Network Working Group W. Leibzon Internet-Draft Elan Networks Expires: November 6, 2005 May 05, 2005 Content-Author and Content-Originator MIME Header Fields draft-leibzon-content-author-originator-00 Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on November 6, 2005. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document defines Content-Author and Content-Originator header fields which can be used with MAIL, HTTP and other protocols that use MIME to identify name and optionally email address of the author of piece of MIME content as well as the person or entity responsible for current distribution of the content. Leibzon Expires November 6, 2005 [Page 1] Internet-Draft Content-Author and Content-Originator May 2005 Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Content-Author Field . . . . . . . . . . . . . . . . . . . . . 4 3. Content-Originator Field . . . . . . . . . . . . . . . . . . . 6 4. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 4.1 File downloaded fom HTTP site . . . . . . . . . . . . . . 7 4.2 Email Message with Content from Multiple Authors . . . . . 7 4.3 Forwarded Email Message . . . . . . . . . . . . . . . . . 8 4.4 Email Message Sent by Mail List . . . . . . . . . . . . . 9 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 7.1 Normative References . . . . . . . . . . . . . . . . . . . 14 7.2 Informative References . . . . . . . . . . . . . . . . . . 14 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 14 Intellectual Property and Copyright Statements . . . . . . . . 15 Leibzon Expires November 6, 2005 [Page 2] Internet-Draft Content-Author and Content-Originator May 2005 1. Introduction There has been an interest expressed by many for simple way to identify author of the MIME-encoded document at the time of transmission and to identify origin of the document transmission. Currently the way it is done is at the document level itself, which for some data types (such as word-processing documents) may have "owner" or "author" document description fields. While this is sufficient for many of situations, it does and can not cover all the transmitted documents and many of those that are binary do not have document description fields. Additionally author of the document, even if known, may not necessarily be the person or entity actually responsible for document transmission and such information is also very important and while for email there exist "Sender:" and "From:" headers in the email message itself, neither one of those are reliable way to do it for specific included document (in some cases "From" and "Sender" are changed in transmission and some documents when arrived may also include MIME parts added by different systems). This document attempts to resolve the issue by defining two new header fields Content-Author and Content-Originator, that can be used together with other Content-* header fields when MIME-encoded document is generated and transmitted. The relationship between these two fields is somewhat similar to that of "From:" and "Sender:" header fields in email (but the emphasis is on specific MIME-part) with "Content-Author" specifying person or entity who actually created given MIME document and "Content-Originator" specifying the person or entity responsible for current transmission of that document. The use of these fields is not limited to email and can easily apply to any protocol that is using MIME as way to encapsulate documents that are transmitted, such as HTTP. Leibzon Expires November 6, 2005 [Page 3] Internet-Draft Content-Author and Content-Originator May 2005 2. Content-Author Field The Content-Author MIME field is for identifying actual author(s) of the document, i.e. the person or persons or entity that created it. It is notable that document may have multiple authors and, as such, it should be possible to list multiple people or entities in this field. While this field SHOULD include contact information in the form of email address, it is understood that in some cases one or more authors of the document may not be using email and as such while the field's format is similar to that of "From" header (which also has to allow for listing multiple persons), the inclusion of email address in it is optional. The ABNF [RFC2234] syntax of the "Content-Author" field is as follows: Content-Author = "Content-Author:" nameaddr-list CRLF nameaddr-list = (name-optaddr * ("," nameaddr)) nameaddr = name-optaddr / addr-spec / angle-addr name-optaddr = display-name [angle-addr] angle-addr = [CFWS] "<" addr-spec ">" [CFWS] display-name = phrase addr-spec = local-part "@" domain phrase = 1*word The structures not defined above - word, local-part, domain, CRLF, CFWS - are all defined in [RFC2822]. When document is being encoded in MIME for transmission, the sender system should add Content-Author header only if the author can be reliably determined, such as if this information is encoded as part of document format or if it is available as part of filesystem parameter (it is clearly the author and not just owner of the file). In cases of automatically generated data, the Content-Owner is person or entity that configured such behavior and controls the system that generates this data, for mail list this would be mail list owner. When the MIME-encoded document is further retransmitted (such as when it is forwarded in email) and there has not been any modification to the document itself (i.e. data portion of the MIME part remains the Leibzon Expires November 6, 2005 [Page 4] Internet-Draft Content-Author and Content-Originator May 2005 same), then Content-Author header field MUST remain the same. It should be understand that, for receiving system, Content-Owner field does not override any author information that is encoded in the document itself. As such, if receiving system is able to work with document specific type and able to extract author information from the document