Network Working Group D. Atkins, IHTFP Consulting
Internet Draft G. Klyne, MIMEsweeper Group
20 February 2002
Expires: August 2002
Common Presence and Instant Messaging: Message Format
<draft-ietf-impp-cpim-msgfmt-06.txt>
Status of this memo
This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC 2026.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress".
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
Copyright Notice
Copyright (C) The Internet Society 2002. All Rights Reserved.
Abstract
This memo defines the mime type 'Message/CPIM', a message format for
protocols that conform to the Common Profile for Instant Messaging
(CPIM) specification.
Discussion of this document
Please send comments to: <impp@iastate.edu>. To subscribe: send a
message with the body 'subscribe' to <impp-request@iastate.edu>. The
mailing list archive is at <http://www.imppwg.org>.
Atkins & Klyne [Page 1]
Internet Draft CPIM Message Format February 2002
Table of Contents
1. INTRODUCTION
1.1 Motivation
1.2 Background
1.3 Goals
1.4 Terminology and conventions
2. OVERALL MESSAGE STRUCTURE
2.1 Message/CPIM MIME headers
2.2 Message headers
2.3 Character escape mechanism
2.4 Message content
3. MESSAGE HEADER SYNTAX
3.1 Header names
3.2 Header Value
3.3 Language Tagging
3.4 Namespaces for header name extensibility
3.5 Mandatory-to-recognize features
3.6 Collected message header syntax
4. HEADER DEFINITIONS
4.1 The 'From' header
4.2 The 'To' header
4.3 The 'cc' header
4.4 The 'DateTime' header
4.5 The 'Subject' header
4.6 The 'NS' header
4.7 The 'Require' header
5. EXAMPLES
5.1 An example Message/CPIM message
5.2 An example using MIME multipart/signed
6. APPLICATION DESIGN CONSIDERATIONS
7. IANA CONSIDERATIONS
7.1 Registration for Message/CPIM content type
7.2 Registration for urn:ietf:params:cpim-headers:
8. INTERNATIONALIZATION CONSIDERATIONS
9. SECURITY CONSIDERATIONS
10. ACKNOWLEDGEMENTS
11. REFERENCES
12. AUTHORS' ADDRESSES
Full copyright statement
Atkins & Klyne [Page 2]
Internet Draft CPIM Message Format February 2002
1. INTRODUCTION
This memo defines the mime content-type 'Message/CPIM'. This is a
common message format for CPIM-compliant messaging protocols [14].
While being prepared for CPIM, this format is quite general and may
be reused by other applications with similar requirements.
Application specifications that adopt this as a base format should
answer the questions raised in section 6 of this document.
1.1 Motivation
The Common Profile for Instant Messaging (CPIM) [14] specification
defines a number of operations to be supported and criteria to be
satisfied for interworking diverse instant messaging protocols. The
intent is to allow a variety of different protocols interworking
through gateways to support cross-protocol messaging that meets the
requirements of RFC 2779 [15].
To adequately meet the security requirements of RFC 2779, a common
message format is needed so that end-to-end signatures and encryption
may be applied. This document describes a common canonical message
format that must be used by any CPIM-compliant message transfer
protocol, and over which signatures are calculated for end-to-end
security.
1.2 Background
RFC 2779 requires that an instant message can carry a MIME payload
[3,4]; thus some level of support for MIME will be a common element
of any CPIM compliant protocol. Therefore it seems reasonable that a
common message format should use a RFC2822/MIME syntax, as protocol
implementations must already contain code to parse this.
Unfortunately, using pure RFC2822/MIME [2] can be problematic:
o Irregular lexical structure -- RFC2822/MIME allows a number of
optional encodings and multiple ways to encode a particular value.
For example RFC2822/MIME comments may be encoded in multiple ways.
For security purposes, a single encoding method must be defined as
a basis for computing message digest values. Protocols that
transmit data in a different format would otherwise lose
information needed to verify a signature.
Atkins & Klyne [Page 3]
Internet Draft CPIM Message Format February 2002
o Weak internationalization -- RFC2822/MIME requires header values
to use 7-bit ASCII, which is problematic for encoding
international character sets. Mechanisms for language tagging in
RFC2822/MIME headers [16] are awkward to use and have limited
applicability.
o Mutability -- addition, modification or removal of header
information. Because it is not explicitly forbidden, many
applications that process MIME content (e.g. MIME gateways)
rebuild or restructure messages in transit. This obliterates most
attempt at achieving security (e.g. signatures), leaving receiving
applications unable to verify the received data.
o Message and payload separation -- there is not a clear syntactic
distinction between message metadata and message content.
o Limited extensibility. (X-headers are problematic, because they
may not be standardized; this leads to situations where a header
starts out as experimental but then finds widespread application,
resulting in a common usage that cannot be standardized.)
o No support for structured information (text string values only).
o Some processors impose line length limitations.
The message format defined by this memo overcomes some of these
difficulties by having a syntax that is generally compatible with the
format accepted by RFC2822/MIME parsers, but simplified, and having a
stricter syntax. It also defines mechanisms to support some desired
features not covered by the RFC2822/MIME format specifications.
1.3 Goals
This specification aims to satisfy the following goals:
o a securable end-to-end format for a message (a canonical message
format for signature calculation)
o independent of any specific application
o capable of conveying a range of different address types
o assumes an 8-bit clean message-transfer protocol
o evolvable: extensible by multiple parties
o to clearly separate message metadata from message content
Atkins & Klyne [Page 4]
Internet Draft CPIM Message Format February 2002
o a simple, regular, easily parsed syntax
o a compact, low-overhead format for simple messages
1.4 Terminology and conventions
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [1].
