idnits 2.17.1 draft-ietf-eai-frmwrk-4952bis-12.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC5504, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document obsoletes RFC4952, but the abstract doesn't seem to directly say this. It does mention RFC4952 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 28, 2011) is 4562 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) -- Possible downref: Non-RFC (?) normative reference: ref. 'ASCII' ** Obsolete normative reference: RFC 5336 (Obsoleted by RFC 6531) -- Obsolete informational reference (is this intentional?): RFC 821 (Obsoleted by RFC 2821) -- Obsolete informational reference (is this intentional?): RFC 2821 (Obsoleted by RFC 5321) -- Obsolete informational reference (is this intentional?): RFC 3501 (Obsoleted by RFC 9051) -- Obsolete informational reference (is this intentional?): RFC 4409 (Obsoleted by RFC 6409) -- Obsolete informational reference (is this intentional?): RFC 4952 (Obsoleted by RFC 6530) -- Obsolete informational reference (is this intentional?): RFC 5335 (Obsoleted by RFC 6532) -- Duplicate reference: RFC5336, mentioned in 'RFC5336', was also mentioned in 'RFC5336bis-SMTP'. -- Obsolete informational reference (is this intentional?): RFC 5336 (Obsoleted by RFC 6531) -- Obsolete informational reference (is this intentional?): RFC 5337 (Obsoleted by RFC 6533) -- Obsolete informational reference (is this intentional?): RFC 5504 (Obsoleted by RFC 6530) -- Obsolete informational reference (is this intentional?): RFC 5721 (Obsoleted by RFC 6856) -- Duplicate reference: RFC5721, mentioned in 'RFC5721bis-POP3', was also mentioned in 'RFC5721'. -- Obsolete informational reference (is this intentional?): RFC 5721 (Obsoleted by RFC 6856) -- Obsolete informational reference (is this intentional?): RFC 5738 (Obsoleted by RFC 6855) -- Duplicate reference: RFC5738, mentioned in 'RFC5738bis-IMAP', was also mentioned in 'RFC5738'. -- Obsolete informational reference (is this intentional?): RFC 5738 (Obsoleted by RFC 6855) -- Obsolete informational reference (is this intentional?): RFC 5751 (Obsoleted by RFC 8551) -- Obsolete informational reference (is this intentional?): RFC 5825 (Obsoleted by RFC 6530) -- Obsolete informational reference (is this intentional?): RFC 5983 (Obsoleted by RFC 6783) -- Duplicate reference: RFC5983, mentioned in 'RFC5983bis-MailingList', was also mentioned in 'RFC5983'. -- Obsolete informational reference (is this intentional?): RFC 5983 (Obsoleted by RFC 6783) Summary: 1 error (**), 0 flaws (~~), 2 warnings (==), 25 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Email Address Internationalization J. Klensin 3 (EAI) Y. Ko 4 Internet-Draft October 28, 2011 5 Obsoletes: 4952, 5504, 5825 6 (if approved) 7 Intended status: Standards Track 8 Expires: April 30, 2012 10 Overview and Framework for Internationalized Email 11 draft-ietf-eai-frmwrk-4952bis-12 13 Abstract 15 Full use of electronic mail throughout the world requires that 16 (subject to other constraints) people be able to use close variations 17 on their own names (written correctly in their own languages and 18 scripts) as mailbox names in email addresses. This document 19 introduces a series of specifications that define mechanisms and 20 protocol extensions needed to fully support internationalized email 21 addresses. These changes include an SMTP extension and extension of 22 email header syntax to accommodate UTF-8 data. The document set also 23 includes discussion of key assumptions and issues in deploying fully 24 internationalized email. This document is a replacement for RFC 25 4952; it reflects additional issues identified since that document 26 was published. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on April 30, 2012. 45 Copyright Notice 47 Copyright (c) 2011 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 This document may contain material from IETF Documents or IETF 61 Contributions published or made publicly available before November 62 10, 2008. The person(s) controlling the copyright in some of this 63 material may not have granted the IETF Trust the right to allow 64 modifications of such material outside the IETF Standards Process. 65 Without obtaining an adequate license from the person(s) controlling 66 the copyright in such materials, this document may not be modified 67 outside the IETF Standards Process, and derivative works of it may 68 not be created outside the IETF Standards Process, except to format 69 it for publication as an RFC or to translate it into languages other 70 than English. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 75 2. Role of This Specification . . . . . . . . . . . . . . . . . . 5 76 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 5 77 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 78 4.1. Mail User and Mail Transfer Agents . . . . . . . . . . . . 6 79 4.2. Address Character Sets . . . . . . . . . . . . . . . . . . 7 80 4.3. User Types . . . . . . . . . . . . . . . . . . . . . . . . 7 81 4.4. Messages . . . . . . . . . . . . . . . . . . . . . . . . . 8 82 4.5. Mailing Lists . . . . . . . . . . . . . . . . . . . . . . 8 83 4.6. Conventional Message and Internationalized Message . . . . 8 84 4.7. Undeliverable Messages, Notification, and Delivery 85 Receipts . . . . . . . . . . . . . . . . . . . . . . . . . 8 86 5. Overview of the Approach and Document Plan . . . . . . . . . . 9 87 6. Review of Experimental Results . . . . . . . . . . . . . . . . 10 88 7. Overview of Protocol Extensions and Changes . . . . . . . . . 10 89 7.1. SMTP Extension for Internationalized Email Address . . . . 10 90 7.2. Transmission of Email Header Fields in UTF-8 Encoding . . 11 91 7.3. SMTP Service Extension for DSNs . . . . . . . . . . . . . 12 92 8. Downgrading before and after SMTP Transactions . . . . . . . . 12 93 8.1. Downgrading before or during Message Submission . . . . . 13 94 8.2. Downgrading or Other Processing After Final SMTP 95 Delivery . . . . . . . . . . . . . . . . . . . . . . . . . 14 96 9. Downgrading in Transit . . . . . . . . . . . . . . . . . . . . 15 97 10. User Interface and Configuration Issues . . . . . . . . . . . 15 98 10.1. Choices of Mailbox Names and Unicode Normalization . . . . 16 99 11. Additional Issues . . . . . . . . . . . . . . . . . . . . . . 17 100 11.1. Impact on URIs and IRIs . . . . . . . . . . . . . . . . . 17 101 11.2. Use of Email Addresses as Identifiers . . . . . . . . . . 17 102 11.3. Encoded Words, Signed Messages, and Downgrading . . . . . 18 103 11.4. Other Uses of Local Parts . . . . . . . . . . . . . . . . 18 104 11.5. Non-Standard Encapsulation Formats . . . . . . . . . . . . 19 105 12. Key Changes From the Experimental Protocols and Framework . . 19 106 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 107 14. Security Considerations . . . . . . . . . . . . . . . . . . . 19 108 15. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 21 109 16. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 110 16.1. Normative References . . . . . . . . . . . . . . . . . . . 21 111 16.2. Informative References . . . . . . . . . . . . . . . . . . 22 112 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 26 113 A.1. Changes between -00 and -01 . . . . . . . . . . . . . . . 26 114 A.2. Changes between -01 and -02 . . . . . . . . . . . . . . . 27 115 A.3. Changes between -02 and -03 . . . . . . . . . . . . . . . 28 116 A.4. Changes between -03 and -04 . . . . . . . . . . . . . . . 28 117 A.5. Changes between -04 and -05 . . . . . . . . . . . . . . . 29 118 A.6. Changes between -05 and -06 . . . . . . . . . . . . . . . 29 119 A.7. Changes between -06 and -07 . . . . . . . . . . . . . . . 29 120 A.8. Changes between -07 and -08 (after IETF Last Call) . . . . 29 121 A.9. Changes between -08 and -09 . . . . . . . . . . . . . . . 29 122 A.10. Changes between -09 and -10 . . . . . . . . . . . . . . . 29 123 A.11. Changes between -10 and -11 . . . . . . . . . . . . . . . 29 125 1. Introduction 127 Note in Draft and to RFC Editor: The keyword represented in this 128 document by "UTF8SMTPbis" (and in the XML source by &EAISMTPkeyword;) 129 is a placeholder. The actual keyword will be assigned when the 130 standards track SMTP extension in this series [RFC5336bis-SMTP] is 131 approved for publication and should be substituted here. This 132 paragraph should be treated as normative reference to that SMTP 133 extension draft, creating a reference hold until it is approved by 134 the IESG. The paragraph should be removed before RFC publication. 