Email Address Internationalization K. Fujiwara, Ed.
(EAI) Y. YONEYA, Ed.
Internet-Draft JPRS
Intended status: Experimental March 2, 2009
Expires: September 3, 2009
Downgrading mechanism for Email Address Internationalization
draft-ietf-eai-downgrade-12.txt
Status of this Memo
This Internet-Draft is submitted to IETF in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 3, 2009.
Copyright Notice
Copyright (c) 2009 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract
Traditional mail systems handle only ASCII characters in SMTP
envelope and mail header fields. The Email Address
Fujiwara & YONEYA Expires September 3, 2009 [Page 1]
Internet-Draft UTF8SMTP Downgrade March 2009
Internationalization (UTF8SMTP) extension allows UTF-8 characters in
SMTP envelope and mail header fields. To avoid rejecting
internationalized Email messages when a server in the delivery path
does not support the UTF8SMTP extension, some sort of converting
mechanism is required. This document describes a downgrading
mechanism for Email Address Internationalization. Note that this is
a way to downgrade, not tunnel. There is no associated up-conversion
mechanism, although internationalized email clients might use
original internationalized addresses or other data when displaying or
replying to downgraded messages.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 5
3. New header fields definition . . . . . . . . . . . . . . . . . 5
3.1. Envelope information preservation header fields . . . . . 6
3.2. Address header field preservation header fields . . . . . 6
3.3. Unknown header fields preservation header fields . . . . 7
4. SMTP Downgrading . . . . . . . . . . . . . . . . . . . . . . . 8
4.1. Path element downgrading . . . . . . . . . . . . . . . . 8
4.2. ORCPT downgrading . . . . . . . . . . . . . . . . . . . . 9
5. Email header fields downgrading . . . . . . . . . . . . . . . 9
5.1. Downgrading method for each ABNF element . . . . . . . . 9
5.1.1. RECEIVED downgrading . . . . . . . . . . . . . . . . . 9
5.1.2. UNSTRUCTURED downgrading . . . . . . . . . . . . . . . 9
5.1.3. WORD downgrading . . . . . . . . . . . . . . . . . . . 10
5.1.4. COMMENT downgrading . . . . . . . . . . . . . . . . . 10
5.1.5. MIME-VALUE downgrading . . . . . . . . . . . . . . . . 10
5.1.6. DISPLAY-NAME downgrading . . . . . . . . . . . . . . . 10
5.1.7. MAILBOX downgrading . . . . . . . . . . . . . . . . . 10
5.1.8. ENCAPSULATION downgrading . . . . . . . . . . . . . . 11
5.1.9. TYPED-ADDRESS downgrading . . . . . . . . . . . . . . 11
5.2. Downgrading method for each header field . . . . . . . . 11
5.2.1. Address header fields which contain
s . . . . 11
5.2.2. Address header fields with typed addresses . . . . . . 12
5.2.3. Downgrading Non-ASCII in comments . . . . . . . . . . 12
5.2.4. Received header field . . . . . . . . . . . . . . . . 12
5.2.5. MIME Content header fields . . . . . . . . . . . . . . 12
5.2.6. Non-ASCII in . . . . . . . . . . . . . 13
5.2.7. Non-ASCII in . . . . . . . . . . . . . . . . 13
5.2.8. Other header fields . . . . . . . . . . . . . . . . . 13
6. MIME body part header fields downgrading . . . . . . . . . . . 13
7. Security considerations . . . . . . . . . . . . . . . . . . . 14
8. Implementation notes . . . . . . . . . . . . . . . . . . . . . 15
8.1. RFC 2047 encoding . . . . . . . . . . . . . . . . . . . . 15
8.2. Trivial downgrading . . . . . . . . . . . . . . . . . . . 16
Fujiwara & YONEYA Expires September 3, 2009 [Page 2]
Internet-Draft UTF8SMTP Downgrade March 2009
8.3. 7bit transport consideration . . . . . . . . . . . . . . 16
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17
10. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 19
11. Change History . . . . . . . . . . . . . . . . . . . . . . . . 19
11.1. draft-yoneya-ima-downgrade: Version 00 . . . . . . . . . 19
11.2. draft-yoneya-ima-downgrade: Version 01 . . . . . . . . . 19
11.3. draft-ietf-eai-downgrade: Version 00 . . . . . . . . . . 20
11.4. draft-ietf-eai-downgrade: Version 01 . . . . . . . . . . 20
11.5. draft-ietf-eai-downgrade: Version 02 . . . . . . . . . . 20
11.6. draft-ietf-eai-downgrade: Version 03 . . . . . . . . . . 20