NOTE: Comments like this provide additional nonessential
information about the rationale behind this document.
Such information is not needed for building a conformant
implementation, but may help those who wish to understand
the design in greater depth.
2. OVERALL MESSAGE STRUCTURE
The Message/CPIM format encapsulates an arbitrary MIME message
content, together with message- and content-related metadata. This
can optionally be signed or encrypted using MIME security multiparts
in conjunction with an appropriate security scheme.
A Message/CPIM object is a multipart entity, where the first part
contains the message metadata and the second part is the message
content. The two parts are syntactically separated by a blank line,
to keep the message header information (with its more stringent
syntax rules) separate from the MIME message content headers.
Thus, the complete message looks something like this:
m: Content-type: Message/CPIM
s:
h: (message-metadata-headers)
s:
e: (encapsulated MIME message-body)
Atkins & Klyne [Page 5]
Internet Draft CPIM Message Format February 2002
The end of the message body is defined by the framing mechanism of
the protocol used. The tags 'm:', 's:', 'h:', 'e:', and 'x:' are not
part of the message format and are used here to indicate the
different parts of the message, thus:
m: MIME headers for the overall message
s: a blank separator line
h: message headers
e: encapsulated MIME object containing the message content
x: MIME security multipart message wrapper
2.1 Message/CPIM MIME headers
The message MIME headers identify the message as a CPIM-formatted
message. The only required header is:
Content-type: Message/CPIM
Other MIME headers may be used as appropriate for the message
transfer environment.
2.2 Message headers
Message headers carry information relevant to the end-to-end transfer
of the message from sender to receiver. Message headers MUST NOT be
modified, reformatted or reordered in transit, but in some
circumstances they MAY be examined by a CPIM message transfer
protocol.
The message headers serve a similar purpose to RFC2822 message
headers in email [2], and have a similar but restricted allowable
syntax.
The basic header syntax is:
Key: Value
where "Key" is a header name and "Value" is the corresponding header
value. The following considerations apply:
o The entire header MUST be contained on a single line. The line
terminator is not considered part of the header value.
o Only one header per line. Multiple headers MUST NOT be included
on a single line.
o Processors SHOULD NOT impose any line-length limitations.
Atkins & Klyne [Page 6]
Internet Draft CPIM Message Format February 2002
o There MUST NOT be any whitespace at the beginning or end of a
line.
o UTF-8 character encoding [21] MUST be used throughout.
o The character sequence CR,LF (13,10) MUST be used to terminate
each line.
o The header name contains only US-ASCII characters (see later for
the specific syntax)
o The header MUST NOT contain any control characters (0-31). If a
header value needs to represent control characters then the escape
mechanism described below MUST be used.
o There MUST be a single space character (32) following the header
name and colon.
o Multiple headers using the same key (header name) are allowed.
(Specific header semantics may dictate only one occurrence of any
particular header.)
o Headers names MUST match exactly (i.e. "From:" and "from:" are
different headers).
o If a header name is not recognized or not understood, the header
should be ignored. But see also the "Requires:" header.
o Interpretation (e.g. equivalence) of header values is dependent on
the particular header definition. Message processors MUST
preserve exactly all octets of all headers (both name and value).
o Message processors MUST NOT change the order of message headers.
Examples:
To: Pooh Bear <im:pooh@100akerwood.com>
From: <im:piglet@100akerwood.com>
DateTime: 2001-02-02T10:48:54-05:00
2.3 Character escape mechanism
This mechanism MUST be used to code control characters in a header,
having Unicode code points in the range U+0000 to U+001f or U+007f.
(Rather than invent something completely new, the escape mechanism
has been adopted from that used by the Java programming language.)
Atkins & Klyne [Page 7]
Internet Draft CPIM Message Format February 2002
Note that the escape mechanism is applied to a UCS-2 character, NOT
to the octets of its UTF-8 coding. Mapping from/to UTF-8 coding is
performed without regard for escape sequences or character coding.
(The header syntax is defined so that octets corresponding to control
characters other than CR and LF do not appear in the output.)
An arbitrary UCS-2 character is escaped using the form:
\uxxxx
where:
\ is U+005c (backslash)
u is U+0075 (lower case letter U)
xxxx is a sequence of exactly four hexadecimal digits
(0-9, a-f or A-F) or
(U+0030-U+0039, U+0041-U+0046, or U+0061-0066)
The hexadecimal number 'xxxx' is the UCS code-point value of the
escaped character.
Further, the following special sequences introduced by "\" are used:
\\ for \ (backslash, U+005c)
\" for " (double quote, U+0022)
\' for ' (single quote, U+0027)
\b for backspace (U+0008)
\t for tab (U+0009)
\n for linefeed (U+000a)
\r for carriage return (U+000d)
2.3.1 Escape mechanism usage
When generating messages conformant with this specification:
o The special sequences listed above MUST be used to encode any
occurrence of the following characters that appear anywhere in a
header: backslash (U+005c), backspace (U+0008), tab (U+0009),
linefeed (U+000a) or carriage return (U+000d).
o The special sequence \' MUST be used for any occurrence of a
single quote (U+0027) that appears within a string delimited by
single quotes.
Atkins & Klyne [Page 8]
Internet Draft CPIM Message Format February 2002
o The special sequence \" MUST be used for any occurrence of a
double quote (U+0022) that appears within a string delimited by
double quotes.