136 In order to use internationalized email addresses, we need to 137 internationalize both the domain part and the local part of email 138 addresses. The domain part of email addresses is already 139 internationalized [RFC5890], while the local part is not. Without 140 the extensions specified in this document, the mailbox name is 141 restricted to a subset of 7-bit ASCII [RFC5321]. Though MIME 142 [RFC2045] enables the transport of non-ASCII data, it does not 143 provide a mechanism for internationalized email addresses. In RFC 144 2047 [RFC2047], MIME defines an encoding mechanism for some specific 145 message header fields to accommodate non-ASCII data. However, it 146 does not permit the use of email addresses that include non-ASCII 147 characters. Without the extensions defined here, or some equivalent 148 set, the only way to incorporate non-ASCII characters in any part of 149 email addresses is to use RFC 2047 coding to embed them in what RFC 150 5322 [RFC5322] calls the "display name" (known as a "name phrase" or 151 by other terms elsewhere) of the relevant header fields. Information 152 coded into the display name is invisible in the message envelope and, 153 for many purposes, is not part of the address at all. 155 This document is a replacement for RFC 4952 [RFC4952]; it reflects 156 additional issues, shared terminology, and some architectural changes 157 identified since that document was published. It obsoletes that 158 document. The experimental descriptions of in-transit downgrading 159 [RFC5504][RFC5825], are now irrelevant and no longer needed due to 160 the changes discussed in Section 12. The RFC Editor is requested to 161 move all three of those documents to Historic. 163 The pronouns "he" and "she" are used interchangeably to indicate a 164 human of indeterminate gender. 166 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 167 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 168 document are to be interpreted as described in BCP 14, RFC 2119 169 [RFC2119]. Although this document is Informational, those 170 requirements are consistent with requirements specified in the 171 Standards Track documents in this set as described in Section 5. 173 2. Role of This Specification 175 This document presents the overview and framework for an approach to 176 the next stage of email internationalization. This new stage 177 requires not only internationalization of addresses and header 178 fields, but also associated transport and delivery models. A prior 179 version of this specification, RFC 4952 [RFC4952], also provided an 180 introduction to a series of experimental protocols [RFC5335] 181 [RFC5336] [RFC5337] [RFC5504] [RFC5721] [RFC5738] [RFC5825]. This 182 revised form provides overview and conceptual information for the 183 standards-track successors of a subset of those protocols. Details 184 of the documents and the relationships among them appear in Section 5 185 and a discussion of what was learned from the Experimental protocols 186 and their implementations appears in Section 6. 188 Taken together, these specifications provide the details for a way to 189 implement and support internationalized email. The document itself 190 describes how the various elements of email internationalization fit 191 together and the relationships among the primary specifications 192 associated with message transport, header formats, and handling. 194 This document, and others that comprise the collection described 195 above, assume a reasonable familiarity with the basic Internet 196 electronic mail specifications and terminology [RFC5321][RFC5322] and 197 the MIME [RFC2045] and 8BITMIME [RFC6152] ones as well. While not 198 strictly required to implement this specification, a general 199 familiarity with the terminology and functions of IDNA 200 [RFC5890][RFC5891] [RFC5892][RFC5893] [RFC5894] are also assumed. 202 3. Problem Statement 204 Internationalizing Domain Names in Applications (IDNA) [RFC5890] 205 permits internationalized domain names, but deployment has not yet 206 reached most users. One of the reasons for this is that we do not 207 yet have fully internationalized naming schemes. Domain names are 208 just one of the various names and identifiers that are required to be 209 internationalized. In many contexts, until more of those identifiers 210 are internationalized, internationalized domain names alone have 211 little value. 213 Email addresses are prime examples of why it is not good enough to 214 just internationalize the domain name. As most observers have 215 learned from experience, users strongly prefer email addresses that 216 resemble names or initials to those involving seemingly meaningless 217 strings of letters or numbers. Unless the entire email address can 218 use familiar characters and formats, users will perceive email as 219 being culturally unfriendly. If the names and initials used in email 220 addresses can be expressed in the native languages and writing 221 systems of the users, the Internet will be perceived as more natural, 222 especially by those whose native language is not written in a subset 223 of a Roman-derived script. 225 Internationalization of email addresses is not merely a matter of 226 changing the SMTP envelope; or of modifying the From, To, and Cc 227 header fields; or of permitting upgraded Mail User Agents (MUAs) to 228 decode a special coding and respond by displaying local characters. 229 To be perceived as usable, the addresses must be internationalized 230 and handled consistently in all of the contexts in which they occur. 231 This requirement has far-reaching implications: collections of 232 patches and workarounds are not adequate. Even if they were 233 adequate, a workaround-based approach may result in an assortment of 234 implementations with different sets of patches and workarounds having 235 been applied with consequent user confusion about what is actually 236 usable and supported. Instead, we need to build a fully 237 internationalized email environment, focusing on permitting efficient 238 communication among those who share a language and writing system. 239 That, in turn, implies changes to the mail header environment to 240 permit those header fields that are appropriately internationalized 241 to utilize the full range of Unicode characters, an SMTP Extension to 242 permit UTF-8 [RFC3629] [RFC5198] mail addressing and delivery of 243 those extended header fields, support for internationalization of 244 delivery and service notifications [RFC3461] [RFC3464], and (finally) 245 a requirement for support of the 8BITMIME SMTP Extension [RFC6152] so 246 that all of these can be transported through the mail system without 247 having to overcome the limitation that header fields do not have 248 content-transfer-encodings. 250 4. Terminology 252 This document assumes a reasonable understanding of the protocols and 253 terminology of the core email standards as documented in [RFC5321] 254 and [RFC5322]. 256 4.1. Mail User and Mail Transfer Agents 258 Much of the description in this document depends on the abstractions 259 of "Mail Transfer Agent" ("MTA") and "Mail User Agent" ("MUA"). 260 However, it is important to understand that those terms and the 261 underlying concepts postdate the design of the Internet's email 262 architecture and the application of the "protocols on the wire" 263 principle to it. That email architecture, as it has evolved, and 264 that "on the wire" principle have prevented any strong and 265 standardized distinctions about how MTAs and MUAs interact on a given 266 origin or destination host (or even whether they are separate). 268 However, the term "final delivery MTA" is used in this document in a 269 fashion equivalent to the term "delivery system" or "final delivery 270 system" of RFC 5321. This is the SMTP server that controls the 271 format of the local parts of addresses and is permitted to inspect 272 and interpret them. It receives messages from the network for 273 delivery to mailboxes or for other local processing, including any 274 forwarding or aliasing that changes envelope addresses, rather than 275 relaying. From the perspective of the network, any local delivery 276 arrangements such as saving to a message store, handoff to specific 277 message delivery programs or agents, and mechanisms for retrieving 278 messages are all "behind" the final delivery MTA and hence are not 279 part of the SMTP transport or delivery process. 281 4.2. Address Character Sets 283 In this document, an address is "all-ASCII", or just an "ASCII 284 address", if every character in the address is in the ASCII character 285 repertoire [ASCII]; an address is "non-ASCII", or an "i18n-address", 286 if any character is not in the ASCII character repertoire. Such 287 addresses MAY be restricted in other ways, but those restrictions are 288 not relevant to this definition. The term "all-ASCII" is also 289 applied to other protocol elements when the distinction is important, 290 with "non-ASCII" or "internationalized" as its opposite. 