11.7. draft-ietf-eai-downgrade: Version 04 . . . . . . . . . . 20
11.8. draft-ietf-eai-downgrade: Version 05 . . . . . . . . . . 20
11.9. draft-ietf-eai-downgrade: Version 06 . . . . . . . . . . 21
11.10. draft-ietf-eai-downgrade: Version 07 . . . . . . . . . . 21
11.11. draft-ietf-eai-downgrade: Version 08 . . . . . . . . . . 21
11.12. draft-ietf-eai-downgrade: Version 09 . . . . . . . . . . 21
11.13. draft-ietf-eai-downgrade: Version 10 . . . . . . . . . . 21
11.14. draft-ietf-eai-downgrade: Version 11 . . . . . . . . . . 21
11.15. draft-ietf-eai-downgrade: Version 12 . . . . . . . . . . 21
12. References . . . . . . . . . . . . . . . . . . . . . . . . . . 22
12.1. Normative References . . . . . . . . . . . . . . . . . . 22
12.2. Informative References . . . . . . . . . . . . . . . . . 23
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 23
A.1. Downgrading example 1 . . . . . . . . . . . . . . . . . . 23
A.2. Downgrading example 2 . . . . . . . . . . . . . . . . . . 26
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 28
Fujiwara & YONEYA Expires September 3, 2009 [Page 3]
Internet-Draft UTF8SMTP Downgrade March 2009
1. Introduction
Traditional mail systems which are defined by [RFC5321] and [RFC5322]
allow ASCII characters in SMTP envelope and mail header field values.
The UTF8SMTP extension [RFC4952], [RFC5335] and [RFC5336] allows
UTF-8 characters in SMTP envelope and mail header field values.
If an envelope address or header field contains non-ASCII characters,
the message cannot be delivered unless every system in the delivery
path supports UTF8SMTP. This document describes a downgrading
mechanism to avoid rejection of such messages when a server which
does not support the UTF8SMTP extension is encountered. Downgrading
mechanism converts envelope and header fields to an all-ASCII
representation.
[RFC5335] allows UTF-8 characters to be used in mail header fields
and MIME header fields. The downgrading mechanism specified here
converts mail header fields and MIME header fields to ASCII.
This document does not change any protocols except by defining new
header fields. It describes the conversion method from the
internationalized email envelopes/messages which are defined in
[RFC4952] [RFC5335] [RFC5336] to the traditional email envelopes/
messages which are defined in [RFC5321] [RFC5322].
[RFC5336] section 2.2 defines when downgrading occurs. If the SMTP
client has an UTF8SMTP envelope or an internationalized message and
the SMTP server doesn't support the UTF8SMTP SMTP extension, then the
SMTP client MUST NOT send a UTF8SMTP envelope or an internationalized
message to the SMTP server. The section shows 4 choices. The fourth
choice is downgrading, as described here.
Downgrading may be implemented in MUAs, MSAs, MTAs which act as the
SMTP client, or in MDAs, POP servers, IMAP servers which store or
offer UTF8SMTP envelopes or internationalized messages to non-
UTF8SMTP compliant systems which include message stores.
This document tries to define the downgrading process clearly and it
preserves the original information as much as possible.
Downgrading in UTF8SMTP consists of the following four parts:
o New header fields definition
o SMTP downgrading
o Email header fields downgrading
o MIME header fields downgrading
In Section 3, many header fields starting with "Downgraded-" are
Fujiwara & YONEYA Expires September 3, 2009 [Page 4]
Internet-Draft UTF8SMTP Downgrade March 2009
introduced. They preserve the original envelope information and the
original header fields.
The SMTP downgrading is described in Section 4. It generates ASCII
only envelope information from an UTF8SMTP envelope.
The Email header fields downgrading is described in Section 5. It
generates ASCII only header fields.
The MIME header fields are expanded in [RFC5335]. The MIME header
fields downgrading is described in Section 6. It generates ASCII
only MIME header fields.
Displaying downgraded messages which originally contain
internationalized E-mail addresses or internationalized header fields
is described in an another document
([I-D.ietf-eai-downgraded-display]).
2. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
All specialized terms used in this specification are defined in the
EAI overview [RFC4952] or in [RFC5321][RFC5322], MIME documents
[RFC2045] [RFC2047] [RFC2183] [RFC2231]. The terms "ASCII address",
"internationalized email address", "non-ASCII address", "i18mail
address", "UTF8SMTP", "message" and "mailing list" are used with the
definitions from [RFC4952] document.
This document depends on [RFC5335], [RFC5336], and [RFC5337]. Key
words used in these document are used in this document, too.
The term "non-ASCII" is an UTF-8 string which contains at least one
non-ASCII character.
An "UTF8SMTP envelope" has Email originator/recipient addresses
expanded by [RFC5336] and [RFC5337].
An "UTF8SMTP message" is Email messages expanded by [RFC5335].
3. New header fields definition
New header fields starting with "Downgraded-" are defined here to
preserve those original envelope and header field values which
Fujiwara & YONEYA Expires September 3, 2009 [Page 5]
Internet-Draft UTF8SMTP Downgrade March 2009
contain UTF-8 characters. During downgrading, one new "Downgraded-"
header field is added for each original envelope or header field
which cannot be passed as-is to a server which does not support
UTF8SMTP. The original envelope or header field is removed or
rewritten. Only those envelope and header fields which contain non-
ASCII characters are affected. The result of this process is a
message which is compliant with existing email specifications
[RFC5321] and [RFC5322]. The original internationalized information
can be retrieved by examining the "Downgraded-" header fields which
were added.
3.1. Envelope information preservation header fields
SMTP envelope downgraded information
consists of the original non-ASCII address and the downgraded all-
ASCII address.
downgraded-envelope-addr = [FWS] "<" [ A-d-l ":" ] uMailbox
FWS "<" Mailbox ">" ">" [CFWS]
is defined in [RFC5336]; and are defined
in [RFC5321], section 4.1.2.
Two header fields "Downgraded-Mail-From:" and "Downgraded-Rcpt-To:"
are defined to preserve SMTP envelope downgraded information. The
header field syntax is specified as follows:
fields =/ downgradedmailfrom / downgradedrcptto
downgradedmailfrom = "Downgraded-Mail-From:" unstructured CRLF
downgradedrcptto = "Downgraded-Rcpt-To:" unstructured CRLF
The unstructured content is downgraded-envelope-addr treated as if it
were unstructured with [RFC2047] encoding (and charset UTF-8) as
needed.
3.2. Address header field preservation header fields
The address header fields preservation header fields are defined to
preserve the original header field. Their value field holds the
original header field value. The header field syntax is specified as
follows:
Fujiwara & YONEYA Expires September 3, 2009 [Page 6]
Internet-Draft UTF8SMTP Downgrade March 2009
fields =/ known-downgraded-headers ":" unstructured CRLF
known-downgraded-headers = "Downgraded-" original-headers
original-headers = "From" / "Sender" /
"To" / "Cc" / "Bcc" /
"Reply-To" /
"Resent-From" / "Resent-Sender" /
"Resent-To" / "Resent-Cc" / "Resent-Bcc" /
"Resent-Reply-To" /
"Return-Path" /
"Disposition-Notification-To"
Preserving a header field in a downgraded header field is defined as:
1. Generate new downgraded header field whose value is the original
header field value.
2. Treat the generated header field content as if it were
unstructured, and then apply [RFC2047] encoding with charset
UTF-8 as necessary so the result is ASCII.
3.3. Unknown header fields preservation header fields
The unknown header fields preservation header fields are defined to
encapsulate those original header fields which contain non-ASCII
characters and are not otherwise provided for in the this
specification. The encapsulation header field name is the
concatenation of "Downgraded-" and the original name. The value
field holds the original header field value.
The header field syntax is specified as follows:
fields =/ unknown-downgraded-headers ":" unstructured CRLF
unknown-downgraded-headers = "Downgraded-" original-header-field-name
original-header-field-name = field-name
field-name = 1*ftext
ftext = %d33-57 / ; Any character except
%d59-126 ; controls, SP, and
; ":".
Encapsulating a header field in a "Downgraded-" header field is
defined as:
1. Generate new "Downgraded-" header field whose value is the
original header field value.
Fujiwara & YONEYA Expires September 3, 2009 [Page 7]
Internet-Draft UTF8SMTP Downgrade March 2009
2. Treat the generated header field content as if it were
unstructured, and then apply [RFC2047] encoding with charset
UTF-8 as necessary so the result is ASCII.