+ Quote characters that delimit a string value MUST NOT be
escaped.
o The general escape sequence \uxxxx MUST be used for any other
control character (U+0000 to U+0007, U+000b to U+000c, U+000e to
U+001f or u+007f) that appears anywhere in a header.
o All other characters MUST NOT be represented using an escape
sequence.
When processing a message based on this specification, the escape
sequence usage described above MUST be recognized.
Further, any other occurrence of any escape sequence described above
SHOULD be recognized and treated as an occurrence of the
corresponding Unicode character.
Any backslash ('\') character SHOULD be interpreted as introducing an
escape sequence. Any unrecognized escape sequence SHOULD be treated
as an instance of the character following the backslash character.
An isolated backslash that is the last character of a header SHOULD
be ignored.
2.4 Message content
The final section of a Message/CPIM is the MIME-encapsulated message
content, which follows standard MIME formatting rules [3,4].
The MIME content headers MUST include at least a Content-Type header.
The content may be any MIME type.
Example:
e: Content-Type: text/plain; charset=utf-8
e: Content-ID: <1234567890@foo.com>
e:
e: This is my encapsulated text message content
Atkins & Klyne [Page 9]
Internet Draft CPIM Message Format February 2002
3. MESSAGE HEADER SYNTAX
A header contains two parts, a name and a value, separated by a colon
character (':') and single space (32). It is terminated by the
sequence CR,LF (13,10).
Headers use UTF-8 character encoding thoughout, per RFC 2279 [21].
3.1 Header names
The header name is a sequence of US-ASCII characters, excluding
control characters, SPACE or separator characters. Use of the
character "." in a header name is reserved for a namespace prefix
separator.
Separator characters are:
SEPARATORS = "(" / ")" / "<" / ">" / "@"
/ "," / ";" / ":" / "\" / <">
/ "/" / "[" / "]" / "?" / "="
/ "{" / "}" / SP
NOTE: the range of allowed characters was determined by
examination of HTTP and RFC 2822 header name formats and
choosing the more restricted. The intent is to allow
CPIM headers to follow a syntax that is compatible with
the allowed syntax for both RFC 2822 [2] and HTTP [18]
(including HTTP-derived protocols such as SIP).
3.2 Header Value
A header value has a structure defined by the corresponding header
specification. Implementations that use a particular header must
adhere to the format and usage rules thus defined when creating or
processing a message containing that header.
The other general constraints on header formats MUST also be followed
(one line, UTF-8 character encoding, no control characters, etc.)
3.3 Language Tagging
Full internationalization of a protocol requires that a language can
be indicated for any human-readable text [6,19].
A message header may indicate a language for its value by including
';lang=tag' after the header name and colon, where 'tag' is a
language identifying token per RFC 3066 [7].
Atkins & Klyne [Page 10]
Internet Draft CPIM Message Format February 2002
Example:
Subject:;lang=fr Objet de message
If the language parameter is not applied a header, any human-
readable text is assumed to use the language identified as
'i-default' [19].
3.4 Namespaces for header name extensibility
NOTE: this section defines a framework for header
extensibility whose use is optional. If no header
extensions are allowed by an application then these
structures may never be used.
An application that uses this message format is expected to define
the set of headers that are required and allowed for that
application. This section defines a header extensibility framework
that can be used with any application.
The extensibility framework is based on that provided for XML [11] by
XML namespaces [12]. All headers are associated with a "namespace",
which is in turn associated with a globally unique URI.
Within a particular message instance, header names are associated
with a particular namespace through the presence or absence of a
namespace prefix, which is a leading part of the header name followed
by a period ("."); e.g.
prefix.header-name: header-value
Here, 'prefix' is the header name prefix, 'header-name' is the header
name within the namespace associated with 'prefix', and
'header-value' is the value for this header.
header-name: header-value
In this case, the header name prefix is absent, and the given
'header-name' is associated with a default namespace.
The Message/CPIM media type registration designates a default
namespace for any headers that are not more explicitly associated
with any namespace. In many cases, this default namespace is all
that is needed.
A namespace is identified by a URI. In this usage, the URI is used
simply as a globally unique identifier, and there is no requirement
that it can be used for any other purpose. Any legal globally unique
Atkins & Klyne [Page 11]
Internet Draft CPIM Message Format February 2002
URI MAY be used to identify a namespace. (By "globally unique", we
mean constructed according to some set of rules so that it is
reasonable to expect that nobody else will use the same URI for a
different purpose.) A URI used as an identifier MUST be a full
absolute-URI, per RFC 2396 [10]. (Relative URIs and URI- references
containing fragment identifiers MUST NOT be used for this purpose.)
Within a specific message, a 'NS' header is used to declare a
namespace prefix and associate it with a URI that identifies a
namespace. Following that declaration, within the scope of that
message, the combination of namespace prefix and header name
indicates a globally unique identifier for the header (consisting of
the namespace URI and header name). For example:
NS: MyFeatures <mid:MessageFeatures@id.foo.com>
MyFeatures.WackyMessageOption: Use-silly-font
This defines a namespace prefix 'MyFeatures' associated with the
namespace identifier 'mid:MessageFeatures@id.foo.com'. Subsequently
the prefix indicates that the WackyMessageOption header name
referenced is associated with the identified namespace.
A namespace prefix declaration MUST precede any use of that prefix.