292 The umbrella term to describe the email address internationalization 293 specified by this document and its companion documents is 294 "UTF8SMTPbis". 295 [[anchor3: Note in Draft: Keyword to be changed before publication.]] 296 For example, an address permitted by this specification is referred 297 to as a "UTF8SMTPbis (compliant) address". 299 Please note that, according to the definitions given here, the set of 300 all "all-ASCII" addresses and the set of all "non-ASCII" addresses 301 are mutually exclusive. The set of all addresses permitted when 302 UTF8SMTPbis appears is the union of these two sets. 304 4.3. User Types 306 An "ASCII user" (i) exclusively uses email addresses that contain 307 ASCII characters only, and (ii) cannot generate recipient addresses 308 that contain non-ASCII characters. 310 An "i18mail user" has one or more non-ASCII email addresses, or is 311 able to generate recipient addresses that contain non-ASCII 312 characters. Such a user may have ASCII addresses too; if the user 313 has more than one email account and a corresponding address, or more 314 than one alias for the same address, he or she has some method to 315 choose which address to use on outgoing email. Note that under this 316 definition, it is not possible to tell from an ASCII address if the 317 owner of that address is an i18mail user or not. (A non-ASCII 318 address implies a belief that the owner of that address is an i18mail 319 user.) There is no such thing as an "i18mail message"; the term 320 applies only to users and their agents and capabilities. In 321 particular, the use of non-ASCII message content is an integral part 322 of the MIME specifications [RFC2045] and does not require these 323 extensions (although it is compatible with them). 325 4.4. Messages 327 A "message" is sent from one user (sender) using a particular email 328 address to one or more other recipient email addresses (often 329 referred to just as "users" or "recipient users"). 331 4.5. Mailing Lists 333 A "mailing list" is a mechanism whereby a message may be distributed 334 to multiple recipients by sending it to one recipient address. An 335 agent (typically not a human being) at that single address then 336 causes the message to be redistributed to the target recipients. 337 This agent sets the envelope return address of the redistributed 338 message to a different address from that of the original single 339 recipient message. Using a different envelope return address 340 (reverse-path) causes error (and other automatically generated) 341 messages to go to an error handling address. 343 Special provisions for managing mailing lists that might contain non- 344 ASCII addresses are discussed in a document that is specific to that 345 topic [RFC5983] [RFC5983bis-MailingList]. 347 4.6. Conventional Message and Internationalized Message 349 o A conventional message is one that does not use any extension 350 defined in the SMTP extension document [RFC5336] or in the 351 UTF8header specification [RFC5335], and is strictly conformant to 352 RFC 5322 [RFC5322]. 354 o An internationalized message is a message utilizing one or more of 355 the extensions defined in this set of specifications, so that it 356 is no longer conformant to the traditional specification of an 357 email message or its transport. 359 4.7. Undeliverable Messages, Notification, and Delivery Receipts 361 As specified in RFC 5321, a message that is undeliverable for some 362 reason is expected to result in notification to the sender. This can 363 occur in either of two ways. One, typically called "Rejection", 364 occurs when an SMTP server returns a reply code indicating a fatal 365 error (a "5yz" code) or persistently returns a temporary failure 366 error (a "4yz" code). The other involves accepting the message 367 during SMTP processing and then generating a message to the sender, 368 typically known as a "Non-delivery Notification" or "NDN". Current 369 practice often favors rejection over NDNs because of the reduced 370 likelihood that the generation of NDNs will be used as a spamming 371 technique. The latter, NDN, case is unavoidable if an intermediate 372 MTA accepts a message that is then rejected by the next-hop server. 374 A sender MAY also explicitly request message receipts [RFC3461] that 375 raise the same issues for these internationalization extensions as 376 NDNs. 378 5. Overview of the Approach and Document Plan 380 This set of specifications changes both SMTP and the character 381 encoding of email message headers to permit non-ASCII characters to 382 be represented directly. Each important component of the work is 383 described in a separate document. The document set, whose members 384 are described below, also contains informational documents whose 385 purpose is to provide implementation suggestions and guidance for the 386 protocols. 388 In addition to this document, the following documents make up this 389 specification and provide advice and context for it. 391 o SMTP extension. The SMTP extension document [RFC5336bis-SMTP] 392 provides an SMTP extension (as provided for in RFC 5321) for 393 internationalized addresses. 395 o Email message headers in UTF-8. The email message header document 396 [RFC5335bis-Hdrs] essentially updates RFC 5322 to permit some 397 information in email message headers to be expressed directly by 398 Unicode characters encoded in UTF-8 when the SMTP extension 399 described above is used. This document, possibly with one or more 400 supplemental ones, will also need to address the interactions with 401 MIME, including relationships between UTF8SMTPbis and internal 402 MIME headers and content types. 404 o Extensions to delivery status and notification handling to adapt 405 to internationalized addresses [RFC5337bis-DSN]. 407 o Forthcoming documents will specify extensions to the IMAP protocol 408 [RFC3501] to support internationalized message headers 409 [RFC5738bis-IMAP], Parallel extensions to the POP protocol 410 [RFC5721] [RFC5721bis-POP3], and some common properties of the two 411 [POPIMAP-downgrade]. 413 6. Review of Experimental Results 415 The key difference between this set of protocols and the experimental 416 set that preceded them [RFC5335] [RFC5336] [RFC5337] [RFC5504] 417 [RFC5721] [RFC5738] [RFC5825] is that the earlier group provided a 418 mechanism for in-transit downgrading of messages (described in detail 419 in RFC 5504). That mechanism permitted, and essentially required, 420 that each non-ASCII address be accompanied by an all-ASCII 421 equivalent. That, in turn, raised security concerns associated with 422 pairing of addresses that could not be authenticated. It also 423 introduced the first incompatible change to Internet mail addressing 424 in many years, raising concerns about interoperability issues if the 425 new address forms "leaked" into legacy email implementations. The WG 426 concluded that the advantages of in-transit downgrading, were it 427 feasible operationally, would be significant enough to overcome those 428 concerns. 430 That turned out not to be the case, with interoperability problems 431 among initial implementations. Prior to starting on the work that 432 led to this set of specifications, the WG concluded that the 433 combination of requirements and long-term implications of that 434 earlier model were too complex to be satisfactory and that work 435 should move ahead without it. 437 The other significant change to the protocols themselves is that the 438 UTF8SMTPbis keyword is now required as an SMTP client announcement if 439 the extension is needed; in the experimental version, only the server 440 announcement that an extended envelope and/or content were permitted 441 was necessary. 443 7. Overview of Protocol Extensions and Changes 445 7.1. SMTP Extension for Internationalized Email Address 447 An SMTP extension, "UTF8SMTPbis" is specified as follows: 449 o Permits the use of UTF-8 strings in email addresses, both local 450 parts and domain names. 452 o Permits the selective use of UTF-8 strings in email message 453 headers (see Section 7.2). 455 o Requires that the server advertise the 8BITMIME extension 456 [RFC6152] and that the client support 8-bit transmission so that 457 header information can be transmitted without using a special 458 content-transfer-encoding. 