ietf-eai-downgrade: Version 04 . . . . . . . . . . 20 11.8. draft-ietf-eai-downgrade: Version 05 . . . . . . . . . . 20 11.9. draft-ietf-eai-downgrade: Version 06 . . . . . . . . . . 21 11.10. draft-ietf-eai-downgrade: Version 07 . . . . . . . . . . 21 11.11. draft-ietf-eai-downgrade: Version 08 . . . . . . . . . . 21 11.12. draft-ietf-eai-downgrade: Version 09 . . . . . . . . . . 21 11.13. draft-ietf-eai-downgrade: Version 10 . . . . . . . . . . 21 11.14. draft-ietf-eai-downgrade: Version 11 . . . . . . . . . . 21 11.15. draft-ietf-eai-downgrade: Version 12 . . . . . . . . . . 21 12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22 12.1. Normative References . . . . . . . . . . . . . . . . . . 22 12.2. Informative References . . . . . . . . . . . . . . . . . 23 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 23 A.1. Downgrading example 1 . . . . . . . . . . . . . . . . . . 23 A.2. Downgrading example 2 . . . . . . . . . . . . . . . . . . 26 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28 Fujiwara & YONEYA Expires September 3, 2009 [Page 3] Internet-Draft UTF8SMTP Downgrade March 2009 1. Introduction Traditional mail systems which are defined by [RFC5321] and [RFC5322] allow ASCII characters in SMTP envelope and mail header field values. The UTF8SMTP extension [RFC4952], [RFC5335] and [RFC5336] allows UTF-8 characters in SMTP envelope and mail header field values. If an envelope address or header field contains non-ASCII characters, the message cannot be delivered unless every system in the delivery path supports UTF8SMTP. This document describes a downgrading mechanism to avoid rejection of such messages when a server which does not support the UTF8SMTP extension is encountered. Downgrading mechanism converts envelope and header fields to an all-ASCII representation. [RFC5335] allows UTF-8 characters to be used in mail header fields and MIME header fields. The downgrading mechanism specified here converts mail header fields and MIME header fields to ASCII. This document does not change any protocols except by defining new header fields. It describes the conversion method from the internationalized email envelopes/messages which are defined in [RFC4952] [RFC5335] [RFC5336] to the traditional email envelopes/ messages which are defined in [RFC5321] [RFC5322]. [RFC5336] section 2.2 defines when downgrading occurs. If the SMTP client has an UTF8SMTP envelope or an internationalized message and the SMTP server doesn't support the UTF8SMTP SMTP extension, then the SMTP client MUST NOT send a UTF8SMTP envelope or an internationalized message to the SMTP server. The section shows 4 choices. The fourth choice is downgrading, as described here. Downgrading may be implemented in MUAs, MSAs, MTAs which act as the SMTP client, or in MDAs, POP servers, IMAP servers which store or offer UTF8SMTP envelopes or internationalized messages to non- UTF8SMTP compliant systems which include message stores. This document tries to define the downgrading process clearly and it preserves the original information as much as possible. Downgrading in UTF8SMTP consists of the following four parts: o New header fields definition o SMTP downgrading o Email header fields downgrading o MIME header fields downgrading In Section 3, many header fields starting with "Downgraded-" are Fujiwara & YONEYA Expires September 3, 2009 [Page 4] Internet-Draft UTF8SMTP Downgrade March 2009 introduced. They preserve the original envelope information and the original header fields. The SMTP downgrading is described in Section 4. It generates ASCII only envelope information from an UTF8SMTP envelope. The Email header fields downgrading is described in Section 5. It generates ASCII only header fields. The MIME header fields are expanded in [RFC5335]. The MIME header fields downgrading is described in Section 6. It generates ASCII only MIME header fields. Displaying downgraded messages which originally contain internationalized E-mail addresses or internationalized header fields is described in an another document ([I-D.ietf-eai-downgraded-display]). 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. All specialized terms used in this specification are defined in the EAI overview [RFC4952] or in [RFC5321][RFC5322], MIME documents [RFC2045] [RFC2047] [RFC2183] [RFC2231]. The terms "ASCII address", "internationalized email address", "non-ASCII address", "i18mail address", "UTF8SMTP", "message" and "mailing list" are used with the definitions from [RFC4952] document. This document depends on [RFC5335], [RFC5336], and [RFC5337]. Key words used in these document are used in this document, too. The term "non-ASCII" is an UTF-8 string which contains at least one non-ASCII character. An "UTF8SMTP envelope" has Email originator/recipient addresses expanded by [RFC5336] and [RFC5337]. An "UTF8SMTP message" is Email messages expanded by [RFC5335]. 