[Search] [txt|pdf|bibtex] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 rfc6857             Standards Track
Email Address Internationalization                           K. Fujiwara
(EAI)                                                               JPRS
Internet-Draft                                              Feb 27, 2012
Updates: 5322 (if approved)
Intended status: Standards Track
Expires: August 30, 2012


 Post-delivery Message Downgrading for Internationalized Email Messages
                draft-ietf-eai-popimap-downgrade-04.txt

Abstract

   The Email Address Internationalization (SMTPUTF8) extension allows
   UTF-8 characters in mail header fields.  Upgraded POP and IMAP
   servers support internationalized email messages.  If a POP/IMAP
   client does not support Email Address Internationalization, POP/IMAP
   servers cannot send Internationalized Email Headers to the client and
   cannot remove the message.  To avoid the situation, this document
   describes a conversion mechanism for internationalized Email messages
   to be traditional message format.  The purpose of post-delivery
   message downgrading is to enable POP/IMAP servers to deliver
   internationalized messages to traditional POP/IMAP clients.  In the
   process, message elements requiring internationalized treatment can
   be removed or recoded and receivers can know they received messages
   containing such elements even if they cannot receive the elements
   themselves.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on August 30, 2012.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the



Fujiwara                 Expires August 30, 2012                [Page 1]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Problem statement  . . . . . . . . . . . . . . . . . . . .  4
     1.2.  Possible solutions . . . . . . . . . . . . . . . . . . . .  4
     1.3.  Approach taken in this specification . . . . . . . . . . .  4
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  5
   3.  Updating RFC 5322  . . . . . . . . . . . . . . . . . . . . . .  6
   4.  New Header Fields Definition . . . . . . . . . . . . . . . . .  7
   5.  Email Header Fields Downgrading  . . . . . . . . . . . . . . .  8
     5.1.  Downgrading Method for Each ABNF Element . . . . . . . . .  8
       5.1.1.  RECEIVED Downgrading . . . . . . . . . . . . . . . . .  8
       5.1.2.  UNSTRUCTURED Downgrading . . . . . . . . . . . . . . .  8
       5.1.3.  WORD Downgrading . . . . . . . . . . . . . . . . . . .  8
       5.1.4.  COMMENT Downgrading  . . . . . . . . . . . . . . . . .  8
       5.1.5.  MIME-VALUE Downgrading . . . . . . . . . . . . . . . .  9
       5.1.6.  DISPLAY-NAME Downgrading . . . . . . . . . . . . . . .  9
       5.1.7.  GROUP Downgrading  . . . . . . . . . . . . . . . . . .  9
       5.1.8.  MAILBOX Downgrading  . . . . . . . . . . . . . . . . .  9
       5.1.9.  ENCAPSULATION Downgrading  . . . . . . . . . . . . . . 10
       5.1.10. TYPED-ADDRESS Downgrading  . . . . . . . . . . . . . . 10
     5.2.  Downgrading Method for Each Header Field . . . . . . . . . 10
       5.2.1.  Address Header Fields That Contain <address>s  . . . . 10
       5.2.2.  Address Header Fields with Typed Addresses . . . . . . 11
       5.2.3.  Downgrading Non-ASCII in Comments  . . . . . . . . . . 11
       5.2.4.  Message-ID Header Fields . . . . . . . . . . . . . . . 11
       5.2.5.  Received Header Field  . . . . . . . . . . . . . . . . 12
       5.2.6.  MIME Content Header Fields . . . . . . . . . . . . . . 12
       5.2.7.  Non-ASCII in <unstructured>  . . . . . . . . . . . . . 12
       5.2.8.  Non-ASCII in <phrase>  . . . . . . . . . . . . . . . . 12
       5.2.9.  Other Header Fields  . . . . . . . . . . . . . . . . . 12
   6.  MIME Body-Part Header Field Downgrading  . . . . . . . . . . . 13
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 13
   8.  Implementation Notes . . . . . . . . . . . . . . . . . . . . . 14
     8.1.  RFC 2047 Encoding  . . . . . . . . . . . . . . . . . . . . 14
   9.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 15