With the exception of any application-specific predefined namespace
prefixes (see section 6), a namespace prefix is strictly local to the
message in which it occurs. The actual prefix used has no global
significance. This means that the headers:
xxx.name: value
yyy.name: value
in two different messages may have exactly the same effect if
namespace prefixes 'xxx' and 'yyy' are associated with the same
namespace URI. Thus the following have exactly the same meaning:
NS: acme <http://id.acme.widgets/wily-headers/>
acme.runner-trap: set
and
NS: widget <http://id.acme.widgets/wily-headers/>
widget.runner-trap: set
Atkins & Klyne [Page 12]
Internet Draft CPIM Message Format February 2002
A 'NS' header without a header prefix name specifies a default
namespace for subsequent headers; that is a namespace that is
associated with header names not having a prefix. For example:
NS: <http://id.acme.widgets/wily-headers/>
runner-trap: set
has the same meaning as the previous examples.
This framework allows different implementers to create extension
headers without the worry of header name duplication; each defines
headers within their own namespace.
3.5 Mandatory-to-recognize features
Sometimes it is necessary for the sender of a message to insist that
some functionality is understood by the recipient. By using the
mandatory-to-recognize indicator, a sender is notifying the recipient
that it MUST understand the named header or feature in order to
properly understand the message.
A header or feature is indicated as being mandatory-to-recognize by a
'Require:' header. For example:
Require: MyFeatures.VitalMessageOption
MyFeatures.VitalMessageOption: Confirmation-requested
Multiple required header names may be listed in a single 'Require'
header, separated by commas.
NOTE: indiscriminate use of 'Require:' headers could
harm interoperability. It is suggested that any
implementer who defines required headers also publish the
header specifications so other implementations can
succesfully interoperate.
The 'Require:' header MAY also be used to indicate that some non-
header semantics must be implemented by the recipient, even when it
does not appear as a header. For example:
Require: Locale.MustRenderKanji
might be used to indicate that message content includes characters
from the Kanji repertoire, which must be rendered for proper
understanding of the message. In this case, the header name is just
a token (using header name syntax and namespace association) that
indicates some desired behaviour.
Atkins & Klyne [Page 13]
Internet Draft CPIM Message Format February 2002
3.6 Collected message header syntax
The following description of message header syntax uses ABNF, per RFC
2234 [17]. Most of this syntax can be interpreted as defining UCS
character sequences or UTF-8 octet sequences. Alternate productions
at the end allow for either interpretation.
NOTE: specified text values MUST be used exactly as given, using
exactly the indicated upper- and lower-case letters. In this
respect, the ABNF usage here differs from RFC 2234.
Header = Header-name ":" *( ";" Parameter ) SP
Header-value
CRLF
Header-name = [ Name-prefix "." ] Name
Name-prefix = Name
Parameter = Lang-param / Ext-param
Lang-param = "lang=" Language-tag
Ext-param = Param-name "=" Param-value
Param-name = Name
Param-value = Token / Number / String
Header-value = *HEADERCHAR
Name = 1*NAMECHAR
Token = 1*TOKENCHAR
Number = 1*DIGIT
String = DQUOTE *( Str-char / Escape ) DQUOTE
Str-char = %x20-21 / %x23-5B / %x5D-7E / UCS-high
Escape = "\" ( "u" 4(HEXDIG) ; UCS codepoint
/ "b" ; Backspace
/ "t" ; Tab
/ "n" ; Linefeed
/ "r" ; Return
/ DQUOTE ; Double quote
/ "'" ; Single quote
/ "\" ) ; Backslash
Formal-name = 1*( Token SP ) / String
URI = <defined as absolute-URI by RFC 2396>
Language-tag = <defined by RFC 3066>
; Any UCS character except CTLs, or escape
HEADERCHAR = UCS-no-CTL / Escape
Atkins & Klyne [Page 14]
Internet Draft CPIM Message Format February 2002
; Any US-ASCII char except ".", CTLs or SEPARATORS:
NAMECHAR = %21 / %23-27 / %2a-2b / %2d / %5e-60 / %7c / %7e
/ ALPHA / DIGIT
; Any UCS char except CTLs or SEPARATORS:
TOKENCHAR = NAMECHAR / "." / UCS-high
SEPARATORS = "(" / ")" / "<" / ">" / "@" ; 28/29/3c/3e/40
/ "," / ";" / ":" / "\" / <"> ; 2c/3b/3a/5c/22
/ "/" / "[" / "]" / "?" / "=" ; 2f/5b/5d/3f/3d
/ "{" / "}" / SP ; 7b/7d/20
CTL = <Defined by RFC 2234 -- %x0-%x1f, %x7f>
CRLF = <Defined by RFC 2234 -- CR, LF>
SP = <defined by RFC 2234 -- %x20>
DIGIT = <defined by RFC 2234 -- '0'-'9'>
HEXDIG = <defined by RFC 2234 -- '0'-'9', 'A'-'F', 'a'-'f'>
ALPHA = <defined by RFC 2234 -- 'A'-'Z', 'a'-'z'>
DQUOTE = <defined by RFC 2234 -- %x22>
To interpret the syntax in a general UCS character environment, use
the following productions:
UCS-no-CTL = %x20-7e / UCS-high
UCS-high = %x80-ffffffff
To interpret the syntax as defining UTF-8 coded octet sequences, use
the following productions:
UCS-no-CTL = UTF8-no-CTL
UCS-high = UTF8-multi
UTF8-no-CTL = %x20-7e / UTF8-multi
UTF8-multi = %xC0-DF %x80-BF
/ %xE0-EF %x80-BF %x80-BF
/ %xF0-F7 %x80-BF %x80-BF %x80-BF
/ %xF8-FB %x80-BF %x80-BF %x80-BF %x80-BF
/ %xFC-FD %x80-BF %x80-BF %x80-BF %x80-BF %x80-BF
4. HEADER DEFINITIONS
This specification defines a core set of headers that are defined and
available for use by applications: the application specification
must indicate the headers that may be used, those that must be
recognized and those that must appear in any message (see section 6).