3. New header fields definition New header fields starting with "Downgraded-" are defined here to preserve those original envelope and header field values which Fujiwara & YONEYA Expires September 3, 2009 [Page 5] Internet-Draft UTF8SMTP Downgrade March 2009 contain UTF-8 characters. During downgrading, one new "Downgraded-" header field is added for each original envelope or header field which cannot be passed as-is to a server which does not support UTF8SMTP. The original envelope or header field is removed or rewritten. Only those envelope and header fields which contain non- ASCII characters are affected. The result of this process is a message which is compliant with existing email specifications [RFC5321] and [RFC5322]. The original internationalized information can be retrieved by examining the "Downgraded-" header fields which were added. 3.1. Envelope information preservation header fields SMTP envelope downgraded information <downgraded-envelope-addr> consists of the original non-ASCII address and the downgraded all- ASCII address. downgraded-envelope-addr = [FWS] "<" [ A-d-l ":" ] uMailbox FWS "<" Mailbox ">" ">" [CFWS] <uMailbox> is defined in [RFC5336]; <Mailbox> and <A-d-l> are defined in [RFC5321], section 4.1.2. Two header fields "Downgraded-Mail-From:" and "Downgraded-Rcpt-To:" are defined to preserve SMTP envelope downgraded information. The header field syntax is specified as follows: fields =/ downgradedmailfrom / downgradedrcptto downgradedmailfrom = "Downgraded-Mail-From:" unstructured CRLF downgradedrcptto = "Downgraded-Rcpt-To:" unstructured CRLF The unstructured content is downgraded-envelope-addr treated as if it were unstructured with [RFC2047] encoding (and charset UTF-8) as needed. 3.2. Address header field preservation header fields The address header fields preservation header fields are defined to preserve the original header field. Their value field holds the original header field value. The header field syntax is specified as follows: Fujiwara & YONEYA Expires September 3, 2009 [Page 6] Internet-Draft UTF8SMTP Downgrade March 2009 fields =/ known-downgraded-headers ":" unstructured CRLF known-downgraded-headers = "Downgraded-" original-headers original-headers = "From" / "Sender" / "To" / "Cc" / "Bcc" / "Reply-To" / "Resent-From" / "Resent-Sender" / "Resent-To" / "Resent-Cc" / "Resent-Bcc" / "Resent-Reply-To" / "Return-Path" / "Disposition-Notification-To" Preserving a header field in a downgraded header field is defined as: 1. Generate new downgraded header field whose value is the original header field value. 2. Treat the generated header field content as if it were unstructured, and then apply [RFC2047] encoding with charset UTF-8 as necessary so the result is ASCII. 3.3. Unknown header fields preservation header fields The unknown header fields preservation header fields are defined to encapsulate those original header fields which contain non-ASCII characters and are not otherwise provided for in the this specification. The encapsulation header field name is the concatenation of "Downgraded-" and the original name. The value field holds the original header field value. The header field syntax is specified as follows: fields =/ unknown-downgraded-headers ":" unstructured CRLF unknown-downgraded-headers = "Downgraded-" original-header-field-name original-header-field-name = field-name field-name = 1*ftext ftext = %d33-57 / ; Any character except %d59-126 ; controls, SP, and ; ":". Encapsulating a header field in a "Downgraded-" header field is defined as: 1. Generate new "Downgraded-" header field whose value is the original header field value. Fujiwara & YONEYA Expires September 3, 2009 [Page 7] Internet-Draft UTF8SMTP Downgrade March 2009 2. Treat the generated header field content as if it were unstructured, and then apply [RFC2047] encoding with charset UTF-8 as necessary so the result is ASCII. 3. Remove the original header field. 4. SMTP Downgrading Target of downgrading elements in SMTP envelope are below: o <reverse-path> of MAIL FROM command o <forward-path> of RCPT TO command o ORCPT parameter of RCPT TO command 4.1. Path element downgrading Downgrading the <path> of MAIL FROM and RCPT TO commands uses ALT- ADDRESS parameter defined in [RFC5336]. A SMTP command is downgradable if the <path> contains non-ASCII address and the command has an ALT-ADDRESS parameter which specifies an ASCII address. Since only non-ASCII addresses are downgradable, specifying an ALT-ADDRESS value for an all-ASCII address is invalid for use with this specification, and no interpretation is assigned to it. This restriction allows for future extension of the specification even though no such extensions are currently anticipated. Note that even if no downgrading is performed on the envelope, message header fields and message body MIME header fields that contain non-ASCII characters MUST be downgraded. This is described in Section 5 and Section 6. When downgrading, replace each <path> which contains non-ASCII mail address with its specified alternative ASCII address and preserve the original information using "Downgraded-Mail-From" and "Downgraded- Rcpt-To" header fields as defined in Section 3. Before