Fujiwara                 Expires August 30, 2012                [Page 2]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
   11. Change History . . . . . . . . . . . . . . . . . . . . . . . . 16
     11.1. Version 00 . . . . . . . . . . . . . . . . . . . . . . . . 16
     11.2. Version 01 . . . . . . . . . . . . . . . . . . . . . . . . 16
     11.3. Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 16
     11.4. Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 16
     11.5. Version 04 . . . . . . . . . . . . . . . . . . . . . . . . 17
   12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 17
     12.1. Normative References . . . . . . . . . . . . . . . . . . . 17
     12.2. Informative References . . . . . . . . . . . . . . . . . . 18
   Appendix A.  Examples  . . . . . . . . . . . . . . . . . . . . . . 18
     A.1.  Downgrading Example  . . . . . . . . . . . . . . . . . . . 18







































Fujiwara                 Expires August 30, 2012                [Page 3]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


1.  Introduction

1.1.  Problem statement

   Traditional (legacy) mail systems, which are defined by [RFC5322],
   allow only ASCII characters in mail header field values.  The
   SMTPUTF8 extension ([RFC6530] and [RFC6532] allows UTF-8 characters
   in those mail header fields.

   If a header field contains non-ASCII characters, POP/IMAP servers
   cannot send Internationalized Email Headers to legacy clients and,
   because they have no obvious or standardized way to explain what is
   going on to those clients, cannot even safely discard the message.

1.2.  Possible solutions

   Discussions leading to this specification concluded that there are
   four plausible approaches to the problem, with the preferred one
   depending on the particular circumstances and relationship among the
   delivery SMTP server, the mail store, the POP or IMAP server, and the
   users and their MUA clients:

   1.  If the delivery MTA has sufficient knowledge about the POP and/or
       IMAP servers and clients being used, the message may be rejected
       as undeliverable.

   2.  The message may be downgraded by the POP or IMAP server, in a way
       that preserves maximum information at the expense of some
       complexity.

   3.  Some intermediate downgrading may be applied that balances more
       information loss against lower complexity and greater ease of
       implementation.

   4.  The POP or IMAP server may fabricate a message whose intent is to
       notify the client that an internationalized message is waiting
       but cannot be delivered until an upgraded client is available.

1.3.  Approach taken in this specification

   This specification describes the second of those options.  It is
   worth noticing that, at least in the general case, none of these
   options preserve sufficient information to guarantee that it is
   possible to reply to an incoming message without loss of information,
   so the choice may be considered to be among "least bad" options.

   This message downgrading mechanism converts mail header fields to an
   all-ASCII representation.  The POP/IMAP servers can use the



Fujiwara                 Expires August 30, 2012                [Page 4]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   downgrading mechanism and send the Internationalized Email message as
   a traditional form.  Receivers can know they received some
   internationalized messages or some unknown/broken messages.

   [RFC6532] allows UTF-8 characters to be used in mail header fields
   and MIME header fields.  The message downgrading mechanism specified
   here describes the conversion method from the internationalized email
   messages that are defined in [RFC6530], and [RFC6532] to the
   traditional email messages defined in [RFC5322].

   There is no good way to convert "From:" and "Sender:" header fields,
   this document updates [RFC5322] by redefining "From:" and "Sender:"
   header fields in Section 3.

   This document provides a precise definition of the minimum-
   information-loss message downgrading process.

   Downgrading consists of the following three parts:


   o  New header field definitions

   o  Email header field downgrading

   o  MIME header field downgrading

   In Section 4 of this document, header fields starting with
   "Downgraded-" are introduced.  They preserve the information that
   appeared in the original header fields.

   Email header field downgrading is described in Section 5.  It
   generates ASCII-only header fields.

   MIME header fields are expanded in [RFC6532].  MIME header field
   downgrading is described in Section 6.  It generates ASCII-only MIME
   header fields.

   Displaying downgraded messages that originally contained
   internationalized header fields is out of scope of this document.  A
   POP/IMAP client which does not support UTF8 extension does not know
   internationalized message format described in [RFC6532].

2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].




