WDIFF

draft-ietf-eai-dsn-00.txt --> draft-ietf-eai-dsn-01.txt-33301.txt

Network Working Group C. Newman
Internet-Draft Sun Microsystems
Updates: 3461,3464,3798 A. Melnikov, Ed.
(if January 25, 2007 approved) Isode Ltd
Intended status: Experimental June 12, 2007
Expires: July 29, December 14, 2007

International Delivery and Disposition Notifications
draft-ietf-eai-dsn-00.txt
draft-ietf-eai-dsn-01.txt

Status of this Memo

By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.

Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."

The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.

This Internet-Draft will expire on July 29, December 14, 2007.

Abstract

Delivery status notifications (DSNs) are critical to the correct
operation of an email system. However, the existing draft standard
is presently limited to US-ASCII text in the machine readable
portions of the protocol. This specification adds a new address type
for international email addresses so an original recipient address
with non-US-ASCII characters can be correctly preserved even after
downgrading. This also provides updated content return media types

Newman & Melnikov Expires July 29, December 14, 2007 [Page 1]

Internet-Draft International Message Notifications January June 2007

downgrading. This also provides updated content return media types
for delivery status notifications and message disposition
notifications to support use of the new address type.

This document experimentally extends RFC 3461, RFC 3464 and RFC 3798.

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Conventions Used in this Document . . . . . . . . . . . . . . 3
3. UTF-8 Address Type . . . . . . . . . . . . . . . . . . . . . . 3
4. UTF-8 Encoded Address Type . . . . . . . . . . . . . . . . . . 4
5. UTF-8 Delivery Status Notifications . . . . . . . . . . . . . 5
6.
5. UTF-8 Message Disposition Notifications . . . . . . . . . . . 6
7.
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
7.1.
6.1. UTF-8 Mail Address Type Registration . . . . . . . . . . . 7
7.2. UTF-8-ENC Mail Address Type Registration . . . . . . . . . 7
7.3.
6.2. Update to 'smtp' Diagnostic Type Registration . . . . . . 8
7.4.
6.3. message/utf-8-headers . . . . . . . . . . . . . . . . . . 8
7.5. message/utf-8 . . .
6.4. message/utf-8-delivery-status . . . . . . . . . . . . . . 9
6.5. message/utf-8-disposition-notification . . . . . 9
7.6. message/utf-8-delivery-status . . . . . 10
7. Security Considerations . . . . . . . . . 11
7.7. message/utf-8-disposition-notification . . . . . . . . . . 12
8. Security Considerations References . . . . . . . . . . . . . . . . . . . 13
9. References . . . . . . . 12
8.1. Normative References . . . . . . . . . . . . . . . . . . . 14
9.1. Normative 12
8.2. Informative References . . . . . . . . . . . . . . . . . . . 14
9.2. Informative References 13
Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 15 14
Appendix A. Acknowledgements . B. Open Issues . . . . . . . . . . . . . . . . . 15
Appendix B. Open Issues . . . . 14
Appendix C. Changes from -00 . . . . . . . . . . . . . . . . . 15
Author's Address . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 14
Intellectual Property and Copyright Statements . . . . . . . . . . 17 16

Newman & Melnikov Expires July 29, December 14, 2007 [Page 2]

Internet-Draft International Message Notifications January June 2007

1. Introduction

When an email message is transmitted using the UTF8SMTP [I-D.ietf-
eai-smtpext]
[I-D.ietf-eai-smtpext] extension and Internationalized Email Headers [I-D.ietf-
eai-utf8headers],
[I-D.ietf-eai-utf8headers], it is sometimes necessary to return that
message or generate a Message Disposition Notification [RFC3798]
(MDN). As a message sent to multiple recipients can generate a
status and disposition notification for each recipient, it is helpful
if a client can correlate these returns based on the recipient
address it provided, thus preservation of the original recipient is
important. This specification describes how to preserve the original
recipient and updates the MDN and DSN formats to support the new
address types.

2. Conventions Used in this Document

The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY"
in this document are to be interpreted as defined in "Key words for
use in RFCs to Indicate Requirement Levels" [RFC2119].

The formal syntax use the Augmented Backus-Naur Form (ABNF) [RFC4234]
notation including the core rules defined in Appendix B of RFC 4234
and the rules in section 4 of RFC 3629.