replacing, decode the ALT-ADDRESS parameter value because it is encoded as xtext [RFC3461]. To avoid disclosing recipient addresses, the downgrading process MUST NOT add "Downgraded-Rcpt-To:" header field if the SMTP downgrading targets multiple recipients. See Section 7 for more detail. As a result of the recipient address downgrading, the domain part of the recipient address prior to downgrading might be different from the domain part of the new recipient address. If the result of address resolution for the domain part of the new recipient address contains the server at the connection destination of the SMTP session for the recipient address prior to downgrading, the SMTP connection Fujiwara & YONEYA Expires September 3, 2009 [Page 8] Internet-Draft UTF8SMTP Downgrade March 2009 is valid for the new recipient address. Otherwise, the downgrading process MUST NOT send the downgraded message to the new recipient address via the connection and MUST try to send the downgraded message to the new recipient address. 4.2. ORCPT downgrading The "RCPT TO" command can have an ORCPT parameter if the DSN extension [RFC3461] is supported. If the ORCPT parameter contains an "utf-8" type address and the address contains raw non-ASCII characters, the address MUST be converted to utf-8-addr-xtext form. Those forms are described in [RFC5337] and clarified by successor documents such as [I-D.ietf-eai-dsnbis]. Before converting to utf-8-addr-xtext form, remove xtext encoding. 5. Email header fields downgrading This section defines the conversion method to ASCII for each header field which may contain non-ASCII characters. [RFC5335] expands Received: header fields, [RFC5322] ABNF elements <mailbox>, <word>, <comment>, <unstructured>, [RFC2045] ABNF element <value>. 5.1. Downgrading method for each ABNF element Header field downgrading is defined below for each ABNF element. Downgrading an unknown header field is also defined as ENCAPSULATION downgrading. Converting the header field terminates when no non- ASCII characters remain in the header field. 5.1.1. RECEIVED downgrading If the header field name is "Received:" and the FOR clause contains a non-ASCII addresses, remove the FOR clause from the header field. Other parts (not counting <comment>s) should not contain non-ASCII values. 5.1.2. UNSTRUCTURED downgrading If the header field has an <unstructured> field which contains non- ASCII characters, apply [RFC2047] encoding with charset UTF-8. Fujiwara & YONEYA Expires September 3, 2009 [Page 9] Internet-Draft UTF8SMTP Downgrade March 2009 5.1.3. WORD downgrading If the header field has any <word> fields which contains non-ASCII characters, apply [RFC2047] encoding with charset UTF-8. 5.1.4. COMMENT downgrading If the header field has any <comment> fields which contains non-ASCII characters, apply [RFC2047] encoding with charset UTF-8. 5.1.5. MIME-VALUE downgrading If the header field has any <value> elements defined by [RFC2045] and the elements contain non-ASCII characters, encode the <value> elements by [RFC2231] with charset UTF-8 and the Language information empty. If the <value> element is <quoted-string> and it contains <CFWS> outside the DQUOTE, remove the <CFWS> before this conversion. 5.1.6. DISPLAY-NAME downgrading If the header field has any <address> (<mailbox> and <group>) elements and they have <display-name> elements which contain non- ASCII characters, encode the <display-name> elements according to [RFC2047] with charset UTF-8. DISPLAY-NAME downgrading is the same algorithm as WORD downgrading. 5.1.7. MAILBOX downgrading The <mailbox> elements have no equivalent format for non-ASCII addresses. If the header field has any <mailbox> elements which contain non-ASCII characters, preserve the header field in each Address header field preservation header field defined in Section 3.2, and rewrite each <mailbox> element to ASCII only format. The <mailbox> element which contains non-ASCII characters is one of three formats. o [ Display-name ] "<" Utf8-addr-spec 1*FCS "<" Addr-spec ">>" Rewrite it as [ Display-name ] "<" Addr-spec ">" o [ Display-name ] "<" Utf8-addr-spec ">" o Utf8-addr-spec Rewrite both as [ Display-name ] "Internationalized Address " Encoded-word " Removed:;" Fujiwara & YONEYA Expires September 3, 2009 [Page 10] Internet-Draft UTF8SMTP Downgrade March 2009 where the <Encoded-word> is the original <Utf8-addr-spec> encoded according to [RFC2047]. 5.1.8. ENCAPSULATION downgrading if the header field contains non-ASCII characters and for which no rule is given above, encapsulate it in a Downgraded header field described in Section 3.3 as a last resort. Applying this procedure to "Received" header field is prohibited. 5.1.9. TYPED-ADDRESS downgrading If the header field contains <utf-8-type-addr> and the <utf-8-type- addr> contains raw non-ASCII characters, it is utf-8-address form and convert it to utf-8-addr-xtext form as described in Section 4.2. COMMENT downgrading is also performed in this case. If the address type is unrecognized and the header field contains non-ASCII characters, then fall back to using ENCAPSULATION downgrading on the entire header field. 