Fujiwara                 Expires August 30, 2012                [Page 5]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   All specialized terms used in this specification are defined in the
   Overview and Framework for Internationalized Email [RFC6530], in the
   mail message specifications [RFC5322], or in the MIME documents
   [RFC2045] [RFC2047] [RFC2183] [RFC2231].  The terms "ASCII address",
   "internationalized email address", "non-ASCII address", "i18mail
   address", "SMTPUTF8", "message", and "mailing list" are used with the
   definitions from [RFC6530].

   This document depends on [RFC6532].  Key words used in those
   documents are used in this document, too.

   The term "non-ASCII" refers to a UTF-8 string that contains at least
   one non-ASCII character.

   A "SMTPUTF8 message" is an email message expanded by [RFC6532].

3.  Updating RFC 5322

   "From:" header field or "Sender:" header field may contain non-ASCII
   addresses in internationalized Email messages.  These non-ASCII
   addresses are not allowed in [RFC5322].  The draft proposes that the
   pop/imap downgrading uses <group> syntax and encodes non-ASCII
   addresses into <display-name> with empty <group-list> described in
   Section 5.

   This specification redefines "From:", "Sender:", "Resent-From:" and
   "Resent-Sender:" header fields defined in Section 3.6.2 and 3.6.6 of
   [RFC5322] to allow <group> in the header fields.


   from            =   "From:" address-list CRLF
   resent-from     =   "Resent-From:" address-list CRLF
   sender          =   "Sender:" address CRLF
   resent-sender   =   "Resent-Sender:" address CRLF


   This adds group syntax to "From" and "Sender" that was previously
   allowed only in destination fields such as "To" and "cc".  It is
   anticipated that when existing implementations encounter a downgraded
   field from this set, many will tolerate the appearance of a group,
   even though [RFC5322] does not permit it.  Implementations that do
   not tolerate it will fail in unpredictable ways, and they might
   refuse to process such messages.

   [[ Notes in Draft: If this update is rejected, one possible solution
   is to rewrite each <addr-spec> element in "From" and "Sender" header
   fields as




Fujiwara                 Expires August 30, 2012                [Page 6]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   ENCODED-WORD "<" NO_EXISTING_ADDRESS ">"


   where the <ENCODED-WORD> is the original <addr-spec> encoded
   according to [RFC2047] and NO_EXISTING_ADDRESS is an ASCII email
   address which does not exist, should, as illustrated in the example
   below, always generate an error and is specified by the administrator
   of the POP3 or IMAP server.

   For example, if the local-part of the "From:" address were the
   Russian (in Cyrillic) equivalent of Ivan, with domain-part
   "foo.example.net" and the IMAP server being used by the recipient was
   "imap.example.com", the encoded word from suggested in this note
   might appear as:


   From: =?UTF-8?Q?=d0=b8=d0=b2=d0=b0=d0=bd@foo.example.net?=
         <invalid-i18n-address@imap.example.com>


   That would lead to immediate rejection if a user attempted to reply
   uncritically to the message.

4.  New Header Fields Definition

   New header fields are defined to preserve information that appeared
   in non-ASCII text in header fields of the incoming message.  The
   values of the new fields holds the original header field value in
   encoded form.  The revised header field syntax is specified as
   follows:


   fields                   =/ downgraded

   downgraded =  "Downgraded-Message-Id:"         unstructured CRLF /
                 "Downgraded-Resent-Message-Id:"  unstructured CRLF /
                 "Downgraded-In-Reply-To:"        unstructured CRLF /
                 "Downgraded-References:"         unstructured CRLF /
                 "Downgraded-Original-Recipient:" unstructured CRLF /
                 "Downgraded-Final-Recipient:"    unstructured CRLF


   To preserve a header field in a "Downgraded-" header field:

   1.  Generate a new header field.

       *  The field name is a concatenation of "Downgraded-" and the
          original field name.



Fujiwara                 Expires August 30, 2012                [Page 7]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


       *  The initial new field value is the original header field
          value.

   2.  Treat the initial new header field value as if it were
       unstructured, and then apply [RFC2047] encoding with charset
       UTF-8 as necessary so that the resulting new header field value
       is completely in ASCII.