460 Some general principles affect the development decisions underlying 461 this work. 463 1. Email addresses enter subsystems (such as a user interface) that 464 may perform charset conversions or other encoding changes. When 465 the local part of the address includes characters outside the 466 ASCII character repertoire, use of ASCII-compatible encoding 467 (ACE) [RFC3492] [RFC5890] in the domain part is discouraged to 468 promote consistent processing of characters throughout the 469 address. 471 2. An SMTP relay MUST 473 * Either recognize the format explicitly, agreeing to do so via 474 an ESMTP option, or 476 * Reject the message or, if necessary, return a non-delivery 477 notification message, so that the sender can make another 478 plan. 480 3. If the message cannot be forwarded because the next-hop system 481 cannot accept the extension, it MUST be rejected or a non- 482 delivery message MUST be generated and sent. 484 4. In the interest of interoperability, charsets other than UTF-8 485 are prohibited in mail addresses and message headers being 486 transmitted over the Internet. There is no practical way to 487 identify multiple charsets properly with an extension similar to 488 this without introducing great complexity. 490 Conformance to the group of standards specified here for email 491 transport and delivery requires implementation of the SMTP Extension 492 specification and the UTF-8 Header specification. If the system 493 implements IMAP or POP, it MUST conform to the i18n IMAP 494 [RFC5738bis-IMAP] or POP [RFC5721bis-POP3] specifications 495 respectively. 497 7.2. Transmission of Email Header Fields in UTF-8 Encoding 499 There are many places in MUAs or in a user presentation in which 500 email addresses or domain names appear. Examples include the 501 conventional From, To, or Cc header fields; Message-ID and 502 In-Reply-To header fields that normally contain domain names (but 503 that may be a special case); and in message bodies. Each of these 504 must be examined from an internationalization perspective. The user 505 will expect to see mailbox and domain names in local characters, and 506 to see them consistently. If non-obvious encodings, such as 507 protocol-specific ASCII-Compatible Encoding (ACE) variants, are used, 508 the user will inevitably, if only occasionally, see them rather than 509 "native" characters and will find that discomfiting or astonishing. 510 Similarly, if different codings are used for mail transport and 511 message bodies, the user is particularly likely to be surprised, if 512 only as a consequence of the long-established "things leak" 513 principle. The only practical way to avoid these sources of 514 discomfort, in both the medium and the longer term, is to have the 515 encodings used in transport be as similar to the encodings used in 516 message headers and message bodies as possible. 518 When email local parts are internationalized, they SHOULD be 519 accompanied by arrangements for the message headers to be in the 520 fully internationalized form. That form SHOULD use UTF-8 rather than 521 ASCII as the base character set for the contents of header fields 522 (protocol elements such as the header field names themselves are 523 unchanged and remain entirely in ASCII). For transition purposes and 524 compatibility with legacy systems, this can done by extending the 525 traditional MIME encoding models for non-ASCII characters in headers 526 [RFC2045] [RFC2231], but even these should be based on UTF-8, rather 527 than other encodings, if at all possible [RFC6055]. However, the 528 target is fully internationalized message headers, as discussed in 529 [RFC5335bis-Hdrs] and not an extended and painful transition. 531 7.3. SMTP Service Extension for DSNs 533 The existing Draft Standard Delivery status notifications (DSNs) 534 specification [RFC3461] is limited to ASCII text in the machine 535 readable portions of the protocol. "International Delivery and 536 Disposition Notifications" [RFC5337bis-DSN] adds a new address type 537 for international email addresses so an original recipient address 538 with non-ASCII characters can be correctly preserved even after 539 downgrading. If an SMTP server advertises both the UTF8SMTPbis and 540 the DSN extension, that server MUST implement internationalized DSNs 541 including support for the ORCPT parameter specified in RFC 3461 542 [RFC3461]. 544 8. Downgrading before and after SMTP Transactions 546 An important issue with these extensions is how to handle 547 interactions between systems that support non-ASCII addresses and 548 legacy systems that expect ASCII. There is, of course, no problem 549 with ASCII-only systems sending to those that can handle 550 internationalized forms because the ASCII forms are just a proper 551 subset. But, when systems that support these extensions send mail, 552 they MAY include non-ASCII addresses for senders, receivers, or both 553 and might also provide non-ASCII header information other than 554 addresses. If the extension is not supported by the first-hop system 555 (SMTP server accessed by the Submission server acting as an SMTP 556 client), message originating systems SHOULD be prepared to either 557 send conventional envelopes and message headers or to return the 558 message to the originating user so the message may be manually 559 downgraded to the traditional form, possibly using encoded words 560 [RFC2047] in the message headers. Of course, such transformations 561 imply that the originating user or system must have ASCII-only 562 addresses available for all senders and recipients. Mechanisms by 563 which such addresses may be found or identified are outside the scope 564 of these specifications as are decisions about the design of 565 originating systems such as whether any required transformations are 566 made by the user, the originating MUA, or the Submission server. 568 A somewhat more complex situation arises when the first-hop system 569 supports these extensions but some subsequent server in the SMTP 570 transmission chain does not. It is important to note that most cases 571 of that situation with forward-pointing addresses will be the result 572 of configuration errors: especially if it hosts non-ASCII addresses, 573 a final delivery MTA that accepts these extensions SHOULD NOT be 574 configured with lower-preference MX hosts that do not. When the only 575 non-ASCII address being transmitted is backward-pointing (e.g., in an 576 SMTP MAIL command), recipient configuration can not help in general. 577 On the other hand, alternate, all-ASCII, addresses for senders are 578 those most likely to be authoritatively known by the submission 579 environment or the sender herself. Consequently, if an intermediate 580 SMTP relay that requires these extensions then discovers that the 581 next system in the chain does not support them, it will have little 582 choice other than to reject or return the message. 584 As discussed above, downgrading to an ASCII-only form may occur 585 before or during the initial message submission. It might also occur 586 after the delivery to the final delivery MTA in order to accommodate 587 messages stores or IMAP or POP servers or clients that have different 588 capabilities than the delivery MTA. These two cases are discussed in 589 the subsections below. 591 8.1. Downgrading before or during Message Submission 593 The IETF has traditionally avoided specifying the precise behavior of 594 MUAs to provide maximum flexibility in the associated user 595 interfaces. The SMTP standard [RFC5321], Section 6.4, gives wide 596 latitude to MUAs and Submission servers as to what might be supplied 597 by the user as long as the result conforms with "on the wire" 598 standards once it is injected into the public Internet. In that 599 tradition, the discussion in the remainder of Section 8 is provided 600 as general guidance rather than normative requirements. 602 Messages that require these extensions will sometimes be transferred 603 to a system that does not support these extensions; it is likely that 604 the most common cases will involve the combination of ASCII-only 605 forward-pointing addresses with a non-ASCII backward-pointing one. 606 Until the extensions described here have been universally implemented 607 in the Internet email environment, senders who prefer to use non- 608 ASCII addresses (or raw UTF-8 characters in header fields) even when 609 their intended recipients use and expect all-ASCII ones will need to 610 be especially careful about the error conditions that can arise, 611 especially if they are working in an environment in which non- 612 delivery messages (or other indications from submission servers) are 613 routinely dropped or ignored. 