5.2. Downgrading method for each header field Header fields are listed in [RFC4021]. This section describes the downgrading method for each header field. If the whole mail header field does not contain non-ASCII characters, email header field downgrading is not required. Each header field's downgrading method is described below. 5.2.1. Address header fields which contain <address>s From: Sender: To: Cc: Bcc: Reply-To: Resent-From: Resent-Sender: Resent-To: Resent-Cc: Resent-Bcc: Resent-Reply-To: Fujiwara & YONEYA Expires September 3, 2009 [Page 11] Internet-Draft UTF8SMTP Downgrade March 2009 Return-Path: Disposition-Notification-To: If the header field contains <mailbox> elements which contains non- ASCII addresses, preserve the header field in a downgraded header field before the conversion. Then perform COMMENT downgrading, DISPLAY-NAME downgrading and MAILBOX downgrading. 5.2.2. Address header fields with typed addresses Original-Recipient: Final-Recipient: If the header field contains non-ASCII characters, perform TYPED- ADDRESS downgrading. 5.2.3. Downgrading Non-ASCII in comments Date: Message-ID: Resent-Message-ID: In-Reply-To: References: Resent-Date: Resent-Message-ID: MIME-Version: Content-ID: Content-Transfer-Encoding: Content-Language: Accept-Language: Auto-Submitted: These header fields do not contain non-ASCII characters except in comments. If the header field contains UTF-8 characters in comments, perform COMMENT downgrading. 5.2.4. Received header field Received: perform COMMENT downgrading and RECEIVED downgrading. 5.2.5. MIME Content header fields Fujiwara & YONEYA Expires September 3, 2009 [Page 12] Internet-Draft UTF8SMTP Downgrade March 2009 Content-Type: Content-Disposition: Perform MIME-VALUE downgrading and COMMENT downgrading. 5.2.6. Non-ASCII in <unstructured> Subject: Comments: Content-Description: Perform UNSTRUCTURED downgrading. 5.2.7. Non-ASCII in <phrase> Keywords: Perform WORD downgrading. 5.2.8. Other header fields All other header fields which contains non-ASCII characters are user- defined, missing from this draft or future defined header fields. Perform ENCAPSULATION downgrading. If the software understands the header field's structure and a downgrading algorithm other than ENCAPSULATION is applicable, that software SHOULD use that algorithm; ENCAPSULATION downgrading is used as a last resort. Mailing list header fields (those that start in "List-") are part of this category. 6. MIME body part header fields downgrading MIME body part header fields may contain non-ASCII characters [RFC5335]. This section defines the conversion method to ASCII only header fields for each MIME header field which contains non-ASCII characters. Parse the message body's MIME structure for all levels and check each MIME header field whether it contains non-ASCII characters. If the header field contains non-ASCII characters in the header field value, the header field is a target of the MIME body part header fields downgrading. Each MIME header field's downgrading method is described below. COMMENT downgrading, MIME-VALUE downgrading, UNSTRUCTURED downgrading are described in Section 5. Fujiwara & YONEYA Expires September 3, 2009 [Page 13] Internet-Draft UTF8SMTP Downgrade March 2009 Content-ID: The Content-ID: header field does not contain non-ASCII characters except in comments. If the header field contains UTF-8 characters in comments, perform COMMENT downgrading. Content-Type: Content-Disposition: Perform MIME-VALUE downgrading and COMMENT downgrading. Content-Description: Perform UNSTRUCTURED downgrading. 7. Security considerations A Downgraded message's header fields contain ASCII characters only. But they still contain MIME encapsulated header fields which contains non-ASCII UTF-8 characters. Furthermore, the body part may contain UTF-8 characters. Implementations parsing Internet messages need to accept UTF-8 body parts and UTF-8 header fields which are MIME encoded. Thus it inherits the security considerations of MIME encoded header fields [RFC2047] and [RFC3629]. Rewriting header fields increases the opportunities for undetected spoofing by the malicious senders. However rewritten header fields are preserved into Downgraded-* header fields and parsing Downgraded-* header fields enables detecting spoofing caused by downgrading. Addresses that do not appear in the message header fields may appear in the RCPT commands to an SMTP server for a number of reasons. Copying information from the Envelope into header fields risks inadvertent information disclosure (see [RFC5321] and Section 4). Mitigating inadvertent information disclosure is discussed in same place. The techniques described here invalidates methods that depend on digital signatures over the envelope or any part of the message which includes the top-level header fields or body part header fields. Depending on the specific message being downgraded, DKIM especially, but also possibly S/MIME, PGP, and