   3.  Remove the original header field.

5.  Email Header Fields Downgrading

   This section defines the conversion method to ASCII for each header
   field that may contain non-ASCII characters.

   [RFC6532] expands "Received:" header fields; [RFC5322] describes ABNF
   elements <mailbox>, <word>, <comment>, <unstructured>; [RFC2045]
   describes ABNF element <value>.

5.1.  Downgrading Method for Each ABNF Element

   Header field downgrading is defined below for each ABNF element.
   Converting the header field terminates when no non-ASCII characters
   remain in the header field.

5.1.1.  RECEIVED Downgrading

   If the header field name is "Received:" and the FOR clause contains a
   non-ASCII address, remove the FOR clause from the header field.
   Other parts (not counting <comment>s) should not contain non-ASCII
   values.

5.1.2.  UNSTRUCTURED Downgrading

   If the header field has an <unstructured> field that contains non-
   ASCII characters, apply [RFC2047] encoding with charset UTF-8.

5.1.3.  WORD Downgrading

   If the header field has any <word> fields that contain non-ASCII
   characters, apply [RFC2047] encoding with charset UTF-8.

5.1.4.  COMMENT Downgrading

   If the header field has any <comment> fields that contain non-ASCII
   characters, apply [RFC2047] encoding with charset UTF-8.





Fujiwara                 Expires August 30, 2012                [Page 8]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


5.1.5.  MIME-VALUE Downgrading

   If the header field has any <value> elements defined by [RFC2045] and
   the elements contain non-ASCII characters, encode the <value>
   elements according to [RFC2231] with charset UTF-8 and leave the
   language information empty.  If the <value> element is <quoted-
   string> and it contains <CFWS> outside the DQUOTE, remove the <CFWS>
   before this conversion.

5.1.6.  DISPLAY-NAME Downgrading

   If the header field has any <address> (<mailbox> or <group>) elements
   and they have <display-name> elements that contain non-ASCII
   characters, encode the <display-name> elements according to [RFC2047]
   with charset UTF-8.  DISPLAY-NAME downgrading is the same algorithm
   as WORD downgrading.

5.1.7.  GROUP Downgrading

   <group> is defined in Section 3.4 of [RFC5322].  The <group> elements
   may contain <mailbox>s which contain non-ASCII addresses.

   If the header field has any <group> elements that contain <mailbox>
   elements, and those <mailbox> elements in turn contain non-ASCII
   addresses, rewrite each <group> element as


   display-name ENCODED_WORD " :;"


   where the <ENCODED_WORD> is the original <group-list> encoded
   according to [RFC2047].

5.1.8.  MAILBOX Downgrading

   The <mailbox> elements have no equivalent format for non-ASCII
   addresses.  If the header field has any <mailbox> elements that
   contain non-ASCII characters in their <addr-spec> element, rewrite
   each <addr-spec> element to ASCII-only format.  The <addr-spec>
   element that contains non-ASCII characters may appear in two forms
   as:


   "<" addr-spec ">"
   addr-spec


   Rewrite both as:



Fujiwara                 Expires August 30, 2012                [Page 9]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   ENCODED-WORD " :;"


   where the <ENCODED-WORD> is the original <addr-spec> encoded
   according to [RFC2047].

5.1.9.  ENCAPSULATION Downgrading

   Encapsulate the header field in a "Downgraded-" header field as
   described in Section 4 as a last resort.

   Applying this procedure to "Received:" header field is prohibited.
   ENCAPSULATION Downgrading is allowed for "Message-ID",
   "In-Reply-To:", "References:", "Original-Recipient" and "Final-
   Recipient" header fields.

5.1.10.  TYPED-ADDRESS Downgrading

   If the header field contains <utf-8-type-addr> and the <utf-8-type-
   addr> contains raw non-ASCII characters, it is in utf-8-address form.
   Convert it to utf-8-addr-xtext form.  Those forms are described in
   [RFC6533].  COMMENT downgrading is also performed in this case.  If
   the address type is unrecognized and the header field contains non-
   ASCII characters, then fall back to using ENCAPSULATION downgrading
   on the entire header field.

