Individual submission M. Kucherawy Internet-Draft August 26, 2014 Updates: 7001 (if approved) Intended status: Standards Track Expires: February 27, 2015 A Property Types Registry for the Authentication-Results Header Field draft-ietf-appsawg-authres-ptypes-registry-02 Abstract [RFC7001] describes a header field called Authentication-Results for use with electronic mail messages to indicate the results of message authentication efforts. Any receiver-side software, mainly Mail Transfer Agents (MTAs) or mail filters, can add or use this header field to relay that information in a convenient and meaningful way to later-stage systems, such as for sorting and filtering decisions. One portion of the definition in that document limits the types of authentication properties about a message to a small, fixed set. This document updates the specification, making it extensible to allow new property types to be declared and used. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at http://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on February 27, 2015. Copyright Notice Copyright (c) 2014 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents Kucherawy Expires February 27, 2015 [Page 1] Internet-Draft Authentication-Results Property Types August 2014 (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1. Key Words . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2. Email Architecture . . . . . . . . . . . . . . . . . . . . 3 3. Updated 'ptype' Definition . . . . . . . . . . . . . . . . . . 3 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 4 5. Security Considerations . . . . . . . . . . . . . . . . . . . . 4 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 5 6.1. Normative References . . . . . . . . . . . . . . . . . . . 5 6.2. Informative References . . . . . . . . . . . . . . . . . . 5 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . . 5 Kucherawy Expires February 27, 2015 [Page 2] Internet-Draft Authentication-Results Property Types August 2014 1. Introduction [RFC7001] defines the email Authentication-Results header field that presents the results of an authentication effort in a machine- readable format. The header field creates a place to collect the output from authentication processes that are disjoint from later processes that might use the output, such as analysis, filtering or sorting mechanisms. The specification in that document enumerated a small set of types of properties that can be reported using this mechanism. There has emerged a desire to report types of properties about a message through this mechanism. Accordingly, this document updates the specification to allow for additional property types ("ptypes") beyond the original set, and creates a registry where new ones can be listed and their defining documents referenced. 2. Definitions 2.1. Key Words The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 2.2. Email Architecture Many of the definitions and acronyms regarding general email architecture can be found in [RFC5598]. 3. Updated 'ptype' Definition Advanced Backus Naur Form (ABNF) is defined in [RFC5234]. The ABNF in Section 2.2 of [RFC7001] is updated as follows: ptype = Keyword ; indicates whether the property being evaluated was ; a parameter to an [SMTP] command, was a value taken ; from a message header field, was some property of ; the message body, or was some other property evaluated by ; the receiving MTA The ABNF token "Keyword" is defined in Section 4.1.2 of [RFC5321]. Legal values of "ptype" are as defined in the IANA "Email Authentication Property Types" registry (see Section 4). The initial Kucherawy Expires February 27, 2015 [Page 3] Internet-Draft Authentication-Results Property Types August 2014 values are as follows, matching those defined in [RFC7001]: body: Indicates information that was extracted from the body of the message. This might be an arbitrary string of bytes, a hash of a string of bytes, a Uniform Resource Identifier, or some other content of interest. header: Indicates information that was extracted from the header of the message. This might be the value of a header field or some portion of a header field. policy: As defined in Section 2.3 of [RFC7001]. smtp: Indicates information that was extracted from an SMTP command that was used to relay the message. A consumer of this header field encountering a "ptype" it does not understand MUST ignore the result it is reporting. 4. IANA Considerations IANA is requested to create the Email Authentication Property Types registry. Entries in this registry are subject to the Expert Review rules as described in [RFC5226]. Each entry in the registry requires the following values: o The "ptype" token to be registered, which must fit within the ABNF described in Section 3. o A brief description of what sort of information this "ptype" is meant to cover. o A reference to the defining document, if any. The initial entries in this table are enumerated in Section 3. This document should be listed as their defining document values. For new entries, the Designated Expert needs to assure that the description provided for the new entry adequately describes the intended use. An example would be helpful to include, although entries in the Email Authentication Methods registry or the Email Authentication Result Names registry might also serve as examples of intended use. 5. Security Considerations A consumer of this header field might be confused by a result bearing a "ptype" it does not understand. The advice is to ignore such a Kucherawy Expires February 27, 2015 [Page 4] Internet-Draft Authentication-Results Property Types August 2014 result since its semantics are unknown to such a consumer. It is unknown how legacy code, which expects one of a fixed set of "ptype" tokens, will handle new tokens as they begin to appear. This might result in undesirable deliveries for consumers that have been implemented to "fail open". 6. References 6.1. Normative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [RFC5226] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA Considerations Section in RFCs", BCP 26, RFC 5226, May 2008. [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, January 2008. [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, October 2008. [RFC7001] Kucherawy, M., "Message Header Field for Indicating Message Authentication Status", RFC 7001, September 2013. 6.2. Informative References [RFC5598] Crocker, D., "Internet Mail Architecture", RFC 5598, July 2009. Appendix A. Acknowledgements The author wishes to acknowledge the following for their review and constructive criticism of this update: Dave Crocker, Tim Draegen, Scott Kitterman, Franck Martin. Author's Address Murray S. Kucherawy 270 Upland Drive San Francisco, CA 94127 US EMail: superuser@gmail.com Kucherawy Expires February 27, 2015 [Page 5]