data. But if no authorship information is available in document data or if the data format type is not supported, then Content-Owner MIME field can used for identifying or displaying name of the content author to users. A special note must be made as to that author of the document is not necessarily a document content copyright owner. Leibzon Expires November 6, 2005 [Page 5] Internet-Draft Content-Author and Content-Originator May 2005 3. Content-Originator Field Content-Originator MIME field should be used to identify person or entity responsible for inclusion of the MIME content in the current transmission. Because this person or entity are by their very role participating in the Internet, they are expected to have an email address, and as such and unlike Content-Author, the Content- Originator field MUST always include valid email address. This all makes it quite close to "Sender:" field of an email message, with Content-Originator having similar role, but for specific MIME- part. However, unlike relationship between "Sender:" and "From:" fields of email message header, the Content-Originator field is not as closely tied to Content-Author and if Content-Originator field is not present, but Content-Author field is, it MUST NOT be assumed that Content-Author is the party responsible for MIME content inclusion in the transmission. The ABNF of the "Content-Originator" field is as follows: Content-Originator = "Content-Originator:" mailaddr CRLF mailaddr = optname-addr / addr-spec optname-addr = [display-name] angle-addr angle-addr = [CFWS] "<" addr-spec ">" [CFWS] display-name = phrase addr-spec = local-part "@" domain phrase = 1*word The structures not defined above - word, local-part, domain, CRLF, CFWS - are all defined in [RFC2822] and in fact entire "Content- Originator:" is equivalent to its "Sender:" field ABNF definition. In email in the absence of Content-Originator field for specific MIME part, the name and address from Sender header field of an email message MAY be used in its place. Leibzon Expires November 6, 2005 [Page 6] Internet-Draft Content-Author and Content-Originator May 2005 4. Examples In several examples below a downloaded media file is being sent and further retransmitted to multiple recipients. For purposes of these examples, please assume that the media file has a copyright and license that allows for unlimited distribution to the public. All names of organizations, groups and persons in the below examples are fictional. 4.1 File downloaded fom HTTP site On the website bestmp3.example.com a user John finds a new mp3 song he particularly likes. The website has database of authors of all songs and list this song as being the work of "The Obscure Wave Band" and when John asks to download the HTTP server adds "Content-Author" header to indicate that. The HTTP response to download the song may look like: HTTP/1.1 200 OK Date: Mon May 2 15:15:21 PDT 2005 Server: Apache/1.3.6 (Unix) Last-Modified: Mon May 1 04:20:58 PDT 2005 Accept-Ranges: bytes Content-length: 2031 Connection: close Content-type: audio/mp3 Content-Author: "The Obscure Wave Band" Content-Originator: "Best Mp3 Song Collection" ...mp3 file data follows here... 4.2 Email Message with Content from Multiple Authors John now wishes to share the song from "The Obscure Wave Band" with his friend Nancy and includes it as an attachment in his email. Note that while John is the author of the actual message text, he's not the author of the song itself so the email message consists of multiple mime parts with different Content-Author. For Content- Originator but the same Content-Originator (John). Leibzon Expires November 6, 2005 [Page 7] Internet-Draft Content-Author and Content-Originator May 2005 Top of the email message from John when it is being submitted for transmission to Nancy might look something like: From: "John" To: "Nancy" Subject: Check out this cool song I just found! Date: Mon, 2 May 2005 23:15:03 +0100 Message-ID: Mime-Version: 1.1 Content-Type: Multipart/Mixed; Boundary="NextPart" This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --NextPart Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Author: "John" Content-Originator: "John" Enclosed is a great new song I just got from bestmp3.example.com. John --NextPart Content-Type: audio/mp3 Content-Disposition: attachment; filename="coolingout.mp3" Content-Author: "The Obscure Wave Band" Content-Originator: "John" ...mp3 file data follows here... 4.3 Forwarded Email Message As you saw from previous example, word-of-mouth about new song can spread quickly even with individually transmitted emails, but it would not spread nearly as fast if it was not for discussion groups, mail lists and other public forums. As Nancy participates in popular music discussion list "musifans" run by "The Yippee Forums", she quickly forwards the new song to that forum. Since this is a forwarded email, it is a new transmission and Content-Originator field is reset, however Content-Author field remains the same for MIME parts from John's original email. Leibzon Expires November 6, 2005 [Page 8] Internet-Draft Content-Author and Content-Originator May 2005 Top of the email message from Nancy to musifans list when it is being submitted for transmission might look something like: From: "Nancy" To: "MusiFans List" Subject: Check out this cool song I just found! (fwd) Date: Tue, 03 May 2005 10:31:59 +0100 Message-ID: Mime-Version: 1.1 Content-Type: Multipart/Mixed; Boundary="NextPart" This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --NextPart Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Author: "Nancy" Content-Originator: "Nancy" My friend John just sent me new song he found, you all will like it too! Nancy --NextPart Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Author: "John" Content-Originator: "Nancy" Enclosed is a great new song I just got from bestmp3.example.com. John --NextPart Content-Type: audio/mp3 Content-Disposition: attachment; filename="coolingout.mp3" Content-Author: "The Obscure Wave Band" Content-Originator: "Nancy" ...mp3 file data follows here... 4.4 Email Message Sent by Mail List While "Yippee Forums'" are free, it would be difficult to maintain such service if it was not for commercial sponsors. And when email from Nancy , reaches the "Yippee Forums" server, it adds a new footer to the message as well as advertisement from the mail list sponsor. Leibzon Expires November 6, 2005 [Page 9] Internet-Draft Content-Author and Content-Originator May 2005 Note that the message being transmitted to subscribers by the Yippee Forum still has the same Message-Id as when it was sent to musifans list by Nancy and as such it is still the same transmission and Content-Originator does not change for existing MIME parts that had been sent to the list server (but MIME parts that are added by Yippee Forum's mail list server do have it listed as Content-Originator for those parts). Below is example of how email message sent from Yippee Forums server to subscriber "Adam" might look like after addition of Received and Redirected trace fields (see [Redirection-TraceFields]: Redirected: by listbox.yippee.example.org (ip=[10.8.0.1]) on-behalf-of musifans@yippee.example.org process-type mail-list (list-id=) original-envelope return-path=nancy@example.com, recipient=musifans@yippee.example.org new-envelope return-path= musifans-bounces-023491541@listbox.yippee.example.org, recipient=adam@example.net changed-header Reply-To, List-ID, Subject ; Sat, 16 Oct 2004 00:00:02 +0000 Original-Subject: Check out this cool song I just found! (fwd) Received: from mail.example.net (mail.example.net [10.0.0.1]) by listbox.yippee.example.org (8.12.1/8.12.1) with ESMTP id nmonpqrst1 for ; Tue, 03 May 2005 10:33:04 +0100 From: "MusiFans List" To: "Adam" Subject: [musifans] Check out this cool song I just found! (fwd) Date: Date: Tue, 03 May 2005 10:31:59 +0100 Message-ID: Mime-Version: 1.1 Content-Type: Multipart/Mixed; Boundary="NextPart" Precedence: list List-Id: MisiFans List This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --NextPart Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Author: "Nancy" Content-Originator: "Nancy" My friend John just sent me new song he found, Leibzon Expires November 6, 2005 [Page 10] Internet-Draft Content-Author and Content-Originator May 2005 you all will like it too! Nancy --NextPart Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Author: "John" Content-Originator: "Nancy" Enclosed is a great new song I just got from bestmp3.example.com. John --NextPart Content-Type: audio/mp3 Content-Disposition: attachment; filename="coolingout.mp3" Content-Author: "The Obscure Wave Band" Content-Originator: "Nancy" ...mp3 file data follows here... --NextPart Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Author: "Yippee Forums, Musifans Discussion List" Content-Originator: "Yippee Forums, Musifans Discussion List" _______________________________________________ Musifans mailing list - musifans@yippee.example.org Our forums and advertiser supported, check out this great offer from FlipFlop Magazine: --NextPart Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Author: "FlipFlop Magazine" Content-Originator: "Yippee Forums, Musifans Discussion List" Get extra 6-months subscription with new 12-months subscription to FlipFlap Magazine! See our website for details. --NextPart Leibzon Expires November 6, 2005 [Page 11] Internet-Draft Content-Author and Content-Originator May 2005 5. IANA Considerations Two header fields are to be registered as follows: Header Field Name: Content-Author Applicable Protocol: MIME Status: standard Author/Change controller: IETF Specification document(s): this document (Note to RFC Editor: replace with RFC YYYY if this document becomes an RFC) Related Information: NONE Header Field Name: Content-Originator Applicable Protocol: MIME Status: standard Author/Change controller: IETF Specification document(s): this document (Note to RFC Editor: replace with RFC YYYY if this document becomes an RFC) Related Information: NONE Note to RFC Editor: this section may be removed on publication as an RFC Leibzon Expires November 6, 2005 [Page 12] Internet-Draft Content-Author and Content-Originator May 2005 6. Security Considerations It is possible for transmitter to have entered incorrect information into Content-Author or Content-Originator fields (either on purpose to name somebody else as an Author or Originator or just as an error) as there is no security features associated with quality of data in these fields. This may cause users to send reports and questions to incorrect place and to in case of unwanted content may cause them to blame people listed as Content-Originator or Content-Author for such a content eventhough they may not have had anything to do with it. Leibzon Expires November 6, 2005 [Page 13] Internet-Draft Content-Author and Content-Originator May 2005 7. References 7.1 Normative References [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC2234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997. [RFC2821] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April 2001. 7.2 Informative References [Redirection-TraceFields] Leibzon, W., "Email Forwarding and Redirection Trace Header Fields", May 2005, . Author's Address William Leibzon Elan Networks 500 Laurelwood Rd, Suite 12 Santa Clara, California 95054 USA Email: william@elan.net URI: http://www.elan.net/~william/emailsecurity/ Leibzon Expires November 6, 2005 [Page 14] Internet-Draft Content-Author and Content-Originator May 2005 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Disclaimer of Validity This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright Statement Copyright (C) The Internet Society (2005). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Leibzon Expires November 6, 2005 [Page 15]