similar techniques are all likely to break. The two obvious mitigations are to stick to 7-bit transport when using these techniques (as most/all of them presently require), or make sure you have UTF8SMTP end-to-end when needed. Many gateways and servers on the Internet will discard header fields with which they are not familiar. To the extent to which the Fujiwara & YONEYA Expires September 3, 2009 [Page 14] Internet-Draft UTF8SMTP Downgrade March 2009 downgrade procedures depend on new header fields (e.g., "Downgraded-") to avoid information loss, the risk of having those header fields dropped and its implications must be identified. In particular, if the Downgraded header fields are dropped, there is no possibility of reconstructing the original information at any point (before, during, or after delivery). Such gateways violate [RFC2979] and can be upgraded to correct the problem. Even though the information is not lost, the original message cannot be perfectly reconstructed because some downgrading methods remove information (see Section 5.1.1 and Section 5.1.5). Hence, downgrading is a one-way process. While information in any email header field should usually treated with some suspicion, current email systems commonly employ various mechanisms and protocols to make the information more trustworthy. Currently, information in the new Downgraded-* header fields is usually not inspected by these mechanisms, and may be even less trustworthy than the traditional header fields. Note that the Downgraded-* header fields could have been inserted with malicious intent. (and with content unrelated to the traditional header fields). If an internationalized MUA would simply try to "upgrade" the message for display purposes (that is, display the information in the Downgraded-* header fields instead of the traditional header fields), the effectiveness of the deployed mechanisms and protocols is likely to be reduced, and the user may be exposed to additional risks. More guidance on how to display downgraded messages will be given in [I-D.ietf-eai-downgraded-display]. Concerns about the trustworthiness of the Downgraded-* header fields are not limited to displaying and replying in MUAs, and should be carefully considered before using them for other purposes as well. See "Security considerations" section in [RFC4952] for more discussion. 8. Implementation notes 8.1. RFC 2047 encoding While [RFC2047] has a specific algorithm to deal with whitespace in adjacent encoded-words, there are a number of deployed implementations that fail to implement the algorithm correctly. As a result, whitespace behavior is somewhat unpredictable in practice when multiple encoded words are used. While RFC 5322 states that Fujiwara & YONEYA Expires September 3, 2009 [Page 15] Internet-Draft UTF8SMTP Downgrade March 2009 implementations SHOULD limit lines to not more than 78 characters, implementations MAY choose to allow overlong encoded words in order to work around faulty [RFC2047] implementations. Implementations that choose to do so SHOULD have an optional mechanism to limit line length to 78 characters. 8.2. Trivial downgrading Downgrading is an alternative to avoid the rejection of messages which require UTF8SMTP support by a server which does not provide this. Implementing the full specification of this document is desirable, but a partial implementation is also possible. If a partial downgrading implementation confronts an unsupported downgrading target, the implementation MUST NOT send the message to a server which does not support UTF8SMTP. Instead, it MUST reject the message or generate a notification of non-deliverability. A partial downgrading, Trivial downgrading is discussed. It does not support non-ASCII addresses in SMTP envelope and address header fields, unknown header fields downgrading, the MIME body part header fields downgrading. It supports o some simple header fields downgrading: Subject o comments and display name downgrading: From, To, Cc o trace header field downgrading: Received Otherwise, the downgrading fails. Trivial downgrading targets mail messages which are generated by UTF8SMTP aware MUAs and contain non-ASCII characters in comments, display names, unstructured parts without using non-ASCII E-mail addresses. This mail message does not contain non-ASCII E-mail addresses in the SMTP Envelope and its header fields. But it is not deliverable via a UTF8SMTP un-aware SMTP server. Implementing full specification downgrading may be hard, but trivial downgrading saves mail messages without using non-ASCII addresses. 8.3. 