5.2.  Downgrading Method for Each Header Field

   Header fields are listed in [RFC4021].  This section describes the
   downgrading method for each header field.

   If the whole mail header field does not contain non-ASCII characters,
   email header field downgrading is not required.  Each header field's
   downgrading method is described below.

5.2.1.  Address Header Fields That Contain <address>s


   From:
   Sender:
   To:
   Cc:
   Bcc:
   Reply-To:







Fujiwara                 Expires August 30, 2012               [Page 10]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   Resent-From:
   Resent-Sender:
   Resent-To:
   Resent-Cc:
   Resent-Bcc:
   Resent-Reply-To:
   Return-Path:
   Disposition-Notification-To:

   If the header field contains <group> elements that contain non-ASCII
   addresses, perform COMMENT downgrading, DISPLAY-NAME downgrading, and
   GROUP downgrading.

   If the header field contains <mailbox> elements that contain non-
   ASCII addresses, perform COMMENT downgrading, DISPLAY-NAME
   downgrading, and MAILBOX downgrading.

5.2.2.  Address Header Fields with Typed Addresses


   Original-Recipient:
   Final-Recipient:

   If the header field contains non-ASCII characters, perform TYPED-
   ADDRESS downgrading.

5.2.3.  Downgrading Non-ASCII in Comments


   Date:
   Resent-Date:
   MIME-Version:
   Content-ID:
   Content-Transfer-Encoding:
   Content-Language:
   Accept-Language:
   Auto-Submitted:

   These header fields do not contain non-ASCII characters except in
   comments.  If the header field contains UTF-8 characters in comments,
   perform COMMENT downgrading.

5.2.4.  Message-ID Header Fields








Fujiwara                 Expires August 30, 2012               [Page 11]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   Message-ID:
   Resent-Message-ID:
   In-Reply-To:
   References:

   Perform ENCAPSULATION Downgrading.

5.2.5.  Received Header Field

   Received:

   Perform COMMENT downgrading and RECEIVED downgrading.

5.2.6.  MIME Content Header Fields


   Content-Type:
   Content-Disposition:

   Perform MIME-VALUE downgrading and COMMENT downgrading.

5.2.7.  Non-ASCII in <unstructured>


   Subject:
   Comments:
   Content-Description:

   Perform UNSTRUCTURED downgrading.

5.2.8.  Non-ASCII in <phrase>

   Keywords:

   Perform WORD downgrading.

5.2.9.  Other Header Fields

   There are other header fields that contain non-ASCII characters.
   They are user-defined and missing from this document, or future
   defined header fields.  They are treated as "Optional Fields" and
   their field value are treated as unstructured described in Section
   3.6.8 of [RFC5322].

   Perform UNSTRUCTURED downgrading.

   If the software understands the header field's structure and a
   downgrading algorithm other than UNSTRUCTURED is applicable, that



Fujiwara                 Expires August 30, 2012               [Page 12]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   software SHOULD use that algorithm; UNSTRUCTURED downgrading is used
   as a last resort.

   Mailing list header fields (those that start in "List-") are part of
   this category.

6.  MIME Body-Part Header Field Downgrading

   MIME body-part header fields may contain non-ASCII characters
   [RFC6532].  This section defines the conversion method to ASCII-only
   header fields for each MIME header field that contains non-ASCII
   characters.  Parse the message body's MIME structure at all levels
   and check each MIME header field to see whether it contains non-ASCII
   characters.  If the header field contains non-ASCII characters in the
   header field value, the header field is a target of the MIME body-
   part header field's downgrading.  Each MIME header field's
   downgrading method is described below.  COMMENT downgrading, MIME-
   VALUE downgrading, and UNSTRUCTURED downgrading are described in
   Section 5.

   Content-ID:
      The "Content-ID:" header field does not contain non-ASCII
      characters except in comments.  If the header field contains UTF-8
      characters in comments, perform COMMENT downgrading.

   Content-Type:

   Content-Disposition:
      Perform MIME-VALUE downgrading and COMMENT downgrading.