3. UTF-8 Address Type

An Extensible Message Format for Delivery Status Notifications
[RFC3464] defines the concept of an address type. The address format
introduced in Internationalized Email Headers [I-D.ietf-eai-
utf8headers]
[I-D.ietf-eai-utf8headers] is a new address type. The syntax for the
new address type follows in the context of status notifications follows:

utf-8-type-addr = "utf-8;" utf-8-address

utf-8-address = "<" Mailbox [ *WSP "<" Mailbox ">" ] ">"
; The first occurrence of 'Mailbox' is defined in [utf8smtp]
; The second occurrence of 'Mailbox' is defined in RFC 2821

This address type definition requires 8-bit characters and provides
no encoding mechanism. As a result, it is only suitable for use in
newly defined protocols capable of native representation of 8-bit
characters. This address type MUST NOT be used in the SMTP ORCPT
parameter or a message/delivery-status body part field, but SHOULD be
used in a message/utf-8-delivery-status body part Original-Recipient
or Final-Recipient field.

Newman Expires July 29, 2007 [Page 3]

Internet-Draft International Message Notifications January 2007

4. UTF-8 Encoded Address Type

An SMTP [RFC2821] server which advertises both the UTF8SMTP extension
[I-D.ietf-eai-smtpext] and the DSN extension [RFC3461] MUST accept a
utf-8-enc
utf-8 address type in the ORCPT parameter including 8-bit UTF-8
characters. This address type also includes a 7-bit encoding
suitable for use in a message/delivery-status body part or an ORCPT
parameter sent to an SMTP server which does not advertise UTF8SMTP.

The utf-8-enc

This address type requires that US-ASCII CTLs, SP, %, + has 3 forms: utf-8-addr-xtext, utf-8-addr-unitext
and
= utf-8-address. The first 2 forms are 7-bit safe.

The utf-8-address form is only suitable for use in newly defined
protocols capable of native representation of 8-bit characters. I.e.
the utf-8-address form MUST NOT be encoded using '%' encoding as described used in the ABNF below. As ORCPT parameter when
the SMTP server doesn't advertise support for UTF8SMTP or the SMTP

Newman & Melnikov Expires December 14, 2007 [Page 3]

Internet-Draft International Message Notifications June 2007

server supports UTF8SMTP, but the address contains US-ASCII
characters not permitted in the ORCPT parameter (e.g. the ORCPT
parameter forbids SP and =); or in a
result, 7-bit transport environment
including a message/delivery-status Original-Recipient or Final-
Recipient field. The utf-8-addr-xtext form (see below) MUST be used
instead in the xtext encoding defined former case, the utf-8-addr-unitext form MUST be used
in section 4 of the latter case. The utf-8-address form MAY be used in the ORCPT
parameter when the SMTP server also advertises support for UTF8SMTP
and the address doesn't contains any US-ASCII characters not
permitted in the ORCPT parameter. It SHOULD be used in a message/
utf-8-delivery-status Original-Recipient or Final-Recipient DSN
extension [RFC3461]
field; or an Original-Recipient header field [RFC3798] if the message
is not a UTF-8 header message.

In addition, the utf-8-addr-unitext form can be used with anywhere where
the utf-8-address form is allowed.

When using in the utf-8-enc ORCPT parameter, the utf-8 address type
because it requires
that US-ASCII CTLs, SP, %, + and = be encoded using xtext encoding as
described in [RFC3461]. This is never necessary. In addition, plane described by the utf-8-addr-xtext
form in the ABNF below. Plane 1 Unicode characters MAY be included
in a utf-8-enc utf-8 address type using a "%u####" syntax (QMIDCHAR, where # is
a hexadecimal digit) and other Unicode characters MAY be encoded
using "%U########" syntax (QHIGHCHAR). When sending data to a
UTF8SMTP capable server, native UTF-8 characters SHOULD be used
instead of the QMIDCHAR and QHIGHCHAR encodings described below.
When sending data to an SMTP server which does not advertise
UTF8SMTP, then the QMIDCHAR and QHIGHCHAR encodings MUST be used
instead of UTF-8.