7bit transport consideration The SMTP client may encounter a SMTP server which does not support the 8BITMIME SMTP extension [RFC1652]. The server does not support "8bit" or "binary" data. Implementers need to consider converting "8bit" data to "base64" or "quoted-printable" encoded form and adjust the "Content-Transfer-Encoding" header field accordingly. If the body contains multiple MIME parts, this conversion MUST be performed for each MIME part. Fujiwara & YONEYA Expires September 3, 2009 [Page 16] Internet-Draft UTF8SMTP Downgrade March 2009 9. IANA Considerations IANA is requested to register the following header fields in the Permanent Message Header Field Repository, in accordance with the procedures set out in [RFC3864]. Header field name: Downgraded-Mail-From Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Rcpt-To Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-From Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Sender Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-To Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Cc Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Bcc Applicable protocol: mail Fujiwara & YONEYA Expires September 3, 2009 [Page 17] Internet-Draft UTF8SMTP Downgrade March 2009 Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Reply-To Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Resent-From Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Resent-Sender Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Resent-To Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Resent-Cc Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Resent-Bcc Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Resent-Reply-To Applicable protocol: mail Status: experimental Author/change controller: IETF Fujiwara & YONEYA Expires September 3, 2009 [Page 18] Internet-Draft UTF8SMTP Downgrade March 2009 Specification document(s): This document (Section 3) Header field name: Downgraded-Return-Path Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Header field name: Downgraded-Disposition-Notification-To Applicable protocol: mail Status: experimental Author/change controller: IETF Specification document(s): This document (Section 3) Furthermore, IANA is requested to refuse registration of all the field names that start with "Downgraded-" for unknown header fields downgrading described in Section 3.3 to avoid conflicts with existing IETF activity (Email Address Internationalization). 10. Acknowledgements Significant comments and suggestions were received from John Klensin, Harald Alvestrand, Chris Newman, Randall Gellens, Charles Lindsey, Marcos Sanz, Alexey Melnikov, Frank Ellermann, Edward Lewis, S. Moonesamy and JET members. 11. Change History This section is used for tracking the update of this document. Will be removed after finalize. 11.1. draft-yoneya-ima-downgrade: Version 00 o Initial version o Followed draft-yeh-ima-utf8headers-00 and draft-yao-smtpext-00 11.2. draft-yoneya-ima-downgrade: Version 01 o Document structure was changed o Followed draft-yeh-ima-utf8headers-01 and draft-yao-smtpext-02 o Downgrading requirements were added o SMTP DATA encapsulation method was proposed o Downgrading examples was provided Fujiwara & YONEYA Expires September 3, 2009 [Page 19] Internet-Draft UTF8SMTP Downgrade March 2009 11.3. draft-ietf-eai-downgrade: Version 00 o Followed draft-yeh-ima-utf8headers-01 and draft-ietf-eai-smtpext-00 o No header field downgrading method was proposed o Header encapsulation method was proposed 11.4. draft-ietf-eai-downgrade: Version 01 o Followed draft-ietf-eai-utf8headers-00 o Header conversion and encapsulation method was merged o Header conversion method was defined in detail 11.5. draft-ietf-eai-downgrade: Version 02 o Followed draft-ietf-eai-utf8headers-01 and draft-ietf-eai-smtpext-01 o Specification about algorithmic generated address is removed o No header field downgrading method was removed o SMTP DATA encapsulation method was removed 11.6. draft-ietf-eai-downgrade: Version 03 o Followed draft-ietf-eai-utf8headers-03 and draft-ietf-eai-smtpext-03 o Downgraded: and Envelope-Downgraded: headers definition was added o Mail header fields downgrading method was refined o Examples in Appendix A were refined 11.7. draft-ietf-eai-downgrade: Version 04 o Followed draft-ietf-eai-utf8headers-06, draft-ietf-eai-smtpext-07 and draft-ietf-eai-dsn-02 o Downgrading requirements and conditions were moved to Introduction. o Descriptions about upgrading were removed. o SPF and DKIM discussion were removed. o Added many header fields downgrading. o Allow address literal rewriting without alternate ASCII address in header fields. o Added MIME body part headers downgrading. o Added ORCPT downgrading. 11.8. draft-ietf-eai-downgrade: Version 05 o fixed examples Fujiwara & YONEYA Expires September 3, 2009 [Page 20] Internet-Draft UTF8SMTP Downgrade March 2009 * ALT-ADDRESS parameter mistake * RFC2047(x) notation was changed to encoded-word format o Added implementation consideration section and trivial downgrading o Downgraded: and Envelope-Downgraded: headers are separated for each original headers. o Removed list-* header fields downgrading o Changed the way of writing the header field downgrading section 11.9. draft-ietf-eai-downgrade: Version 06 o Moved decoding downgraded messages as a separate document o Added a text to UNSTRUCTURED downgrading o Added "replacing SMTP connection" if necessary to SMTP downgrading. o fixed examples 11.10. draft-ietf-eai-downgrade: Version 07 