615 Perhaps obviously, the most convenient time to find an ASCII address 616 corresponding to an internationalized address is at the originating 617 MUA or closely-associated systems. This can occur either before the 618 message is sent or after the internationalized form of the message is 619 rejected. It is also the most convenient time to convert a message 620 from the internationalized form into conventional ASCII form or to 621 generate a non-delivery message to the sender if either is necessary. 622 At that point, the user has a full range of choices available, 623 including changing backward-pointing addresses, contacting the 624 intended recipient out of band for an alternate address, consulting 625 appropriate directories, arranging for translation of both addresses 626 and message content into a different language, and so on. While it 627 is natural to think of message downgrading as optimally being a 628 fully-automated process, we should not underestimate the capabilities 629 of a user of at least moderate intelligence who wishes to communicate 630 with another such user. 632 In this context, one can easily imagine modifications to message 633 submission servers (as described in RFC 4409 [RFC4409]) so that they 634 would perform downgrading operations or perhaps even upgrading ones. 635 Such operations would permit receiving messages with one or more of 636 the internationalization extensions discussed here and adapting the 637 outgoing message, as needed, to respond to the delivery or next-hop 638 environment the submission server encounters. 640 8.2. Downgrading or Other Processing After Final SMTP Delivery 642 When an email message is received by a final delivery MTA, it is 643 usually stored in some form. Then it is retrieved either by software 644 that reads the stored form directly or by client software via some 645 email retrieval mechanisms such as POP or IMAP. 647 The SMTP extension described in Section 7.1 provides protection only 648 in transport. It does not prevent MUAs and email retrieval 649 mechanisms that have not been upgraded to understand 650 internationalized addresses and UTF-8 message headers from accessing 651 stored internationalized emails. 653 Since the final delivery MTA (or, to be more specific, its 654 corresponding mail storage agent) cannot safely assume that agents 655 accessing email storage will always be capable of handling the 656 extensions proposed here, it MAY downgrade internationalized emails, 657 specially identify messages that utilize these extensions, or both. 658 If this is done, the final delivery MTA SHOULD include a mechanism to 659 preserve or recover the original internationalized forms without 660 information loss to support access by UTF8SMTPbis-aware agents. 662 9. Downgrading in Transit 664 The base SMTP specification (Section 2.3.11 of RFC 5321 [RFC5321]) 665 states that "due to a long history of problems when intermediate 666 hosts have attempted to optimize transport by modifying them, the 667 local-part MUST be interpreted and assigned semantics only by the 668 host specified in the domain part of the address". This is not a new 669 requirement; equivalent statements appeared in specifications in 2001 670 [RFC2821] and even in 1989 [RFC1123]. 672 Adherence to this rule means that a downgrade mechanism that 673 transforms the local-part of an email address cannot be utilized in 674 transit. It can only be applied at the endpoints, specifically by 675 the MUA or submission server or by the final delivery MTA. 677 One of the reasons for this rule has to do with legacy email systems 678 that embed mail routing information in the local-part of the address 679 field. Transforming the email address destroys such routing 680 information. There is no way a server other than the final delivery 681 server can know, for example, whether the local-part of 682 user%foo@example.com is a route ("user" is reached via "foo") or 683 simply a local address. 685 10. User Interface and Configuration Issues 687 Internationalization of addresses and message headers, especially in 688 combination with variations on character coding that are inherent to 689 Unicode, may make careful choices of addresses and careful 690 configuration of servers and DNS records even more important than 691 they are for traditional Internet email. It is likely that, as 692 experience develops with the use of these protocols, it will be 693 desirable to produce one or more additional documents that offer 694 guidance for configuration and interfaces. A document that discusses 695 issues with mail user agents (MUAs), especially with regard to 696 downgrading, is expected to be developed in the EAI Working Group. 697 The subsections below address some other issues. 699 10.1. Choices of Mailbox Names and Unicode Normalization 701 It has long been the case that the email syntax permits choices about 702 mailbox names that are unwise in practice if one actually intends the 703 mailboxes to be accessible to a broad range of senders. The most- 704 often-cited examples involve the use of case-sensitivity and tricky 705 quoting of embedded characters in mailbox local parts. These 706 deliberately-unusual constructions are permitted by the protocols and 707 servers are expected to support them. Although they can provide 708 value in special cases, taking advantage of them is almost always bad 709 practice unless the intent is to create some form of security by 710 obscurity. 712 In the absence of these extensions, SMTP clients and servers are 713 constrained to using only those addresses permitted by RFC 5321. The 714 local parts of those addresses MAY be made up of any ASCII characters 715 except the control characters that 5321 prohibits, although some of 716 them MUST be quoted as specified there. It is notable in an 717 internationalization context that there is a long history on some 718 systems of using overstruck ASCII characters (a character, a 719 backspace, and another character) within a quoted string to 720 approximate non-ASCII characters. This form of internationalization 721 was permitted by RFC 821 [RFC0821] but is prohibited by RFC 5321 722 because it requires a backspace character (a prohibited C0 control). 723 Because RFC 5321 (and its predecessor, RFC 2821) prohibit the use of 724 this character in ASCII mailbox names and it is even more problematic 725 (for canonicalization and normalization reasons) in non-ASCII 726 strings, backspace MUST NOT appear in UTF8SMTPbis mailbox names. 728 For the particular case of mailbox names that contain non-ASCII 729 characters in the local part, domain part, or both, special attention 730 MUST be paid to Unicode normalization [Unicode-UAX15], in part 731 because Unicode strings may be normalized by other processes 732 independent of what a mail protocol specifies (this is exactly 733 analogous to what may happen with quoting and dequoting in 734 traditional addresses). Consequently, the following principles are 735 offered as advice to those who are selecting names for mailboxes: 737 o In general, it is wise to support addresses in Normalized form, 738 using at least Normalization Form NFC. Except in circumstances in 739 which NFKC would map characters together that the parties 740 responsible for the destination mail server would prefer to be 741 kept distinguishable, supporting the NFKC-conformant form would 742 yield even more predictable behavior for the typical user. 744 o It will usually be wise to support other forms of the same local- 745 part string, either as aliases or by normalization of strings 746 reaching the delivery server: the sender should not be depended 747 upon to send the strings in normalized form. 749 o Stated differently and in more specific terms, the rules of the 750 protocol for local-part strings essentially provide that: 752 * Unnormalized strings are valid, but sufficiently bad practice 753 that they may not work reliably on a global basis. Servers 754 should not depend on clients to send normalized forms but 755 should be aware that procedures on client machines outside the 756 control of the MUA may cause normalized strings to be sent 757 regardless of user intent. 759 * C0 (and presumably C1) controls (see The Unicode Standard 760 [Unicode]) are prohibited, the first in RFC 5321 and the second 761 by an obvious extension from it [RFC5198]. 763 * Other kinds of punctuation, spaces, etc., are risky practice. 764 Perhaps they will work, and SMTP receiver code is required to 765 handle them without severe errors (even if such strings are not 766 accepted in addresses to be delivered on that server), but 767 creating dependencies on them in mailbox names that are chosen 768 is usually a bad practice and may lead to interoperability 769 problems. 