When the ORCPT parameter is placed in a message/utf-8-delivery-status
Original-Recipient field, the utf-8-enc utf-8-addr-xtext form of the utf-8
address type SHOULD be converted to a utf-8 address type the 'utf-8-address' form (see the
ABNF below) by removing all '%' xtext encoding first (which will result
in the 'utf-8-addr-unitext' form), followed by removal of the
'unitext' encoding. However, if an address is labeled with the utf-8-enc utf-8
address type but does not conform to utf-8-enc utf-8 syntax, then it MUST be
copied into the message/utf-8-delivery-status field without
alteration.

The ability to encode characters with the QMIDCHAR or QHIGHCHAR
encodings should be viewed as a transitional mechanism. It is hoped
that as systems lacking support for UTF8SMTP become less common over
time, these encodings can eventually be phased out.

The formal syntax for this address type follows:

Newman & Melnikov Expires July 29, December 14, 2007 [Page 4]

Internet-Draft International Message Notifications January June 2007

utf-8-enc-type-addr

utf-8-type-addr = "utf-8-enc;" utf-8-enc-addr "utf-8;" utf-8-enc-addr

utf-8-address = 1*(QUCHAR uMailbox [ *WSP "<" Mailbox ">" ]
; 'uMailbox' is defined in [I-D.ietf-eai-smtpext].
; 'Mailbox' is defined in [RFC2821].

utf-8-enc-addr = utf-8-addr-xtext / QLOWCHAR
utf-8-addr-unitext / QMIDCHAR
utf-8-address

///Add comment about which where each type is used

utf-8-addr-xtext = xtext
; xtext is defined in [RFC3461].
; When xtext encoding is removed,
; the syntax MUST conform to
; 'utf-8-addr-unitext'.

utf-8-addr-unitext = 1*(QUCHAR / QHIGHCHAR) EmbeddedUnicodeChar)
; MUST follow utf-8-address 'utf-8-address' ABNF when
; dequoted

///Exclude '\'?
QUCHAR = %x21-24 / %x26-2a %x21-2a / %x2c-3c / %x3e-7e /
UTF8-2 / UTF8-3 / UTF8-4
; Printable except CTLs SP, %, + and =
QLOWCHAR = ("%0" NZHEXDIG) / ("%1" HEXDIG) / "%20" / "%25"
/ "%2B" / "%3D" / "%7F"
; Only permitted for CTLs, SPACE, %, SP, + and =
QMIDCHAR = "%" %x75 UCHAR-HEX-QUAD
; %u#### excluding surrogates and US-ASCII
QHIGHCHAR

EmbeddedUnicodeChar = "%" %x55 (UCHAR-HEX-5 / UCHAR-HEX-6) %x5C.78 "{" HEXPOINT "}"
; %U######## excluding plane 1
UCHAR-HEX-QUAD starts with "\x"

HEXPOINT = UCHAR-HEX-2 / UCHAR-HEX-3
/ UCHAR-HEX-4 "5C" / UCHAR-HEX-4D
UCHAR-HEX-2 = "00" HEXDIG8 HEXDIG
UCHAR-HEX-3 = "0" NZHEXDIG 2(HEXDIG)
UCHAR-HEX-4 = NZDHEXDIG 3(HEXDIG)
UCHAR-HEX-4D = "D" %x30-37 2(HEXDIG)
UCHAR-HEX-5 = "000" NZHEXDIG 4(HEXDIG)
UCHAR-HEX-6 = "00" ( NZHEXDIG 5(HEXDIG)
HEXDIG8 = %x38-39 / "A" / "B" 2*4HEXDIG ) / "C" / "D" / "E" / "F" ( "10" 4*HEXDIG )
; HEXDIG excluding 0-7 represents either "\" or a Unicode code point outside the
; US-ASCII repertoire

NZHEXDIG = %x31-39 / "A" / "B" / "C" / "D" / "E" / "F"
; HEXDIG excluding "0"
NZDHEXDIG = %x31-39 / "A" / "B" / "C" / "E" / "F"
; HEXDIG excluding "0" and "D"

4. UTF-8 Delivery Status Notifications

A traditional delivery status notification [RFC3464] comes in a
three-part multipart/report [RFC3462] container, where the first part
is human readable text describing the error, the second part is a
7-bit-only message/delivery-status and the optional third part is
used for content (message/rfc822) or header (text/rfc822-headers)
return. An SMTP server which advertises both UTF8SMTP and DSN SHOULD
return an undeliverable UTF8SMTP message without downgrading it
(assuming the return SMTP server supports UTF8SMTP). As the present

Newman & Melnikov Expires December 14, 2007 [Page 5]

Internet-Draft International Message Notifications June 2007

DSN format does not permit this, three new media types are needed.