   Content-Description:  Perform UNSTRUCTURED downgrading.

7.  Security Considerations

   The purpose of post-delivery message downgrading is to allow POP/IMAP
   servers to deliver internationalized messages to traditional POP/IMAP
   clients and permit them to work with those messages.  Users who
   receive such messages can know that they were internationalized.  It
   does not permit receivers to read the messages in their original form
   and, in general, will not permit generating replies, at least without
   significant user intervention.

   This specification is designed so that MUAs that receive converted
   messages may be traditional and SMTPUTF8-unaware.  The specification
   assumes that such MUAs have no special provisions for either
   "Downgraded-" header fields or the new syntax of From and Sender
   header fields described in Section 3.




Fujiwara                 Expires August 30, 2012               [Page 13]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   A downgraded message's header fields contain ASCII characters only.
   But they still contain MIME-encapsulated header fields that contain
   non-ASCII UTF-8 characters.  Furthermore, the body part may contain
   UTF-8 characters.  Implementations parsing Internet messages need to
   accept UTF-8 body parts and UTF-8 header fields that are MIME-
   encoded.  Thus, this document inherits the security considerations of
   MIME-encoded header fields ([RFC2047] and [RFC3629]).

   Rewriting header fields increases the opportunities for undetected
   spoofing by malicious senders.  However, the rewritten header field
   values are preserved in equivalent MIME form or in newly defined
   header fields which traditional MUAs do not care.

   The techniques described here invalidate methods that depend on
   digital signatures over any part of the message, which includes the
   top-level header fields and body-part header fields.  Depending on
   the specific message being downgraded, at least the following
   techniques are likely to break: DomainKeys Identified Mail (DKIM),
   and possibly S/MIME and Pretty Good Privacy (PGP).  Receivers may
   know they need to update their MUAs, or they don't care.

   While information in any email header field should usually be treated
   with some suspicion, current email systems commonly employ various
   mechanisms and protocols to make the information more trustworthy.
   Information in the new Downgraded-* header fields is not inspected by
   MUAs, and may be even less trustworthy than the traditional header
   fields.  Note that the Downgraded-* header fields could have been
   inserted with malicious intent (and with content unrelated to the
   traditional header fields), however traditional MUAs do not parse
   Downgraded-* header fields.

   In addition, if an Authentication-Results header field [RFC5451] is
   present, traditional MUAs may treat that the digital signatures are
   valid.

   See the "Security Considerations" section in [RFC6530] for more
   discussion.

8.  Implementation Notes

8.1.  RFC 2047 Encoding

   While [RFC2047] has a specific algorithm to deal with whitespace in
   adjacent encoded words, there are a number of deployed
   implementations that fail to implement the algorithm correctly.  As a
   result, whitespace behavior is somewhat unpredictable in practice
   when multiple encoded words are used.  While RFC 5322 states that
   implementations SHOULD limit lines to not more than 78 characters,



Fujiwara                 Expires August 30, 2012               [Page 14]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   implementations MAY choose to allow overly long encoded words in
   order to work around faulty [RFC2047] implementations.
   Implementations that choose to do so SHOULD have an optional
   mechanism to limit line length to 78 characters.

9.  IANA Considerations

   [[RFC Editor: Please change "should now be" and "should be" to "have
   been" when the IANA actions are complete.]]

   [[ Notes in draft: this section is not finished, to be reviewed with
   IANA. ]]

   [RFC5504] registered many "Downgraded-" header fields and requested
   that 'IANA will refuse registration of all field names that start
   with "Downgraded-", to avoid possible conflict with the procedure for
   unknown header fields' preservation described in Section 3.3 of
   [RFC5504].'  However [RFC6530] obsoleted [RFC5504] and this document
   does not use all "Downgraded-" header fields registered by [RFC5504].

   The following header fields should be registered in the Permanent
   Message Header Field registry, in accordance with the procedures set
   out in [RFC3864].