771 11. Additional Issues 773 This section identifies issues that are not covered, or not covered 774 comprehensively, as part of this set of specifications, but that will 775 require ongoing review as part of deployment of email address and 776 header internationalization. 778 11.1. Impact on URIs and IRIs 780 The mailto: schema [RFC6068], and the discussion of it in the 781 Internationalized Resource Identifier (IRI) specification [RFC3987] 782 may need to be modified when this work is completed and standardized. 784 11.2. Use of Email Addresses as Identifiers 786 There are a number of places in contemporary Internet usage in which 787 email addresses are used as identifiers for individuals, including as 788 identifiers to Web servers supporting some electronic commerce sites 789 and in some X.509 certificates [RFC5280]. These documents do not 790 address those uses, but it is reasonable to expect that some 791 difficulties will be encountered when internationalized addresses are 792 first used in those contexts, many of which cannot even handle the 793 full range of addresses permitted today. 795 11.3. Encoded Words, Signed Messages, and Downgrading 797 One particular characteristic of the email format is its persistency: 798 MUAs are expected to handle messages that were originally sent 799 decades ago and not just those delivered seconds ago. As such, MUAs 800 and mail filtering software, such as that specified in Sieve 801 [RFC5228], will need to continue to accept and decode header fields 802 that use the "encoded word" mechanism [RFC2047] to accommodate non- 803 ASCII characters in some header fields. While extensions to both 804 POP3 [RFC1939] and IMAP [RFC3501] have been defined that include 805 automatic upgrading of messages that carry non-ASCII information in 806 encoded form -- including RFC 2047 decoding -- of messages by the 807 POP3 [RFC5721bis-POP3] or IMAP [RFC5738bis-IMAP] server, there are 808 message structures and MIME content-types for which that cannot be 809 done or where the change would have unacceptable side effects. 811 For example, message parts that are cryptographically signed, using 812 e.g., S/MIME [RFC5751] or Pretty Good Privacy (PGP) [RFC3156], cannot 813 be upgraded from the RFC 2047 form to normal UTF-8 characters without 814 breaking the signature. Similarly, message parts that are encrypted 815 may contain, when decrypted, header fields that use the RFC 2047 816 encoding; such messages cannot be 'fully' upgraded without access to 817 cryptographic keys. 819 Similar issues may arise if messages are signed and then subsequently 820 downgraded, e.g., as discussed in Section 8.1, and then an attempt is 821 made to upgrade them to the original form and then verify the 822 signatures. Even the very subtle changes that may result from 823 algorithms to downgrade and then upgrade again may be sufficient to 824 invalidate the signatures if they impact either the primary or MIME 825 bodypart headers. When signatures are present, downgrading MUST be 826 performed with extreme care if at all. 828 11.4. Other Uses of Local Parts 830 Local parts are sometimes used to construct domain labels, e.g., the 831 local part "user" in the address user@domain.example could be 832 converted into a vanity host user.domain.example with its Web space 833 at and the catchall addresses 834 any.thing.goes@user.domain.example. 836 Such schemes are obviously limited by, among other things, the SMTP 837 rules for domain names, and will not work without further 838 restrictions for other local parts such as the 839 specified in [RFC5335bis-Hdrs]. Whether those limitations are 840 relevant to these specifications is an open question. It may be 841 simply another case of the considerable flexibility accorded to 842 delivery MTAs in determining the mailbox names they will accept and 843 how they are interpreted. 845 11.5. Non-Standard Encapsulation Formats 847 Some applications use formats similar to the application/mbox format 848 defined in [RFC4155] instead of the message/digest form described in 849 RFC 2046, Section 5.1.5 [RFC2046] to transfer multiple messages as 850 single units. Insofar as such applications assume that all stored 851 messages use the message/rfc822 format described in RFC 2046, Section 852 5.2.1 [RFC2046] with ASCII message headers, they are not ready for 853 the extensions specified in this series of documents and special 854 measures may be needed to properly detect and process them. 856 12. Key Changes From the Experimental Protocols and Framework 858 The original framework for internationalized email addresses and 859 headers was described in RFC 4952 and a subsequent set of 860 experimental protocol documents. Those relationships are described 861 in Section 3. The key architectural difference between the 862 experimental specifications and this newer set is that the earlier 863 specifications supported in-transit downgrading. Those mechanisms 864 included the definition of syntax and functions to support passing 865 alternate, all-ASCII, addresses with the non-ASCII ones as well as 866 special headers to indicate the downgraded status of messages. Those 867 features were eliminated after experimentation indicated that they 868 were more complex and less necessary than had been assumed earlier. 869 Those issues are described in more detail in Section 6 and Section 9. 871 13. IANA Considerations 873 This overview description and framework document does not contemplate 874 any IANA registrations or other actions. Some of the documents in 875 the group have their own IANA considerations sections and 876 requirements. 878 14. Security Considerations 880 Any expansion of permitted characters and encoding forms in email 881 addresses raises some risks. There have been discussions on so 882 called "IDN-spoofing" or "IDN homograph attacks". These attacks 883 allow an attacker (or "phisher") to spoof the domain or URLs of 884 businesses. The same kind of attack is also possible on the local 885 part of internationalized email addresses. It should be noted that 886 the proposed fix involving forcing all displayed elements into 887 normalized lower-case works for domain names in URLs, but not for 888 email local parts since those are case sensitive. 890 Since email addresses are often transcribed from business cards and 891 notes on paper, they are subject to problems arising from confusable 892 characters (see [RFC4690]). These problems are somewhat reduced if 893 the domain associated with the mailbox is unambiguous and supports a 894 relatively small number of mailboxes whose names follow local system 895 conventions. They are increased with very large mail systems in 896 which users can freely select their own addresses. 898 The internationalization of email addresses and message headers must 899 not leave the Internet less secure than it is without the required 900 extensions. The requirements and mechanisms documented in this set 901 of specifications do not, in general, raise any new security issues. 903 They do require a review of issues associated with confusable 904 characters -- a topic that is being explored thoroughly elsewhere 905 (see, e.g., RFC 4690 [RFC4690]) -- and, potentially, some issues with 906 UTF-8 normalization, discussed in RFC 3629 [RFC3629], and other 907 transformations. Normalization and other issues associated with 908 transformations and standard forms are also part of the subject of 909 work described elsewhere [RFC5198] [RFC5893] [RFC6055]. 911 Some issues specifically related to internationalized addresses and 912 message headers are discussed in more detail in the other documents 913 in this set. However, in particular, caution should be taken that 914 any "downgrading" mechanism, or use of downgraded addresses, does not 915 inappropriately assume authenticated bindings between the 916 internationalized and ASCII addresses. This potential problem can be 917 mitigated somewhat by enforcing the expectation that most or all such 918 transformations will be performed prior to final delivery by systems 919 that are presumed to be under the administrative control of the 920 sending user (as opposed to being performed in transit by entities 921 that are not under the administrative control of the sending user). 