Atkins & Klyne [Page 15]
Internet Draft CPIM Message Format February 2002
The header definitions that follow fall into two categories:
(a) those that are part of the CPIM format extensibility framework,
and
(b) some that have been based on similar headers in RFC 2822 [2],
specified here with corresponding semantics.
Header names and syntax are described without a namespace
qualification, and the associated namespace URI is listed as part of
the header specification. Any of the namespace associations already
mentioned (implied default namespace, explicit default namespace or
implied namespace prefix or explicit namespace prefix declaration)
may be used to identify the namespace.
All headers defined here are associated with the namespace URI
<urn:ietf:params:cpim-headers:>, which is defined according to [22].
NOTE: Header names and other text MUST be used exactly as given,
using exactly the indicated upper- and lower-case letters. In this
respect, the ABNF usage here differs from RFC 2234 [17].
4.1 The 'From' header
Indicates the sender of a message.
Header name: From
Namespace URI: <urn:ietf:params:cpim-headers:>
Syntax: (see also section 3.6)
From-header = "From" ": " [ Formal-name ] "<" URI ">"
Description:
Indicates the sender or originator of a message.
If present, the 'Formal-name' identifies the person or "real
world" name for the originator.
The URI indicates an address for the originator.
Examples:
From: Winnie the Pooh <im:pooh@100akerwood.com>
From: <im:tigger@100akerwood.com>
Atkins & Klyne [Page 16]
Internet Draft CPIM Message Format February 2002
4.2 The 'To' header
Specifies an intended recipient of a message.
Header name: To
Namespace URI: <urn:ietf:params:cpim-headers:>
Syntax: (see also section 3.6)
To-header = "To" ": " [ Formal-name ] "<" URI ">"
Description:
Indicates the recipient of a message.
If present, the 'Formal-name' identifies the person or "real
world" name for the recipient.
The URI indicates an address for the recipient.
Multiple recipients may be indicated by including multiple 'To'
headers.
Examples:
To: Winnie the Pooh <im:pooh@100akerwood.com>
To: <im:tigger@100akerwood.com>
4.3 The 'cc' header
Specifies a non-primary recipient ("courtesy copy") for a message.
Header name: cc
Namespace URI: <urn:ietf:params:cpim-headers:>
Syntax: (see also section 3.6)
Cc-header = "cc" ": " [ Formal-name ] "<" URI ">"
Description:
Indicates a courtesy copy recipient of a message.
If present, the 'Formal-name', if present, identifies the person
or "real world" name for the recipient.
Atkins & Klyne [Page 17]
Internet Draft CPIM Message Format February 2002
The URI indicates an address for the recipient.
Multiple courtesy copy recipients may be indicated by including
multiple 'cc' headers.
Examples:
cc: Winnie the Pooh <im:pooh@100akerwood.com>
cc: <im:tigger@100akerwood.com>
4.4 The 'DateTime' header
Specifies the date and time a message was sent.
Header name: DateTime
Namespace URI: <urn:ietf:params:cpim-headers:>
Syntax:
DateTime-header = "DateTime" ": " date-time
(where the syntax of 'date-time' is a profile of ISO8601, defined
in "Date and Time on the Internet" [23])
Description:
The 'DateTime' header supplies the current date and time at which
the sender sent the message.
One purpose of the this header is to provide for protection
against a replay attack, by allowing the recipient to know when
the message was intended to be sent. The value of the date header
is the current time at the sender when the message was
transmitted, using ISO 8601 date and time format as profiles in
"Date and Time on the Internet: Timestamps" [23].
Example:
DateTime: 2001-02-01T12:16:49-05:00
Atkins & Klyne [Page 18]
Internet Draft CPIM Message Format February 2002
4.5 The 'Subject' header
Contains a description of the topic of the message.
Header name: Subject
Namespace URI: <urn:ietf:params:cpim-headers:>
Syntax: (see also section 3.6)
Subject-header = "Subject" ":" [ ";" lang-param ] SP *HEADERCHAR
Description:
The 'Subject' header supplies the sender's description of the
topic or content of the message.
The sending agent should specify the language parameter if it has
any reasonable knowledge of the language used by the sender to
describe the message.
Example:
Subject:;lang=en Eeyore's feeling very depressed today
4.6 The 'NS' header
The "NS" header is used to declare a local namespace prefix.
Header name: NS
Namespace URI: <urn:ietf:params:cpim-headers:>
Syntax: (see also section 3.6)
NS-header = "NS" ": " [ Name-prefix ] "<" URI ">"
Description:
Declares a namespace prefix that may be used in subsequent header
names. See section 3.4 for more details.
Example:
NS: MyAlias <mid:MessageFeatures@id.foo.com>
MyAlias.MyHeader: private-extension-data
Atkins & Klyne [Page 19]
Internet Draft CPIM Message Format February 2002
4.7 The 'Require' header
Specify a header or feature that must be implemented by the receiver
for correct message processing.