The first type, message/utf-8-delivery-status has the syntax of
message/delivery-status with two modifications. First, the charset
for message/utf-8-delivery-status is UTF-8 and thus any field MAY
contain UTF-8 characters when appropriate. (In particular, the
Diagnostic-Code field MAY contain UTF-8 as described in UTF8SMTP
[I-D.ietf-eai-smtpext].) Second, systems generating a message/utf-8-delivery-status message/
utf-8-delivery-status body part SHOULD use the

Newman Expires July 29, 2007 [Page 5]

Internet-Draft International Message Notifications January 2007 utf-8-address form of
the utf-8 address type for all addresses containing characters
outside the US-ASCII repertoire. These systems SHOULD up-convert the
utf-8-addr-xtext or the utf-8-addr-unitext form of a utf-8-enc utf-8 address
type in the ORCPT parameter to the utf-8-address form of a utf-8
address type in the Original-Recipient field.

The second type, used for content return, is message/utf-8 which is
similar to message/rfc822, except it contains a message with UTF-8
headers. This media type has profound implications on is described in [I-D.ietf-eai-utf8headers].

The third type, used for header return, is message/utf-8-headers and
contains only the email infrastructure.
First, Internet Message Access Protocol [RFC3501] servers MUST NOT
descend UTF-8 headers of a message/utf-8 when generating the message BODYSTRUCTURE, it
is likely a new variant on BODYSTRUCTURE will be necessary that does
descend message/utf-8 body parts. Second, if this type is sent (all lines prior to a
7-bit-only system, it could be encoded in base64 or quoted-printable
[RFC2045]. As a result, SMTP servers and other systems which
transfer a message/utf-8 body part MAY choose to down-convert it to a
message/rfc822 body part using the rules described in Downgrading
mechanism for Email Address Internationalization [I-D.ietf-eai-
downgrade].

The third type, used for header return, is message/utf-8-headers and
contains only the UTF-8 headers of a message (all lines prior to the
first blank line the
first blank line in a UTF8SMTP message). Unlike message/utf-8, this
body part provides no difficulties for present infrastructure.

All three new types will typically use the "8bit" Content-Transfer-
Encoding (in the event all content is 7-bit, the equivalent
traditional types for delivery status notifications are advised for
greater backwards compatibility). While MIME [RFC2046] advises
against the use of 8-bit in new message subtypes intended for the
email infrastructure, that advice does not apply to these new types
which are intended primarily for use by newer systems with full
support for 8-bit MIME and UTF-8 headers.

5. UTF-8 Message Disposition Notifications

Message Disposition Notifications [RFC3798] have a similar design and
structure to DSNs. As a result, they use the same basic return
format. When generating a MDN for a UTF-8 header message, content or
header return is the same as for DSNs. The second part of the
multipart/report uses a new media type, message/
utf-8-disposition-notification, which has the syntax of message/
disposition-notification with two modifications. First, the charset
for message/utf-8-disposition-notification is UTF-8 and thus any
field MAY contain UTF-8 characters when appropriate. Second, systems
generating a message/utf-8-disposition-notification body part
(typically a mail user agent) SHOULD use the utf-8 address type for
all addresses containing characters outside the US-ASCII repertoire.

Newman & Melnikov Expires December 14, 2007 [Page 6]

Internet-Draft International Message Notifications June 2007

The MDN specification also defines the Original-Recipient header
field which is added with a copy of the contents of ORCPT at delivery
time.
A When generating an Original-Recipient header field, a delivery
agent writing a UTF-8 header message in native format SHOULD convert
the utf-8-addr-xtext or the utf-8-addr-unitext form of a utf-8-enc utf-8
address type in the ORCPT parameter to a
utf-8 the corresponding utf-8-
address type when generating an Original-Recipient header
field. form.

