Message Authorizing Email Header Field and Its Use for the Draft and Release Procedure
RFC 7912

Document Type RFC - Informational (June 2016; No errata)
Last updated 2016-06-21
Stream ISE
Formats plain text pdf html bibtex
IETF conflict review conflict-review-melnikov-mmhs-authorizing-users
Stream ISE state Published RFC
Consensus Boilerplate Unknown
Document shepherd Nevil Brownlee
Shepherd write-up Show (last changed 2016-03-11)
IESG IESG state RFC 7912 (Informational)
Telechat date
Responsible AD (None)
Send notices to "Nevil Brownlee" <rfc-ise@rfc-editor.org>
IANA IANA review state Version Changed - Review Needed
IANA action state RFC-Ed-Ack
Independent Submission                                       A. Melnikov
Request for Comments: 7912                                     Isode Ltd
Category: Informational                                        June 2016
ISSN: 2070-1721

       Message Authorizing Email Header Field and Its Use for the
                      Draft and Release Procedure

Abstract

   This document describes a procedure for when a Military Message
   Handling System (MMHS) message is composed by one user and is only
   released to the mail transfer system when one or more Authorizing
   Users authorize release of the message by adding the
   MMHS-Authorizing-Users header field.  The resulting message can be
   optionally signed by the sender and/or reviewer, allowing recipients
   to verify both the original signature (if any) and the review
   signatures.

Status of This Memo

   This document is not an Internet Standards Track specification; it is
   published for informational purposes.

   This is a contribution to the RFC Series, independently of any other
   RFC stream.  The RFC Editor has chosen to publish this document at
   its discretion and makes no statement about its value for
   implementation or deployment.  Documents approved for publication by
   the RFC Editor are not a candidate for any level of Internet
   Standard; see Section 2 of RFC 7841.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at
   http://www.rfc-editor.org/info/rfc7912.

Copyright Notice

   Copyright (c) 2016 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.

Melnikov                      Informational                     [Page 1]
RFC 7912            Message Authorizing Header Field           June 2016

Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
   2.  Conventions Used in This Document . . . . . . . . . . . . . .   3
   3.  Draft and Release Procedure . . . . . . . . . . . . . . . . .   3
     3.1.  Terminology . . . . . . . . . . . . . . . . . . . . . . .   3
     3.2.  Handling of Initial Message Submission by the MSA . . . .   3
     3.3.  Review by Authorizing User(s) . . . . . . . . . . . . . .   4
       3.3.1.  Processing of Encrypted Messages  . . . . . . . . . .   5
       3.3.2.  Authorizing S/MIME Signatures . . . . . . . . . . . .   5
     3.4.  Role of Other Messaging Agents at the Sender's Domain . .   6
       3.4.1.  MDA at the Sender's Domain  . . . . . . . . . . . . .   6
       3.4.2.  Border MTA at the Sender's Domain . . . . . . . . . .   6
   4.  MMHS-Authorizing-Users Header Field . . . . . . . . . . . . .   6
   5.  Updated MIXER Mapping . . . . . . . . . . . . . . . . . . . .   7
     5.1.  Mapping from RFC 5322/MIME to X.400 . . . . . . . . . . .   7
     5.2.  Mapping from X.400 to RFC 5322/MIME . . . . . . . . . . .   7
   6.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   8
   7.  Security Considerations . . . . . . . . . . . . . . . . . . .   8
     7.1.  Forged Header Fields  . . . . . . . . . . . . . . . . . .   9
     7.2.  Intentionally Malformed Header Fields . . . . . . . . . .   9
   8.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   9
     8.1.  Normative References  . . . . . . . . . . . . . . . . . .   9
     8.2.  Informative References  . . . . . . . . . . . . . . . . .  10
   Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . .  11
   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .  11

1.  Introduction

   In some secure environments, email messages can't be released to the
   Message Transfer System (MTS); thus, they can't be delivered to
   recipients unless they are authorized by one or more Authorizing
   Users (e.g., Releasing Officers or Release Authorities).  This
   document describes how this mechanism can be realized by an
   additional Internet Email [RFC5322] header field and optionally
   protected using S/MIME [RFC5750] [RFC5751] or DomainKeys Identified
   Mail (DKIM) [RFC6376].

   This document describes a procedure for how an email message composed
   by one user can be released to the MTS when one or more Authorizing
   Users authorize and optionally countersign the message.  The MMHS-
   Authorizing-Users header field (see Section 4) communicates which
   user(s) authorized the message.  If S/MIME signed, the resulting
   message allows recipients to verify both the original (if any) and
Show full document text