Header name: Require
Namespace URI: <urn:ietf:params:cpim-headers:>
Syntax: (see also section 3.6)
Require-header = "Require" ": " Header-name *( "," Header-name )
Description:
Declares a namespace prefix that may be used in subsequent header
names. See section 3.5 for more details.
Note that there is no requirement that the required header
actually be used, but for brevity it is recommended that an
implemention not use issue require header for unused headers.
Example:
Require: MyAlias.VitalHeader
5. EXAMPLES
The examples in the following sections use the following per-line
tags to indicate different parts of the overall message format:
m: MIME headers for the overall message
s: a blank separator line
h: message headers
e: encapsulated MIME object containing the message content
x: MIME security multipart message wrapper
The following examples also assume that <urn:ietf:params:cpim-
headers:> is the implied default namespace for the application
concerned.
Atkins & Klyne [Page 20]
Internet Draft CPIM Message Format February 2002
5.1 An example Message/CPIM message
The following example shows a Message/CPIM message:
m: Content-type: Message/CPIM
s:
h: From: MR SANDERS <im:piglet@100akerwood.com>
h: To: Depressed Donkey <im:eeyore@100akerwood.com>
h: DateTime: 2000-12-13T13:40:00-08:00
h: Subject: the weather will be fine today
h: Subject:;lang=fr beau temps prevu pour aujourd'hui
h: NS: MyFeatures <mid:MessageFeatures@id.foo.com>
h: Require: MyFeatures.VitalMessageOption
h: MyFeatures.VitalMessageOption: Confirmation-requested
h: MyFeatures.WackyMessageOption: Use-silly-font
s:
e: Content-type: text/xml; charset=utf-8
e: Content-ID: <1234567890@foo.com>
e:
e: <body>
e: Here is the text of my message.
e: </body>
5.2 An example using MIME multipart/signed
In order to secure a Message/CPIM, an application or implementation
should use RFC 1847 and some appropriate cryptographic scheme.
Using S/MIME and pkcs7, the above message would look like this:
x: Content-Type: multipart/signed; boundary=next;
micalg=sha1;
protocol=application/pkcs7-signature
x:
x: --next
m: Content-Type: Message/CPIM
s:
h: From: MR SANDERS <im:piglet@100akerwood.com>
h: To: Dopey Donkey <im:eeyore@100akerwood.com>
h: DateTime: 2000-12-13T13:40:00-08:00
h: Subject: the weather will be fine today
h: Subject:;lang=fr beau temps prevu pour aujourd'hui
h: NS: MyFeatures <mid:MessageFeatures@id.foo.com>
h: Require: MyFeatures.VitalMessageOption
h: MyFeatures.VitalMessageOption: Confirmation-requested
h: MyFeatures.WackyMessageOption: Use-silly-font
s:
Atkins & Klyne [Page 21]
Internet Draft CPIM Message Format February 2002
e: Content-type: text/xml; charset=utf-8
e: Content-ID: <1234567890@foo.com>
e:
e: <body>
e: Here is the text of my message.
e: </body>
x: --next
x: Content-Type: application/pkcs7-signature
x:
x: (signature stuff)
:
x: --next--
6. APPLICATION DESIGN CONSIDERATIONS
As defined, the 'Message/CPIM' content type uses a default namespace
URI 'urn:ietf:params-cpim-headers:', and does not define any other
implicit namespace prefixes. Applications that have different
requirements should define and register a different MIME media type,
specify the required default namespace URI and define any implied
namespace prefixes as part of the media type specification.
Applications using this specification must also specify:
o all headers that must be recognized by implementations of the
application
o any headers that must be present in messages created by that
application.
o any headers that may appear more than once in a message, and how
they are to be interpreted (e.g. how to interpret multiple
'subject:' headers with different language parameter values).
Within a network of message transfer agents, an intermediate gateway
MUST NOT change the Message/CPIM content in any way. This implies
that headers cannot be changed or reordered, transfer encoding cannot
be changed, languages cannot be changed, etc.
Because Message/CPIM messages are immutable, any transfer agent that
wants to modify the message should create a new Message/CPIM message
with the modified header and containing the original message as its
content. (This approach is similar to real-world bill-of-lading
handling, where each person in the chain attaches a new sheet to the
message. Then anyone can validate the original message and see what
was changed and who changed it by following the trail of amendments.
Another metaphor is including the old message in a new envelope.)
Atkins & Klyne [Page 22]
Internet Draft CPIM Message Format February 2002
7. IANA CONSIDERATIONS
This memo calls for two new IANA registrations:
o A new MIME content-type value, Message/CPIM, per RFC 2048 [5].
The registration template is at section 7.1 below.
o A new IANA URN sub-namespace, urn:ietf:params:cpim-headers:, per
RFC [[[XXXX]]] [22]. The registration template is at section 7.2
below.
7.1 Registration for Message/CPIM content type
To: ietf-types@iana.org
Subject: Registration of MIME media type Message/CPIM
MIME media type name:
Message
MIME subtype name:
CPIM
Required parameters:
(None)
Optional parameters:
(None)
Encoding considerations:
Intended to be used in 8-bit clean environments, with non-
transformative encoding (8-bit or binary, according to the
content contained within the message; the CPIM message headers
can be handled in an 8-bit text environment).
This content type could be used with a 7-bit transfer
environment if appropriate transfer encoding is used. NOTE
that for this purpose, enclosed MIME content MUST BE treated as
opaque data and encoded accordingly. Any encoding must be
reversed before any enclosed MIME content can be accessed.