3. Remove the original header field.
4. SMTP Downgrading
Target of downgrading elements in SMTP envelope are below:
o of MAIL FROM command
o of RCPT TO command
o ORCPT parameter of RCPT TO command
4.1. Path element downgrading
Downgrading the of MAIL FROM and RCPT TO commands uses ALT-
ADDRESS parameter defined in [RFC5336]. A SMTP command is
downgradable if the contains non-ASCII address and the command
has an ALT-ADDRESS parameter which specifies an ASCII address. Since
only non-ASCII addresses are downgradable, specifying an ALT-ADDRESS
value for an all-ASCII address is invalid for use with this
specification, and no interpretation is assigned to it. This
restriction allows for future extension of the specification even
though no such extensions are currently anticipated.
Note that even if no downgrading is performed on the envelope,
message header fields and message body MIME header fields that
contain non-ASCII characters MUST be downgraded. This is described
in Section 5 and Section 6.
When downgrading, replace each which contains non-ASCII mail
address with its specified alternative ASCII address and preserve the
original information using "Downgraded-Mail-From" and "Downgraded-
Rcpt-To" header fields as defined in Section 3. Before replacing,
decode the ALT-ADDRESS parameter value because it is encoded as xtext
[RFC3461].
To avoid disclosing recipient addresses, the downgrading process MUST
NOT add "Downgraded-Rcpt-To:" header field if the SMTP downgrading
targets multiple recipients. See Section 7 for more detail.
As a result of the recipient address downgrading, the domain part of
the recipient address prior to downgrading might be different from
the domain part of the new recipient address. If the result of
address resolution for the domain part of the new recipient address
contains the server at the connection destination of the SMTP session
for the recipient address prior to downgrading, the SMTP connection
Fujiwara & YONEYA Expires September 3, 2009 [Page 8]
Internet-Draft UTF8SMTP Downgrade March 2009
is valid for the new recipient address. Otherwise, the downgrading
process MUST NOT send the downgraded message to the new recipient
address via the connection and MUST try to send the downgraded
message to the new recipient address.
4.2. ORCPT downgrading
The "RCPT TO" command can have an ORCPT parameter if the DSN
extension [RFC3461] is supported. If the ORCPT parameter contains an
"utf-8" type address and the address contains raw non-ASCII
characters, the address MUST be converted to utf-8-addr-xtext form.
Those forms are described in [RFC5337] and clarified by successor
documents such as [I-D.ietf-eai-dsnbis].
Before converting to utf-8-addr-xtext form, remove xtext encoding.
5. Email header fields downgrading
This section defines the conversion method to ASCII for each header
field which may contain non-ASCII characters.
[RFC5335] expands Received: header fields, [RFC5322] ABNF elements
, , , , [RFC2045] ABNF element
.
5.1. Downgrading method for each ABNF element
Header field downgrading is defined below for each ABNF element.
Downgrading an unknown header field is also defined as ENCAPSULATION
downgrading. Converting the header field terminates when no non-
ASCII characters remain in the header field.
5.1.1. RECEIVED downgrading
If the header field name is "Received:" and the FOR clause contains a
non-ASCII addresses, remove the FOR clause from the header field.
Other parts (not counting s) should not contain non-ASCII
values.
5.1.2. UNSTRUCTURED downgrading
If the header field has an field which contains non-
ASCII characters, apply [RFC2047] encoding with charset UTF-8.
Fujiwara & YONEYA Expires September 3, 2009 [Page 9]
Internet-Draft UTF8SMTP Downgrade March 2009
5.1.3. WORD downgrading
If the header field has any fields which contains non-ASCII
characters, apply [RFC2047] encoding with charset UTF-8.
5.1.4. COMMENT downgrading
If the header field has any fields which contains non-ASCII
characters, apply [RFC2047] encoding with charset UTF-8.
5.1.5. MIME-VALUE downgrading
If the header field has any elements defined by [RFC2045] and
the elements contain non-ASCII characters, encode the
elements by [RFC2231] with charset UTF-8 and the Language information
empty. If the element is and it contains
outside the DQUOTE, remove the before this conversion.
5.1.6. DISPLAY-NAME downgrading
If the header field has any ( and )
elements and they have elements which contain non-
ASCII characters, encode the elements according to
[RFC2047] with charset UTF-8. DISPLAY-NAME downgrading is the same
algorithm as WORD downgrading.
5.1.7. MAILBOX downgrading
The elements have no equivalent format for non-ASCII
addresses. If the header field has any elements which
contain non-ASCII characters, preserve the header field in each
Address header field preservation header field defined in
Section 3.2, and rewrite each element to ASCII only format.