   Header field name:  Downgraded-Message-Id
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 4)

   Header field name:  Downgraded-In-Reply-To
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 4)

   Header field name:  Downgraded-References
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 4)

   Header field name:  Downgraded-Original-Recipient
   Applicable protocol:  mail







Fujiwara                 Expires August 30, 2012               [Page 15]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 4)

   Header field name:  Downgraded-Final-Recipient
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 4)

10.  Acknowledgements

   This document draws heavily from the experimental in-transit message
   downgrading procedure described in RFC 5504 [RFC5504].  The
   contribution of the co-author of that earlier document, Y. Yoneya,
   are gratefully acknowledged.  Significant comments and suggestions
   were received from John Klensin, Barry Leiba, Randall Gellens, Pete
   Resnick, and other WG participants.

11.  Change History

   [[RFC Editor: Please remove this section prior to publication.]]

   This section is used for tracking the update of this document.  Will
   be removed after finalize.

11.1.  Version 00

   o  Initial version

   o  Imported header field downgrading from RFC 5504

11.2.  Version 01

   o  same as Version 00

11.3.  Version 02

   o  Added updating RFC 5322 to allow <group> syntax in From: and
      Sender

   o  Added GROUP Downgrading

11.4.  Version 03

   o  Replaced <utf8-addr-spec> with <addr-spec>





Fujiwara                 Expires August 30, 2012               [Page 16]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   o  Added updating RFC 5322 to allow <group> syntax in From: and
      Sender

   o  Added one sentence in Security considerations

   o  Updated IANA considerations

11.5.  Version 04

   o  Removed "Internationalized Address removed" from GROUP and MAILBOX
      downgrading

   o  Updated "Updating RFC 5322"

   o  Compacted new header field definition

   o  Compacted security considerations

   o  Updated IANA considerations to remove obsoleting header fields
      that are registered by RFC 5504

   o  Added a discussion of alternate downgrading models for the POP and
      IMAP cases.

   o  Incorporated a large number of editorial changes to improve
      clarity.

12.  References

12.1.  Normative References

   [RFC6530]  Klensin, J. and Y. Ko, "Overview and Framework for
              Internationalized Email", RFC 6530, February 2012.

   [RFC6532]  Yang, A., Steele, S., and N. Freed, "Internationalized
              Email Headers", RFC 6532, February 2012.

   [RFC6533]  Hansen, T., Newman, C., and A. Melnikov,
              "Internationalized Delivery Status and Disposition
              Notifications", RFC 6533, February 2012.

   [RFC2045]  Freed, N. and N. Borenstein, "Multipurpose Internet Mail
              Extensions (MIME) Part One: Format of Internet Message
              Bodies", RFC 2045, November 1996.

   [RFC2047]  Moore, K., "MIME (Multipurpose Internet Mail Extensions)
              Part Three: Message Header Extensions for Non-ASCII Text",
              RFC 2047, November 1996.



Fujiwara                 Expires August 30, 2012               [Page 17]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   [RFC2183]  Troost, R., Dorner, S., and K. Moore, "Communicating
              Presentation Information in Internet Messages: The
              Content-Disposition Header Field", RFC 2183, August 1997.

   [RFC2231]  Freed, N. and K. Moore, "MIME Parameter Value and Encoded
              Word Extensions:
              Character Sets, Languages, and Continuations", RFC 2231,
              November 1997.

   [RFC5322]  Resnick, P., Ed., "Internet Message Format", RFC 5322,
              October 2008.

   [RFC3629]  Yergeau, F., "UTF-8, a transformation format of ISO
              10646", STD 63, RFC 3629, November 2003.

   [RFC4021]  Klyne, G. and J. Palme, "Registration of Mail and MIME
              Header Fields", RFC 4021, March 2005.

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

   [RFC3864]  Klyne, G., Nottingham, M., and J. Mogul, "Registration
              Procedures for Message Header Fields", BCP 90, RFC 3864,
              September 2004.

12.2.  Informative References

   [RFC5451]  Kucherawy, M., "Message Header Field for Indicating
              Message Authentication Status", RFC 5451, April 2009.

   [RFC5504]  Fujiwara, K. and Y. Yoneya, "Downgrading Mechanism for
              Email Address Internationalization", RFC 5504, March 2009.