The MDN specification also defines the Disposition-Notification-To

Newman Expires July 29, 2007 [Page 6]

Internet-Draft International Message Notifications January 2007
header which is an address header and thus follows the same 8-bit
rules as other address headers such as "From" and "To" when used in a
UTF-8 header message.

6. IANA Considerations

This specification does not create any new IANA registries. However
the following items are registered as a result of this document:

7.1.

6.1. UTF-8 Mail Address Type Registration

The mail address type registry was created by RFC 3464. The
registration template response follows:

(a) The proposed address-type name.

UTF-8

(b) The syntax for mailbox addresses of this type, specified using
BNF, regular expressions, ASN.1, or other non-ambiguous language.

See Section 3.

(c) If addresses of this type are not composed entirely of graphic
characters from the US-ASCII repertoire, a specification for how they
are to be encoded as graphic US-ASCII characters in a DSN Original-
Recipient or Final-Recipient DSN field.

This address type has 3 forms (as defined in Section 3): utf-8-addr-
xtext, utf-8-addr-unitext and utf-8-address. The first 2 forms are
7-bit safe.

The utf-8-address form MUST NOT be used in the ORCPT parameter when
the SMTP server doesn't advertise support for UTF8SMTP or the SMTP
server supports UTF8SMTP, but the address contains US-ASCII
characters not permitted in the ORCPT parameter (e.g. the ORCPT
parameter forbids SP and =); or in a 7-bit transport environment
including a message/delivery-status Original-Recipient or Final-Recipient Final-

Newman & Melnikov Expires December 14, 2007 [Page 7]

Internet-Draft International Message Notifications June 2007

Recipient field. The UTF-8-ENC address
type is utf-8-addr-xtext form MUST be used for that purpose. This address type MAY instead in
the former case, the utf-8-addr-unitext form MUST be used in a
message/utf-8-delivery-status Original-Recipient or Final-Recipient
DSN field or an Original-Recipient header [RFC3798] if the message is
a UTF-8 header message.

7.2. UTF-8-ENC Mail Address Type Registration

(a)
latter case. The proposed address-type name.

UTF-8-ENC

(b) The syntax for mailbox addresses of this type, specified using
BNF, regular expressions, ASN.1, or other non-ambiguous language.

See Section 4.

Newman Expires July 29, 2007 [Page 7]

Internet-Draft International Message Notifications January 2007

(c) If addresses of this type are not composed entirely of graphic
characters from utf-8-address form MAY be used in the US-ASCII repertoire, a specification ORCPT
parameter when the SMTP server also advertises support for how they
are to be encoded as graphic UTF8SMTP
and the address doesn't contains any US-ASCII characters not
permitted in the ORCPT parameter; in a DSN Original-
Recipient message/utf-8-delivery-status
Original-Recipient or Final-Recipient DSN field.

When it field; or an Original-
Recipient header field [RFC3798] if the message is necessary to transport a UTF-8 address type in a 7-bit
context or in a context where not all legal US-ASCII characters are
permitted (e.g. header
message.

In addition, the ORCPT parameter forbids SP and =), this encoding
MUST utf-8-addr-unitext form can be used.

7.3. used anywhere where
the utf-8-address form is allowed.

6.2. Update to 'smtp' Diagnostic Type Registration

The mail diagnostic type registry was created by RFC 3464. The
registration for the 'smtp' diagnostic type should be updated to
reference RFC XXXX in addition to RFC 3464.

When the 'smtp' diagnostic type is used in the context of a message/
delivery-status body part, it remains as presently defined. When the
'smtp' diagnostic type is used in the context of a message/
utf-8-delivery-status body part, the codes remain the same, but the
text portion MAY contain UTF-8 characters.

7.4.

6.3. message/utf-8-headers

Type name: message

Subtype name: utf-8-headers

Required parameters: none

Optional parameters: none

Encoding considerations: This media type contains Internationalized
Email Headers [I-D.ietf-eai-utf8headers] with no message body.
Whenever possible, the 8-bit content transfer encoding SHOULD be
used. When this media type passes through a 7-bit-only SMTP
infrastructure it MAY be encoded with the base64 or quoted-
printable content transfer encoding.