o Fixed some typos o Added a text about 7bit transport 11.11. draft-ietf-eai-downgrade: Version 08 o Comments from the working group last call (wording) 11.12. draft-ietf-eai-downgrade: Version 09 o References 11.13. draft-ietf-eai-downgrade: Version 10 o Comments from AD Review 11.14. draft-ietf-eai-downgrade: Version 11 o IETF Last call: Comments from Gen-ART and IANA o Added new downgraded header field definitions for Resent-Reply-To, Recent-Bcc and Disposition-Notification-To o Separated "Email header fields downgrading" section into subsections o Updated ORCPT and TYPED-ADDRESS downgrading 11.15. draft-ietf-eai-downgrade: Version 12 o Comments from IESG o rewrite all 'header' to 'header field'. Fujiwara & YONEYA Expires September 3, 2009 [Page 21] Internet-Draft UTF8SMTP Downgrade March 2009 12. References 12.1. Normative References [RFC1652] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D. Crocker, "SMTP Service Extension for 8bit-MIMEtransport", RFC 1652, July 1994. [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, November 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2183] Troost, R., Dorner, S., and K. Moore, "Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field", RFC 2183, August 1997. [RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations", RFC 2231, November 1997. [RFC2979] Freed, N., "Behavior of and Requirements for Internet Firewalls", RFC 2979, October 2000. [RFC3461] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications (DSNs)", RFC 3461, January 2003. [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003. [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration Procedures for Message Header Fields", BCP 90, RFC 3864, September 2004. [RFC4021] Klyne, G. and J. Palme, "Registration of Mail and MIME Header Fields", RFC 4021, March 2005. [RFC4952] Klensin, J. and Y. Ko, "Overview and Framework for Internationalized Email", RFC 4952, July 2007. Fujiwara & YONEYA Expires September 3, 2009 [Page 22] Internet-Draft UTF8SMTP Downgrade March 2009 [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, October 2008. [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, October 2008. [RFC5335] Abel, Y., "Internationalized Email Headers", RFC 5335, September 2008. [RFC5336] Yao, J. and W. Mao, "SMTP Extension for Internationalized Email Addresses", RFC 5336, September 2008. [RFC5337] Newman, C. and A. Melnikov, "Internationalized Delivery Status and Disposition Notifications", RFC 5337, September 2008. 12.2. Informative References [I-D.ietf-eai-downgraded-display] Fujiwara, K., "Displaying Downgraded Messages for Email Address Internationalization", draft-ietf-eai-downgraded-display-00 (work in progress), October 2008. [I-D.ietf-eai-dsnbis] Newman, C. and A. Melnikov, "Internationalized Delivery Status and Disposition Notifications", draft-ietf-eai-dsnbis-00 (work in progress), December 2008. Appendix A. Examples A.1. Downgrading example 1 This section shows an SMTP Downgrading example. Consider a mail message where: o The sender address is "NON-ASCII-local@example.com" which is a non-ASCII address. Its ASCII alternative is "ASCII-local@example.com" and its display-name is "DISPLAY-local". o The "To:" address is "NON-ASCII-remote1@example.net" which is a non-ASCII address. Its ASCII alternative is "ASCII-remote1@example.net" and its display-name is "DISPLAY- remote1". o The "Cc:" address is a non-ASCII address "NON-ASCII-remote2@example.org" without alternative ASCII address. Its display-name is "DISPLAY-remote2". Fujiwara & YONEYA Expires September 3, 2009 [Page 23] Internet-Draft UTF8SMTP Downgrade March 2009 o Three display-names contain non-ASCII characters. o The Subject header field is "NON-ASCII-SUBJECT" which contains non-ASCII characters. o Assuming the "To:" recipient's MTA (example.net) does not support UTF8SMTP. o assuming the "Cc:" recipient's MTA (example.org) supports UTF8SMTP. The example SMTP envelope/message is shown in Figure 1. In this example, the "To:" recipient's session is the focus. MAIL FROM: <NON-ASCII-local@example.com> ALT-ADDRESS=ASCII-local@example.com RCPT TO: <NON-ASCII-remote1@example.net> ALT-ADDRESS=ASCII-remote1@example.net RCPT TO: <NON-ASCII-remote2@example.org> ------------------------------------------------------------- Message-Id: MESSAGE_ID Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Subject: NON-ASCII-SUBJECT From: DISPLAY-local <NON-ASCII-local@example.com <ASCII-local@example.com>> To: DISPLAY-remote1 <NON-ASCII-remote1@example.net <ASCII-remote1@example.net>> Cc: DISPLAY-remote2 <NON-ASCII-remote2@example.org> Date: DATE MAIL_BODY Figure 1: Original envelope/message (example 1) In this example, there are two SMTP recipients, one is "To:", the other is "Cc:". The SMTP downgrading treats To: session downgrading. Figure 2 shows SMTP downgraded example. Fujiwara & YONEYA Expires September 3, 2009 [Page 24] Internet-Draft UTF8SMTP Downgrade March 2009 MAIL FROM: <ASCII-local@example.com> RCPT TO: <ASCII-remote1@example.net> ------------------------------------------------------------- Downgraded-Mail-From: =?UTF-8?Q?