Security considerations:
The content may contain signed data, so any transfer encoding
MUST BE exactly reversed before the content is processed.
See also the security considerations for email messages (RFC
2822 [2]).
Atkins & Klyne [Page 23]
Internet Draft CPIM Message Format February 2002
Interoperability considerations:
This content format is intended to be used to exchange
possibly-secured messages between different intant messaging
protocols. Very strict adherence to the message format
(including whitespare usage) may be needed to achieve
interoperability.
Published specification:
RFC XXXX [this document]
Applications which use this media type:
Instant messaging
Additional information:
The default namespace URI associated with this content-type is
'urn:ietf:params:cpim-headers:'. (See RFC XXXX [this document]
for further details.)
See also the Common Profile for Instant Messaging (CPIM) [14]
Person & email address to contact for further information:
G. Klyne, GK@ACM.ORG
Intended usage:
LIMITED USE
Author/Change controller:
IETF
7.2 Registration for urn:ietf:params:cpim-headers:
Registry name:
cpim-headers
Specification:
RFC XXXX [this document] Additional values may be defined by
standards track RFCs that update or obsolete RFC XXXX [this
document].
Repository:
ftp://ftp.isi.edu/in-notes/rfcXXXX.txt [this document]
Index value:
The index value is a CPIM message header name, which may
consist of a sequence from a restricted set of US-ASCII
characters, as define above.
Atkins & Klyne [Page 24]
Internet Draft CPIM Message Format February 2002
URN Formation:
The URI for a header is formed from its name by:
(a) replacing any non-URN characters (as defined by RFC 2141
[24]) with the corresponding '%hh' escape sequence (per RFC
2396 [10]), and
(b) prepending the resulting string with 'urn:ietf:params:cpim-
headers:'.
Thus, the URI corresponding to the CPIM message header 'From:'
would be 'urn:ietf:params:cpim-headers:From'. The URI
corresponding to the (putative) CPIM message header 'Top&Tail'
would be 'urn:ietf:params:cpim-headers:Top%26Tail'.
8. INTERNATIONALIZATION CONSIDERATIONS
Message headers use UTF-8 character encoding throughout, so can
convey the full UCS-4 (Unicode, ISO/IEC 10646) character repertoire.
Language tagging is provided for message headers using the "Language"
parameter.
Message content is any MIME-encapsulated content, and normal MIME
content internationalization considerations apply.
9. SECURITY CONSIDERATIONS
The Message/CPIM format is designed with security in mind. In
particular it is designed to be used with MIME security multiparts
for signatures and encryption. To this end, Message/CPIM messages
must be considered immutable once created.
Because Message/CPIM messages are binary messages (due to UTF-8
encoding), if they are transmitted across non-8-bit-clean transports
then the transfer agent must tunnel the entire message. Changing the
message data encoding is not an allowable option. This implies that
the Message/CPIM must be encapsulated by the message tranfer system
and unencapsulated at the receiving end of the tunnel.
The resulting message must have no data loss due to the encoding and
unencoding of the message. For example, an application may choose to
apply the MIME base64 content-transfer-encoding to the Message/CPIM
object to meet this requirement.
Atkins & Klyne [Page 25]
Internet Draft CPIM Message Format February 2002
10. ACKNOWLEDGEMENTS
The authors thank the following for their helpful comments: Harald
Alvestrand, Walter Houser, Leslie Daigle and Mark Day.
11. REFERENCES
[1] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", RFC 2119, March 1997.
[2] Resnick, P., "Internet Message Format", RFC 2822, April 2001.
[3] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message Bodies",
RFC 2045, November 1996.
[4] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046 November
1996.
[5] Freed, N., Klensin, J., and J. Postel, "Multipurpose Internet
Mail Extensions (MIME) Part Four: Registration Procedures", RFC
2048, BCP 13, November 1996.
[6] Weider, C., Preston, C., Simonsen, K., Alvestrand, H., Atkinson,
R., Crispin, M., Svanberg, P., "Report from the IAB Character
Set Workshop", RFC 2130, April 1997.
[7] Alvestrand, H., "Tags for the Identification of Languages", RFC
3066, January 2001. (Defines Content-language header.)
[8] Ramsdell, B., "S/MIME Version 3 Message Specification", RFC
2633, June 1999.
[9] Callas, J., Donnerhacke, L., Finney, H. and R. Thayer, "OpenPGP
Message Format", RFC 2440, November 1998.
[10] Berners-Lee, T., Fielding, R.T. and L. Masinter, "Uniform
Resource Identifiers (URI): Generic Syntax", RFC 2396, August
1998.
[11] Tim Bray, Jean Paoli, and C. M. Sperberg-McQueen, "Extensible
Markup Language (XML) 1.0", W3C recommendation:
<http://www.w3.org/TR/REC-xml>, 10 February 1998.
Atkins & Klyne [Page 26]
Internet Draft CPIM Message Format February 2002
[12] Tim Bray, Dave Hollander, and Andrew Layman, "Namespaces in
XML", W3C recommendation: <http://www.w3.org/TR/REC-xml-names>,
14 January 1999.
[13] "Data elements and interchange formats - Information interchange
- Representation of dates and times", ISO 8601:1988(E),
International Organization for Standardization, June 1988.
[14] Crocker, D.H., Diacakis, A., Mazzoldi, F., Huitema, C., Klyne,
G., Rose, M.T., Rosenberg, J., Sparks, R. and H. Sugano, "A
Common Profile for Instant Messaging (CPIM)", draft-thenine-im-
common-00 (work in progress), August 2000.