Appendix A.  Examples

A.1.  Downgrading Example

   This appendix shows an message downgrading example.  Consider a
   received mail message where:

   o  The sender address is a non-ASCII address,
      "NON-ASCII-local@example.com".  Its display-name is "DISPLAY-
      local".

   o  The "To:" header field contains two non-ASCII addresses,
      "NON-ASCII-remote1@example.net" and
      "NON-ASCII-remote2@example.com" Its display-names are "DISPLAY-
      remote1" and "DISPLAY-remote2".



Fujiwara                 Expires August 30, 2012               [Page 18]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   o  The "Cc:" header field contains a non-ASCII address,
      "NON-ASCII-remote3@example.org".  Its display-name is "DISPLAY-
      remote3".

   o  Four display names contain non-ASCII characters.

   o  The Subject header field is "NON-ASCII-SUBJECT", which contains
      non-ASCII characters.

   o  The "Message-Id:" header field contains "NON-ASCII-MESSAGE_ID",
      which contains non-ASCII characters.

   o  There is an unknown header field "X-Unknown-Header" which contains
      non-ASCII characters.



   Return-Path: <NON-ASCII-local@example.com>
   Received: from ... by ... for <NON-ASCII-remote1@example.net>
   Received: from ... by ... for <NON-ASCII-remote1@example.net>
   From: DISPLAY-local <NON-ASCII-local@example.com>
   To: DISPLAY-remote1 <NON-ASCII-remote1@example.net>,
       DISPLAY-remote2 <NON-ASCII-remote2@example.com>
   Cc: DISPLAY-remote3 <NON-ASCII-remote3@example.org>
   Subject: NON-ASCII-SUBJECT
   Date: DATE
   Message-Id: NON-ASCII-MESSAGE_ID
   Mime-Version: 1.0
   Content-Type: text/plain; charset="UTF-8"
   Content-Transfer-Encoding: 8bit
   X-Unknown-Header: NON-ASCII-CHARACTERS

   MAIL_BODY


                 Figure 1: Received message in a mail drop

   The downgraded message is shown in Figure 2.  "Return-Path:",
   "From:", "To:" and "Cc:" header fields are rewritten.  "Subject:" and
   "X-Unknown-Header:" header fields are encoded using [RFC2047].
   "Message-Id:" header field is encapsulated as
   "Downgraded-Message-Id:" header field.









Fujiwara                 Expires August 30, 2012               [Page 19]


Internet-Draft             POP/IMAP Downgrade                   Feb 2012


   Return-Path: =?UTF-8?Q?NON-ASCII-local@example.com?= :;
   Received: from ... by ...
   Received: from ... by ...
   From: =?UTF-8?Q?DISPLAY-local?=
         =?UTF-8?Q?NON-ASCII-local@example.com?= :;
   To:   =?UTF-8?Q?DISPLAY-remote1?=
         =?UTF-8?Q?NON-ASCII-remote1@example.net?= :;,
         =?UTF-8?Q?DISPLAY-remote2?=
         =?UTF-8?Q?NON-ASCII-remote2@example.com?= :;,
   Cc:   =?UTF-8?Q?DISPLAY-remote3?=
         =?UTF-8?Q?NON-ASCII-remote3@example.org?= :;
   Subject: =?UTF-8?Q?NON-ASCII-SUBJECT?=
   Date: DATE
   Downgraded-Message-Id: =?UTF-8?Q?MESSAGE_ID?=
   Mime-Version: 1.0
   Content-Type: text/plain; charset="UTF-8"
   Content-Transfer-Encoding: 8bit
   X-Unknown-Header: =?UTF-8?Q?NON-ASCII-CHARACTERS?=

   MAIL_BODY


                       Figure 2: Downgraded message

Author's Address

   Kazunori Fujiwara
   Japan Registry Services Co., Ltd.
   Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
   Chiyoda-ku, Tokyo  101-0065
   Japan

   Phone: +81 3 5215 8451
   EMail: fujiwara@wide.ad.jp, fujiwara@jprs.co.jp

















Fujiwara                 Expires August 30, 2012               [Page 20]