Security considerations: See Section 8 7

Interoperability considerations: It is important this media type is
not converted to a charset other than UTF-8. As a result,
implementations MUST NOT include a charset parameter with this
media type. Although it might be possible to downconvert this

Newman & Melnikov Expires December 14, 2007 [Page 8]

Internet-Draft International Message Notifications June 2007

media type to the text/rfc822-header media type, such conversion
is discouraged as it loses information.

Newman Expires July 29, 2007 [Page 8]

Internet-Draft International Message Notifications January 2007

Published specification: RFC XXXX

Applications that use this media type: UTF8SMTP servers and email
clients that support multipart/report generation or parsing.

Additional information:

Magic number(s): none

File extension(s): In the event this is saved to a file, the
extension ".u8hdr" is suggested.

Macintosh file type code(s): The 'TEXT' type code is suggested as
files of this type are typically used for diagnostic purposes and
suitable for analysis in a UTF-8 aware text editor. A uniform
type identifier (UTI) of "public.utf8-email-message-header" is
suggested. This type conforms to "public.utf8-plain-text" and
"public.plain-text".

Person & email address to contact for further information: See the
Author's address section of this document.

Intended usage: COMMON

Restrictions on usage: This media type contains textual data in the
UTF-8 charset. It typically contains octets with the 8th bit set.
As a result a transfer encoding is required when a 7-bit transport
is used.

Author: See Author's Address section of this document.

Change controller: IETF Standards Process

7.5. message/utf-8

Type name: message

Subtype name: utf-8

Required parameters: none

Optional parameters: none

Encoding considerations: This media type contains Internationalized
Email Headers [I-D.ietf-eai-utf8headers] and MIME message body
content. The 8-bit or binary content-transfer-encoding MUST be
used unless this media type is sent over a 7-bit only transport.

Newman Expires July 29, 2007 [Page 9]

Internet-Draft International Message Notifications January 2007

Security considerations: See Section 8

Interoperability considerations: The media type provides
functionality similar to the message/rfc822 content type for email
messages with international email headers. When there is a need
to embed or return such content in another message, there is
generally an option to use this media type and leave the content
unchanged or downconvert the content to message/rfc822. Both of
these choices will interoperate with the installed base, but with
different properties. Systems unaware of international headers
will typically treat a message/utf-8 body part as an unknown
attachment, while they will understand the structure of a message/
rfc822. However, systems which understand message/utf-8 will
provide functionality superior to the result of a down-conversion
to message/rfc822. The most interoperable choice depends on the
deployed software.

Published specification: RFC XXXX

Applications that use this media type: SMTP servers and email clients
that support multipart/report generation or parsing. Email
clients which forward messages with international headers as
attachments.

Additional information:

Magic number(s): none

File extension(s): The extension ".u8msg" is suggested.

Macintosh file type code(s): A uniform type identifier (UTI) of
"public.utf8-email-message" is suggested. This conforms to
"public.message" and "public.composite-content" but does not
necessarily conform to "public.utf8-plain-text".

Person & email address to contact for further information: See the
Author's address section of this document.

Intended usage: COMMON

Restrictions on usage: This is a structured media type which embeds
other MIME media types. The 8-bit or binary content-transfer- set.
As a result a transfer encoding MUST be used unless this media type is sent over required when a 7-bit
only transport.

Newman Expires July 29, 2007 [Page 10]

Internet-Draft International Message Notifications January 2007 transport
is used.

Author: See Author's Address section of this document.

Change controller: IETF Standards Process

7.6.

6.4. message/utf-8-delivery-status

Type name: message

Subtype name: utf-8-delivery-status

Required parameters: none

Optional parameters: none

Newman & Melnikov Expires December 14, 2007 [Page 9]

Internet-Draft International Message Notifications June 2007

Encoding considerations: This media type contains delivery status
notification attributes in the UTF-8 charset. The 8-bit content
transfer encoding MUST be used with this content-type, unless it
is sent over a 7-bit transport environment in which case quoted-
printable or base 64 base64 may be necessary.

Security considerations: See Section 8 7

Interoperability considerations: This media type provides
functionality similar to the message/delivery-status content type
for email message return information. Clients of the previous
format will need to be upgraded to interpret the new format,
however the new media type makes it simple to identify the
difference.