923 The new UTF-8 header and message formats might also raise, or 924 aggravate, another known issue. If the model creates new forms of an 925 'invalid' or 'malformed' message, then a new email attack is created: 926 in an effort to be robust, some or most agents will accept such 927 message and interpret them as if they were well-formed. If a filter 928 interprets such a message differently than the MUA used by the 929 recipient, then it may be possible to create a message that appears 930 acceptable under the filter's interpretation but that should be 931 rejected under the interpretation given to it by that MUA. Such 932 attacks already exist for existing messages and encoding layers, 933 e.g., invalid MIME syntax, invalid HTML markup, and invalid coding of 934 particular image types. 936 In addition, email addresses are used in many contexts other than 937 sending mail, such as for identifiers under various circumstances 938 (see Section 11.2). Each of those contexts will need to be 939 evaluated, in turn, to determine whether the use of non-ASCII forms 940 is appropriate and what particular issues they raise. 942 This work will clearly affect any systems or mechanisms that are 943 dependent on digital signatures or similar integrity protection for 944 email message headers (see also the discussion in Section 11.3). 945 Many conventional uses of PGP and S/MIME are not affected since they 946 are used to sign body parts but not message headers. On the other 947 hand, the developing work on domain keys identified mail (DKIM) 948 [RFC5863] will eventually need to consider this work and vice versa: 949 while this specification does not address or solve the issues raised 950 by DKIM and other signed header mechanisms, the issues will have to 951 be coordinated and resolved eventually if the two sets of protocols 952 are to co-exist. In addition, to the degree to which email addresses 953 appear in PKI (Public Key Infrastructure) certificates [RFC5280], 954 standards addressing such certificates will need to be upgraded to 955 address these internationalized addresses. Those upgrades will need 956 to address questions of spoofing by look-alikes of the addresses 957 themselves. 959 15. Acknowledgments 961 This document is an update to, and derived from, RFC 4952. This 962 document would have been impossible without the work and 963 contributions acknowledged in it. The present document benefited 964 significantly from discussions in the EAI WG and elsewhere after RFC 965 4952 was published, especially discussions about the experimental 966 versions of other documents in the internationalized email 967 collection, and from RFC errata on RFC 4952 itself. 969 Special thanks are due to Ernie Dainow for careful reviews and 970 suggested text in this version and to several IESG members for a 971 careful review and specific suggestions. 973 16. References 975 16.1. Normative References 977 [ASCII] American National Standards Institute 978 (formerly United States of America 979 Standards Institute), "USA Code for 980 Information Interchange", ANSI X3.4-1968, 981 1968. 983 ANSI X3.4-1968 has been replaced by newer 984 versions with slight modifications, but the 985 1968 version remains definitive for the 986 Internet. 988 [RFC2119] Bradner, S., "Key words for use in RFCs to 989 Indicate Requirement Levels", BCP 14, 990 RFC 2119, March 1997. 992 [RFC3629] Yergeau, F., "UTF-8, a transformation 993 format of ISO 10646", STD 63, RFC 3629, 994 November 2003. 996 [RFC5321] Klensin, J., "Simple Mail Transfer 997 Protocol", RFC 5321, October 2008. 999 [RFC5322] Resnick, P., Ed., "Internet Message 1000 Format", RFC 5322, October 2008. 1002 [RFC5335bis-Hdrs] Yang, A., Steele, S., and N. Freed, 1003 "Internationalized Email Headers", 1004 September 2011, . 1008 [RFC5336bis-SMTP] Yao, J. and W. Mao, "SMTP Extension for 1009 Internationalized Email Address", 1010 August 2011, . 1013 [RFC5337bis-DSN] Hansen, T., Newman, C., and A. Melnikov, 1014 "Internationalized Delivery Status and 1015 Disposition Notifications", October 2011, < 1016 https://datatracker.ietf.org/doc/ 1017 draft-ietf-eai-rfc5337bis-dsn/>. 1019 [RFC5890] Klensin, J., "Internationalized Domain 1020 Names for Applications (IDNA): Definitions 1021 and Document Framework", RFC 5890, 1022 August 2010. 1024 [RFC6152] Klensin, J., Freed, N., Rose, M., and D. 1025 Crocker, "SMTP Service Extension for 8-bit 1026 MIME Transport", STD 71, RFC 6152, 1027 March 2011. 1029 16.2. Informative References 1031 [POPIMAP-downgrade] Fujiwara, K., "Post-delivery Message 1032 Downgrading for Internationalized Email 1033 Messages", Work in Progress, July 2011, . 1037 [RFC0821] Postel, J., "Simple Mail Transfer 1038 Protocol", STD 10, RFC 821, August 1982. 1040 [RFC1123] Braden, R., "Requirements for Internet 1041 Hosts - Application and Support", STD 3, 1042 RFC 1123, October 1989. 1044 [RFC1939] Myers, J. and M. Rose, "Post Office 1045 Protocol - Version 3", STD 53, RFC 1939, 1046 May 1996. 1048 [RFC2045] Freed, N. and N. Borenstein, "Multipurpose 1049 Internet Mail Extensions (MIME) Part One: 1050 Format of Internet Message Bodies", 1051 RFC 2045, November 1996. 1053 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose 1054 Internet Mail Extensions (MIME) Part Two: 1055 Media Types", RFC 2046, November 1996. 1057 [RFC2047] Moore, K., "MIME (Multipurpose Internet 1058 Mail Extensions) Part Three: Message Header 1059 Extensions for Non-ASCII Text", RFC 2047, 1060 November 1996. 1062 [RFC2231] Freed, N. and K. Moore, "MIME Parameter 1063 Value and Encoded Word Extensions: Characte 1064 r Sets, Languages, and Continuations", 1065 RFC 2231, November 1997. 1067 [RFC2821] Klensin, J., "Simple Mail Transfer 1068 Protocol", RFC 2821, April 2001. 1070 [RFC3156] Elkins, M., Del Torto, D., Levien, R., and 1071 T. Roessler, "MIME Security with OpenPGP", 1072 RFC 3156, August 2001. 1074 [RFC3461] Moore, K., "Simple Mail Transfer Protocol 1075 (SMTP) Service Extension for Delivery 1076 Status Notifications (DSNs)", RFC 3461, 1077 January 2003. 1079 [RFC3464] Moore, K. and G. Vaudreuil, "An Extensible 1080 Message Format for Delivery Status 1081 Notifications", RFC 3464, January 2003. 1083 [RFC3492] Costello, A., "Punycode: A Bootstring 1084 encoding of Unicode for Internationalized 1085 Domain Names in Applications (IDNA)", 1086 RFC 3492, March 2003. 1088 [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS 1089 PROTOCOL - VERSION 4rev1", RFC 3501, 1090 March 2003. 1092 [RFC3987] Duerst, M. and M. Suignard, 1093 "Internationalized Resource Identifiers 1094 (IRIs)", RFC 3987, January 2005. 1096 [RFC4155] Hall, E., "The application/mbox Media 1097 Type", RFC 4155, September 2005. 1099 [RFC4409] Gellens, R. and J. Klensin, "Message 1100 Submission for Mail", RFC 4409, April 2006. 1102 [RFC4690] Klensin, J., Faltstrom, P., Karp, C., and 1103 IAB, "Review and Recommendations for 1104 Internationalized Domain Names (IDNs)", 1105 RFC 4690, September 2006. 1107 [RFC4952] Klensin, J. and Y. Ko, "Overview and 1108 Framework for Internationalized Email", 1109 RFC 4952, July 2007. 1111 [RFC5198] Klensin, J. and M. Padlipsky, "Unicode 1112 Format for Network Interchange", RFC 5198, 1113 March 2008. 1115 [RFC5228] Guenther, P. and T. Showalter, "Sieve: An 1116 Email Filtering Language", RFC 5228, 1117 January 2008. 1119 [RFC5280] Cooper, D., Santesson, S., Farrell, S., 1120 Boeyen, S., Housley, R., and W. Polk, 1121 "Internet X.509 Public Key Infrastructure 1122 Certificate and Certificate Revocation List 1123 (CRL) Profile", RFC 5280, May 2008. 1125 [RFC5335] Abel, Y., "Internationalized Email 1126 Headers", RFC 5335, September 2008. 1128 [RFC5336] Yao, J. and W. Mao, "SMTP Extension for 1129 Internationalized Email Addresses", 1130 RFC 5336, September 2008. 1132 [RFC5337] Newman, C. and A. Melnikov, 1133 "Internationalized Delivery Status and 1134 Disposition Notifications", RFC 5337, 1135 September 2008. 1137 [RFC5504] Fujiwara, K. and Y. Yoneya, "Downgrading 1138 Mechanism for Email Address 1139 Internationalization", RFC 5504, 1140 March 2009. 1142 [RFC5721] Gellens, R. and C. Newman, "POP3 Support 1143 for UTF-8", RFC 5721, February 2010. 1145 [RFC5721bis-POP3] Gellens, R., Yao, J., and K. Fujiwara, 1146 "POP3 Support for UTF-8", Work in Progress, 1147 July 2011, . 1150 [RFC5738] Resnick, P. and C. Newman, "IMAP Support 1151 for UTF-8", RFC 5738, March 2010. 1153 [RFC5738bis-IMAP] Resnick, P., Newman, C., and S. Shen, "IMAP 1154 Support for UTF-8", Work in Progress, 1155 July 2011, . 1158 [RFC5751] Ramsdell, B. and S. Turner, "Secure/ 1159 Multipurpose Internet Mail Extensions 1160 (S/MIME) Version 3.2 Message 1161 Specification", RFC 5751, January 2010. 1163 [RFC5825] Fujiwara, K. and B. Leiba, "Displaying 1164 Downgraded Messages for Email Address 1165 Internationalization", RFC 5825, 1166 April 2010. 1168 [RFC5863] Hansen, T., Siegel, E., Hallam-Baker, P., 1169 and D. Crocker, "DomainKeys Identified Mail 1170 (DKIM) Development, Deployment, and 1171 Operations", RFC 5863, May 2010. 