<NON-ASCII-local@example.com_?= =?UTF-8?Q?<ASCII-local@example.com>>?= Downgraded-Rcpt-To: =?UTF-8?Q?<NON-ASCII-remote1@example.net_?= =?UTF-8?Q?<ASCII-remote1@example.net>>?= Message-Id: MESSAGE_ID Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Subject: NON-ASCII-SUBJECT From: DISPLAY-local <NON-ASCII-local@example.com <ASCII-local@example.com>> To: DISPLAY-remote1 <NON-ASCII-remote1@example.net <ASCII-remote1@example.net>> Cc: DISPLAY-remote2 <NON-ASCII-remote2@example.org> Date: DATE MAIL_BODY Figure 2: SMTP Downgraded envelope/message (example 1) After SMTP downgrading, header fields downgrading is performed. Final downgraded message is shown in Figure 3. Return-Path header field will be added by the final destination MTA. Fujiwara & YONEYA Expires September 3, 2009 [Page 25] Internet-Draft UTF8SMTP Downgrade March 2009 Return-Path: <ASCII-local@example.com> Downgraded-Mail-From: =?UTF-8?Q?<NON-ASCII-local@example.com_?= =?UTF-8?Q?<ASCII-local@example.com>>?= Downgraded-Rcpt-To: =?UTF-8?Q?<NON-ASCII-remote1@example.net_?= =?UTF-8?Q?<ASCII-remote1@example.net>>?= Message-Id: MESSAGE_ID Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Subject: =?UTF-8?Q?NON-ASCII-SUBJECT?= From: =?UTF-8?Q?DISPLAY-local?= <ASCII-local@example.com> Downgraded-From: =?UTF-8?Q?DISPLAY-local_<NON-ASCII-local@example.com_?= =?UTF-8?Q?<ASCII-local@example.com>>?= To: =?UTF-8?Q?DISPLAY-remote1?= <ASCII-remote1@example.net> Downgraded-To: =?UTF-8?Q?DISPLAY-remote1_?= =?UTF-8?Q?<NON-ASCII-remote1@example.net_<ASCII-remote1@example.net>>?= Cc: =?UTF-8?Q?DISPLAY-remote2?= Internationalized address =?UTF-8?Q?NON-ASCII-remote2@example.org?= removed:; Downgraded-Cc: =?UTF-8?Q?DISPLAY-remote2_?= =?UTF-8?Q?<NON-ASCII-remote2@example.org>?= Date: DATE MAIL_BODY Figure 3: Downgraded message (example 1) A.2. Downgrading example 2 In many cases, the sender wants to use non-ASCII address and the recipient is a traditional mail user. The SMTP server handing mail for the recipient and/or the recipient's MUA does not support UTF8SMTP extension. Consider a mail message where: o The sender address is "NON-ASCII-local@example.com" which is a non-ASCII address. Its ASCII alternative is "ASCII-local@example.com". It has a display-name "DISPLAY-local" which contains non-ASCII characters. o The "To:" address is "ASCII-remote1@example.net" which is ASCII only. It has a display-name "DISPLAY-remote1" which contains non- ASCII characters. o The "Subject:" header field is "NON-ASCII-SUBJECT" which contains non-ASCII characters. The second example envelope/message is shown in Figure 4. Fujiwara & YONEYA Expires September 3, 2009 [Page 26] Internet-Draft UTF8SMTP Downgrade March 2009 MAIL From: <NON-ASCII-local@example.com> ALT-ADDRESS=ASCII-local@example.com RCPT TO: <ASCII-remote1@example.net> ------------------------------------------------------------- Message-Id: MESSAGE_ID Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Subject: NON-ASCII-SUBJECT From: DISPLAY-local <NON-ASCII-local@example.com <ASCII-local@example.com>> To: DISPLAY-remote1 <ASCII-remote1@example.net> Date: DATE MAIL_BODY Figure 4: Original message (example 2) In this example, SMTP session is downgradable. Figure 5 shows SMTP downgraded envelope/message. MAIL From: <ASCII-local@example.com> RCPT TO: <ASCII-remote1@example.net> ------------------------------------------------------------- Downgraded-Mail-From: =?UTF-8?Q?<NON-ASCII-local@example.com_?= ?=UTF8?Q?<ASCII-local@example.com>>?= Message-Id: MESSAGE_ID Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Subject: NON-ASCII-SUBJECT From: DISPLAY-local <NON-ASCII-local@example.com <ASCII-local@example.com>> To: DISPLAY-remote1 <ASCII-remote1@example.net> Date: DATE MAIL_BODY Figure 5: SMTP Downgraded envelope/message (example 2) After SMTP downgrading, header fields downgrading is performed. The downgraded example is shown in Figure 6. Fujiwara & YONEYA Expires September 3, 2009 [Page 27] Internet-Draft UTF8SMTP Downgrade March 2009 Return-Path: <ASCII-local@example.com> Downgraded-Mail-From: =?UTF-8?Q?<NON-ASCII-local@example.com_?= =?UTF8?Q?<ASCII-local@example.com>>?= Message-Id: MESSAGE_ID Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 8bit Subject: =?UTF-8?Q?NON-ASCII-SUBJECT?= Downgraded-From: =?UTF-8?Q?DISPLAY-local_<NON-ASCII-local@example.com_?= =?UTF-8?Q?<ASCII-local@example.com>>?= From: =?UTF-8?Q?DISPLAY-local?= <ASCII-local@example.com> To: =?UTF-8?Q?DISPLAY-remote1?= <ASCII-remote1@example.net> Date: DATE MAIL_BODY Figure 6: Downgraded message (example 2) Authors' Addresses Kazunori Fujiwara (editor) Japan Registry Services Co., Ltd. Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda Chiyoda-ku, Tokyo 101-0065 Japan Phone: +81 3 5215 8451 Email: fujiwara@jprs.co.jp Yoshiro YONEYA (editor) Japan Registry Services Co., Ltd. Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda Chiyoda-ku, Tokyo 101-0065 Japan Phone: +81 3 5215 8451 Email: yone@jprs.co.jp Fujiwara & YONEYA Expires September 3, 2009 [Page 28]