Published specification: RFC XXXX

Applications that use this media type: SMTP servers and email
clients that support delivery status notification generation or
parsing.

Additional information:

Magic number(s): none

File extension(s): The extension ".u8dsn" is suggested.

Macintosh file type code(s): A uniform type identifier (UTI) of
"public.utf8-email-message-delivery-status" is suggested. This
type conforms to "public.utf8-plain-text".

Person & email address to contact for further information: See the
Author's address section of this document.

Newman Expires July 29, 2007 [Page 11]

Internet-Draft International Message Notifications January 2007

Intended usage: COMMON

Restrictions on usage: This is expected to be the second part of a
multipart/report.

Author: See Author's Address section of this document.

Change controller: IETF Standards Process

7.7.

6.5. message/utf-8-disposition-notification

Newman & Melnikov Expires December 14, 2007 [Page 10]

Internet-Draft International Message Notifications June 2007

Type name: message

Subtype name: utf-8-disposition-notification

Required parameters: none

Optional parameters: none

Encoding considerations: This media type contains disposition
notification attributes in the UTF-8 charset. The 8-bit content
transfer encoding MUST be used with this content-type, unless it
is sent over a 7-bit transport environment in which case quoted-
printable or base 64 base64 may be necessary.

Security considerations: See Section 8 7

Interoperability considerations: This media type provides
functionality similar to the message/disposition-notification
content type for email message disposition information. Clients
of the previous format will need to be upgraded to interpret the
new format, however the new media type makes it simple to identify
the difference.

Published specification: RFC XXXX

Applications that use this media type: Email clients or servers that
support message disposition notification generation or parsing.

Additional information:

Magic number(s): none

File extension(s): The extension ".u8mdn" is suggested.

Newman Expires July 29, 2007 [Page 12]

Internet-Draft International Message Notifications January 2007

Macintosh file type code(s): A uniform type identifier (UTI) of
"public.utf8-email-message-disposition-notification" is suggested.
This type conforms to "public.utf8-plain-text".

Person & email address to contact for further information: See the
Author's address section of this document.

Intended usage: COMMON

Restrictions on usage: This is expected to be the second part of a
multipart/report.

Newman & Melnikov Expires December 14, 2007 [Page 11]

Internet-Draft International Message Notifications June 2007

Author: See Author's Address section of this document.

Change controller: IETF Standards Process

7. Security Considerations

Automated use of report types without authentication presents several
security issues. Forging negative reports presents the opportunity
for denial-of-service attacks when the reports are used for automated
maintenance of directories or mailing lists. Forging positive
reports may cause the sender to incorrectly believe a message was
delivered when it was not.

Malicious users can generate report structures designed to trigger
coding flaws in report parsers. Report parsers need to use secure
coding techniques to avoid the risk of buffer overflow or denial-of-
service attacks against parser coding mistakes. Code reviews of such
parsers are also recommended.

Malicious users of the email system regularly send messages with
forged envelope return paths and these messages trigger delivery
status reports that result in a large amount of unwanted traffic on
the Internet. Many users choose to ignore delivery status
notifications because they are usually the result of "blowback" from
forged messages and thus never notice when messages they sent go
undelivered. As a result, support for correlation of delivery status
and message disposition notification messages with sent-messages has
become a critical feature of mail clients and possibly mail stores if
the email infrastructure is to remain reliable. In the short term,
simply correlating message-IDs may be sufficient to distinguish true
status notifications from those resulting from forged originator
addresses. But in the longer term, including cryptographic signature
material that can securely associate the status notification with the
original message is advisable.

Newman Expires July 29, 2007 [Page 13]

Internet-Draft International Message Notifications January 2007

As this specification permits UTF-8 in additional fields, the
security considerations of UTF-8 [RFC3629] apply.

8. References

9.1.

8.1. Normative References

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2821] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,

Newman & Melnikov Expires December 14, 2007 [Page 12]

Internet-Draft International Message Notifications June 2007

April 2001.

[RFC3461] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service
Extension for Delivery Status Notifications (DSNs)",
RFC 3461, January 2003.