1173 [RFC5891] Klensin, J., "Internationalized Domain 1174 Names in Applications (IDNA): Protocol", 1175 RFC 5891, August 2010. 1177 [RFC5892] Faltstrom, P., "The Unicode Code Points and 1178 Internationalized Domain Names for 1179 Applications (IDNA)", RFC 5892, 1180 August 2010. 1182 [RFC5893] Alvestrand, H. and C. Karp, "Right-to-Left 1183 Scripts for Internationalized Domain Names 1184 for Applications (IDNA)", RFC 5893, 1185 August 2010. 1187 [RFC5894] Klensin, J., "Internationalized Domain 1188 Names for Applications (IDNA): Background, 1189 Explanation, and Rationale", RFC 5894, 1190 August 2010. 1192 [RFC5983] Gellens, R., "Mailing Lists and 1193 Internationalized Email Addresses", 1194 RFC 5983, October 2010. 1196 [RFC5983bis-MailingList] "Mailing Lists and Internationalized Email 1197 Addresses", Unwritten waiting for I-D, 1198 2011. 1200 [RFC6055] Thaler, D., Klensin, J., and S. Cheshire, 1201 "IAB Thoughts on Encodings for 1202 Internationalized Domain Names", RFC 6055, 1203 February 2011. 1205 [RFC6068] Duerst, M., Masinter, L., and J. Zawinski, 1206 "The 'mailto' URI Scheme", RFC 6068, 1207 October 2010. 1209 [Unicode] The Unicode Consortium. The Unicode 1210 Standard, Version 5.2.0, defined by:, "The 1211 Unicode Standard, Version 5.2.0", (Mountain 1212 View, CA: The Unicode Consortium, 1213 2009. ISBN 978-1-936213-00-9)., . 1216 [Unicode-UAX15] The Unicode Consortium, "Unicode Standard 1217 Annex #15: Unicode Normalization Forms", 1218 March 2008, 1219 . 1221 Appendix A. Change Log 1223 [[RFC Editor: Please remove this section prior to publication.]] 1225 A.1. Changes between -00 and -01 1227 o Because there has been no feedback on the mailing list, updated 1228 the various questions to refer to this version as well. 1230 o Reflected RFC Editor erratum #1507 by correcting terminology for 1231 headers and header fields and distinguishing between "message 1232 headers" and different sorts of headers (e.g., the MIME ones). 1234 A.2. Changes between -01 and -02 1236 Note that section numbers in the list that follows may refer to -01 1237 and not -02. 1239 o Discussion of RFC 5825 ("downgraded display") has been removed per 1240 the earlier note and on-list discussion. Any needed discussion 1241 about reconstructed messages will need to appear in the IMAP and 1242 POP documents. However, the introductory material has been 1243 reworded to permit keeping 5504 and 5825 on the list there, 1244 without which the back chain would not be complete. For 1245 consistency with this change, 5504 and 5825 have been added to the 1246 "Obsoletes" list (as far as I know, an Informational spec can 1247 obsolete or update Experimental ones, so no downref problem here 1248 --JcK). 1250 o Reference to alternate addresses dropped from (former) Section 1251 7.1. 1253 o Reference to RFC 5504 added to (former) Section 8 for 1254 completeness. 1256 o Ernie's draft comments added (with some minor edits) to replace 1257 the placeholder in (former) Section 9 ("Downgrading in Transit"). 1258 It is intended to capture at least an introduction the earlier 1259 discussions of algorithmic downgrading generally and ACE/Punycode 1260 transformations in particular. Anyone who is unhappy with it 1261 should say so and propose alternate text. RSN. 1263 o In the interest of clarity and consistency with the terminology in 1264 Section 4.1, all uses of "final delivery SMTP server" and "final 1265 delivery server" have been changed to "final delivery MTA". 1267 o Placeholder at the end of Section 2 has been removed and the text 1268 revised to promise less. The "Document Plan" (Section 5) has been 1269 revised accordingly. We need to discuss this at IETF 78 if not 1270 sooner. 1272 o Sections 5 and 6 have been collapsed into one -- there wasn't 1273 enough left in the former Section 5 to justify a separate section. 1275 o Former Section 11.1 has been dropped and the DSN document moved up 1276 into the "Document Plan" as suggested earlier. 1278 o Section 12, "Experimental Targets", has been removed. 1280 o Updated references for the new version EAI documents and added 1281 placeholders for all of the known remaining drafts that will 1282 become part of the core EAI series but that have not been written. 1284 o Inserted an additional clarification about the relationship of 1285 these extensions to non-ASCII messages. 1287 o Changed some normative/informative reference classifications based 1288 on review of the new text. 1290 o Removed references to the pre-EAI documents that were cited for 1291 historical context in 4952. 1293 o Got rid of a remaining pointer to address downgrading in the 1294 discussion of an updated MAILTO URI. 1296 o Minor additional editorial cleanups and tuning. 1298 A.3. Changes between -02 and -03 1300 o Inserted paragraph clarifying the status of the UTF8SMTPbis 1301 keyword as a result of discussion prior to and during IETF 79. 1303 o Adjusted some references including adding an explicit citation of 1304 RFC 821. 1306 o Removed the discussion of the experimental work from an inline 1307 aside to a separate section, Section 6. 1309 o Rewrote the discussion of configuration errors in MX setups to 1310 make it clear that they are an issue with forward-pointing 1311 addresses only and improved the discussion of backward-pointing 1312 addresses. 1314 o Removed some now-obsolete placeholder notes and resolved the 1315 remaining one to a dangling reference. 1317 A.4. Changes between -03 and -04 1319 o Several minor editorial changes. 1321 o Added a discussion of the relationship to the base email, MIME, 1322 and IDNA specifications. 1324 A.5. Changes between -04 and -05 1326 o Several more minor editorial changes. 1328 A.6. Changes between -05 and -06 1330 o Corrections to more precisely reflect RFC 2119 language 1331 requirements and closely-related issues.. 1333 A.7. Changes between -06 and -07 1335 o Added a new section (now Section 12) to explicitly discuss the 1336 changes from the previous version. 1338 o Removed the discussion of LMTP from Section 11; it is more 1339 appropriately placed in the SMTP Extension document (5336bis). 1341 A.8. Changes between -07 and -08 (after IETF Last Call) 1343 o Modified Section 7.2 to make the last paragraph less tentative and 1344 more clear. 1346 o Modified Section 8.1 to add an introductory paragraph that 1347 clarifies what the IETF does and does not specify about email 1348 protocols. 1350 A.9. Changes between -08 and -09 1352 This version incorporates responses to a last set of public comments 1353 and changes made in response to IESG discussion and comments as part 1354 of the balloting process. 1356 o Many small editorial changes made at IESG request. 1358 o Several other small editorial corrections, removal of uncited 1359 reference to LMTP, added a few citations for clarity. 1361 A.10. Changes between -09 and -10 1363 This version contains additional small editorial changes resulting 1364 from IESG comments and review of -09 changes. Some more significant 1365 clarifications appear in Section 10.1 1367 A.11. Changes between -10 and -11 1369 While -10 was approved for publication by the IESG (after IETF Last 1370 Call) in September 2010, the document then went into a reference hold 1371 in the RFC Editor queue. Issued identified during and after Last 1372 Call for the other three core EAI documents (5335bis, 5336bis, and 1373 5337bis) required reopening this document and making some minor 1374 additional changes. 1376 o Reworded the descriptions of the POP, IMAP, and mailing list 1377 documents and moved them to Informative. Notes in the XML of 1378 earier versions of this draft indicate that they were listed as 1379 Normative merely as a temporary convenience. Examination and 1380 reclassification of them apparently slipped through the cracks. 1382 o Reclassified the document to standards track to eliminate 1383 normative reference problems from other EAI documents. 1385 o References, other than the two Unicode ones, have been updated for 1386 the convenience of reviewers and the RFC Editor. A note has been 1387 inserted into the XML requesting that the RFC Editor update the 1388 Unicode references to be current at the time of publication. 1390 o Explicitly notes status of documents obsoleted by this one and 1391 moves them to Historic. 1393 o Updated author contact information. 1395 Authors' Addresses 1397 John C KLENSIN 1398 1770 Massachusetts Ave, #322 1399 Cambridge, MA 02140 1400 USA 1402 Phone: +1 617 491 5735 1403 EMail: john-ietf@jck.com 1405 YangWoo KO 1406 112-202 Malgeunachim APT. Nae-dong 1407 Seo-gu, Daejeon 302-981 1408 Republic of Korea 1410 EMail: yangwooko@gmail.com