[15] Day, M., Aggarwal, S., Mohr, G., and J. Vincent, "Instant
Messaging / Presence Protocol Requirements", RFC 2779, February
2000.
[16] N. Freed, K. Moore, "MIME Parameter Value and Encoded Word
Extensions: Character Sets, Languages, and Continuations", RFC
2231, November 1997.
[17] D. Crocker, P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 2234, November 1997.
[18] R. Fielding, J. Gettys, J. Mogul, H. Frystyk, L. Masinter, P.
Leach, T. Berners-Lee, "Hypertext Transfer Protocol --
HTTP/1.1", RFC 2616, June 1999.
[19] Alvestrand, H, "IETF Policy on Character Sets and Languages",
RFC 2277, BCP 18, January 1998.
[20] Freed, N., and J. Postel, "IANA Charset Registration
Procedures", BCP 19, RFC 2278, January 1998.
[21] F. Yergeau, "UTF-8, a transformation format of ISO 10646", RFC
2279 January 1998.
[22] M. Mealling, L. Masinter, T. Hardie, G. Klyne, "An IETF URN Sub-
namespace for Registered Protocol Parameters", draft-mealling-
iana-urn-02.txt (work in progress), October 2001
[23] C. Newman, G. Klyne, "Date and Time on the Internet:
Timestamps", draft-ietf-impp-datetime-03.txt (work in progress),
May 2001.
[24] R. Moats, "URN Syntax", RFC 2141, May 1997.
Atkins & Klyne [Page 27]
Internet Draft CPIM Message Format February 2002
12. AUTHORS' ADDRESSES
Derek Atkins
IHTFP Consulting
6 Farragut Ave
Somerville, MA 02144
USA.
Telephone: +1 617 623 3745
E-mail: warlord@ihtfp.com
E-mail: warlord@alum.mit.edu
Graham Klyne
MIMEsweeper Group,
1310 Waterside,
Arlington Business Park
Theale
Reading, RG7 4SA
United Kingdom.
Telephone: +44 118 903 8000
Facsimile: +44 118 903 9000
E-mail: GK@ACM.ORG
Appendix A: Amendment history
[[[RFC editor: please remove this appendix on publication.]]]
00a 01-Feb-2001 Memo initially created.
00b 06-Feb-2001 Editorial review. Reworked namespace framework
description. Deferred specification of mandatory
headers to the application specification, allowing
this document to be less application-dependent.
Expanded references. Replaced some text with ABNF
syntax descriptions. Reordered some major sections.
00c 07-Feb-2001 Folded in some review comments. Fix up some syntax
problems. Other small editorial changes. Add some
references.
01a 29-Mar-2001 Incorporate review comments. State (simply) that
this is a canonical end-to-end format for the purpose
of signature calculation. Defined escape mechanism
for control characters. Header name parameters
placed after the ":". Changed name of Date: header
to DateTime:. Revised syntax to separate character-
level syntax from UTF-8 octet- level syntax.
Atkins & Klyne [Page 28]
Internet Draft CPIM Message Format February 2002
01b 30-Mar-2001 State explicitly that unrecognized header names
should be ignored. Remove text about
(non)significance of header order: simply say that
order must be preserved.
02a 30-May-2001 Updated reference to date/time draft. Editorial
changes.
03a 13-Jun-2001 Tighten up application of escape sequences.
04a 05-Nov-2001 Add registration templates for Message/CPIM content
type, and urn:ietf:params:cpim-headers: URN space.
Update namespace identifier. Revised application
design considerations to indicate that a default
namespace URI and any implicit prefixes are to be
specified by the MIME media type specification.
Noted variation of ABNF usage from RFC 2234 (exact
case only). Add reference to URN syntax (RFC 2141).
05a 06-Nov-2001 Fix typos. Complete change of 'Date:' header to
'DateTime:'. Updated author affiliations. Fix up
multipart/signed example.
05b 31-Dec-2001 Various editorial changes in response to last-call
comments: more consistent reference to RFC2822/MIME
message format; slightly expanded comment on problems
with X-headers; softened wording about use of Java
escape mechanism to make it clearer that Java is not
a normative reference here; revised phrasing of first
paragraph of section 3; correct other typos.
06a 20-Feb-2002 Fix definition in section 3.6 of NAMECHAR characters
to include apostrophe 0x27 (following RFC 2822). Fix
error in sect 3.1 definition of SEPARATORS .
TODO:
o Replace XXXX with assigned RFC numbers. (Note that this memo
depends on [22] progressing to RFC status.)
o Update references to other CPIM documents.
REVIEW CHECKLIST:
(Points to be checked or considered more widely on or before final
review.)
Atkins & Klyne [Page 29]
Internet Draft CPIM Message Format February 2002
o The desirability of a completely rigid syntax.
o Escape mechanism details.
o Check references.
Full copyright statement
Copyright (C) The Internet Society 2002. All Rights Reserved. This
document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works.
However, this document itself may not be modified in any way, such as
by removing the copyright notice or references to the Internet
Society or other Internet organizations, except as needed for the
purpose of developing Internet standards in which case the procedures
for copyrights defined in the Internet Standards process must be
followed, or as required to translate it into languages other than
English.
The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. This
document and the information contained herein is provided on an "AS
IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK
FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY
OR FITNESS FOR A PARTICULAR PURPOSE.
Atkins & Klyne [Page 30]