[RFC3462] Vaudreuil, G., "The Multipart/Report Content Type for the
Reporting of Mail System Administrative Messages",
RFC 3462, January 2003.

[RFC3464] Moore, K. and G. Vaudreuil, "An Extensible Message Format
for Delivery Status Notifications", RFC 3464,
January 2003.

[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.

[RFC3798] Hansen, T. and G. Vaudreuil, "Message Disposition
Notification", RFC 3798, May 2004.

[RFC4234] Crocker, D. D., Ed. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", RFC 4234, October 2005.

[I-D.ietf-eai-utf8headers]
Yeh, J.,
Yang, A., "Internationalized Email Headers",
draft-ietf-eai-utf8headers-02
draft-ietf-eai-utf8headers-05 (work in progress),
October 2006.
April 2007.

[I-D.ietf-eai-smtpext]
Yao, J. and W. Mao, "SMTP extension for internationalized
email address", draft-ietf-eai-smtpext-02 draft-ietf-eai-smtpext-05 (work in
progress), October 2006.

Newman Expires July 29, 2007 [Page 14]

Internet-Draft International Message Notifications January 2007

9.2. April 2007.

[I-D.ietf-eai-downgrade]
Yoneya, Y. and K. Fujiwara, "Downgrading mechanism for
Email Address Internationalization (EAI)",
draft-ietf-eai-downgrade-03 (work in progress), Mar 2007.

8.2. Informative References

[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.

[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046,
November 1996.

Newman & Melnikov Expires December 14, 2007 [Page 13]

Internet-Draft International Message Notifications June 2007

[RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
4rev1", RFC 3501, March 2003.

[I-D.ietf-eai-downgrade]
Yoneya, Y. and K. Fujiwara, "Downgrading mechanism for
Email Address Internationalization (EAI)",
draft-ietf-eai-downgrade-02 (work in progress), Aug 2006.

Appendix A. Acknowledgements

Many thanks for input provided by Alexey Melnikov, Pete Resnick, James Galvin, Ned
Freed, John Klensin and members of the EAI WG to help solidify this
proposal.

Appendix B. Open Issues

Suggestion to change change the utf-8-addr format from \-encoded Unicode to
\-encoded UTF-8 as used in URIs.

Use a single syntax for I18N addresses in ORCPT/DSN instead of two
(Chris)

Potential issue: an SMTP server can't deliver an EAI DSN to the next
hop - need to use a 7bit encoding, downgrade or discard? Need to
describe choices.

Tracker issue #1485: UTF8HDR 4.6/DSN: Choice of body part for
transport of UTF8SMTP messages

Tracker issue #1483: SMTPEXT 2.7: Non-ASCII in response texts

Appendix C. Changes from -00

Added paragraph about use of 8bit Content-Transfer-Encoding for new
message sub-types.

Updated the list of open issues.

Clarified that this document is targeted to become an Experimental
RFC.

Made the utf-8-enc-addr format from %-encoded Unicode
to %-encoded UTF-8 as used in URIs. EAI downgrade document a normative reference.

Updated ABNF for utf-8-address.

Newman & Melnikov Expires July 29, December 14, 2007 [Page 15] 14]

Internet-Draft International Message Notifications January June 2007

Author's Address

Authors' Addresses

Chris Newman
Sun Microsystems
3401 Centrelake Dr., Suite 410
Ontario, CA 91761
US

Email: chris.newman@sun.com

Alexey Melnikov (editor)
Isode Ltd
5 Castle Business Village
36 Station Road
Hampton, Middlesex TW12 2BX
UK

Email: Alexey.Melnikov@isode.com

Newman & Melnikov Expires July 29, December 14, 2007 [Page 16] 15]

Internet-Draft International Message Notifications January June 2007

Full Copyright Statement

This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.

This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Intellectual Property Statement

The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.

Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
ietf-ipr@ietf.org.

Disclaimer of Validity

This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

Copyright (C) The Internet Society (2007). This document is subject
to the rights, licenses and restrictions contained in BCP 78, and
except as set forth therein, the authors retain all their rights.

Acknowledgment

Funding for the RFC Editor function is currently provided by the
Internet Society. IETF
Administrative Support Activity (IASA).

Newman & Melnikov Expires July 29, December 14, 2007 [Page 17] 16]

----