The element which contains non-ASCII characters is one of
three formats.
o [ Display-name ] "<" Utf8-addr-spec 1*FCS "<" Addr-spec ">>"
Rewrite it as
[ Display-name ] "<" Addr-spec ">"
o [ Display-name ] "<" Utf8-addr-spec ">"
o Utf8-addr-spec
Rewrite both as
[ Display-name ] "Internationalized Address " Encoded-word
" Removed:;"
Fujiwara & YONEYA Expires September 3, 2009 [Page 10]
Internet-Draft UTF8SMTP Downgrade March 2009
where the is the original encoded
according to [RFC2047].
5.1.8. ENCAPSULATION downgrading
if the header field contains non-ASCII characters and for which no
rule is given above, encapsulate it in a Downgraded header field
described in Section 3.3 as a last resort.
Applying this procedure to "Received" header field is prohibited.
5.1.9. TYPED-ADDRESS downgrading
If the header field contains and the contains raw non-ASCII characters, it is utf-8-address form and
convert it to utf-8-addr-xtext form as described in Section 4.2.
COMMENT downgrading is also performed in this case. If the address
type is unrecognized and the header field contains non-ASCII
characters, then fall back to using ENCAPSULATION downgrading on the
entire header field.
5.2. Downgrading method for each header field
Header fields are listed in [RFC4021]. This section describes the
downgrading method for each header field.
If the whole mail header field does not contain non-ASCII characters,
email header field downgrading is not required. Each header field's
downgrading method is described below.
5.2.1. Address header fields which contain s
From:
Sender:
To:
Cc:
Bcc:
Reply-To:
Resent-From:
Resent-Sender:
Resent-To:
Resent-Cc:
Resent-Bcc:
Resent-Reply-To:
Fujiwara & YONEYA Expires September 3, 2009 [Page 11]
Internet-Draft UTF8SMTP Downgrade March 2009
Return-Path:
Disposition-Notification-To:
If the header field contains elements which contains non-
ASCII addresses, preserve the header field in a downgraded header
field before the conversion. Then perform COMMENT downgrading,
DISPLAY-NAME downgrading and MAILBOX downgrading.
5.2.2. Address header fields with typed addresses
Original-Recipient:
Final-Recipient:
If the header field contains non-ASCII characters, perform TYPED-
ADDRESS downgrading.
5.2.3. Downgrading Non-ASCII in comments
Date:
Message-ID:
Resent-Message-ID:
In-Reply-To:
References:
Resent-Date:
Resent-Message-ID:
MIME-Version:
Content-ID:
Content-Transfer-Encoding:
Content-Language:
Accept-Language:
Auto-Submitted:
These header fields do not contain non-ASCII characters except in
comments. If the header field contains UTF-8 characters in comments,
perform COMMENT downgrading.
5.2.4. Received header field
Received:
perform COMMENT downgrading and RECEIVED downgrading.
5.2.5. MIME Content header fields
Fujiwara & YONEYA Expires September 3, 2009 [Page 12]
Internet-Draft UTF8SMTP Downgrade March 2009
Content-Type:
Content-Disposition:
Perform MIME-VALUE downgrading and COMMENT downgrading.
5.2.6. Non-ASCII in
Subject:
Comments:
Content-Description:
Perform UNSTRUCTURED downgrading.
5.2.7. Non-ASCII in
Keywords:
Perform WORD downgrading.
5.2.8. Other header fields
All other header fields which contains non-ASCII characters are user-
defined, missing from this draft or future defined header fields.
Perform ENCAPSULATION downgrading.
If the software understands the header field's structure and a
downgrading algorithm other than ENCAPSULATION is applicable, that
software SHOULD use that algorithm; ENCAPSULATION downgrading is used
as a last resort.
Mailing list header fields (those that start in "List-") are part of
this category.
6. MIME body part header fields downgrading
MIME body part header fields may contain non-ASCII characters
[RFC5335]. This section defines the conversion method to ASCII only
header fields for each MIME header field which contains non-ASCII
characters. Parse the message body's MIME structure for all levels
and check each MIME header field whether it contains non-ASCII
characters. If the header field contains non-ASCII characters in the
header field value, the header field is a target of the MIME body
part header fields downgrading. Each MIME header field's downgrading
method is described below. COMMENT downgrading, MIME-VALUE
downgrading, UNSTRUCTURED downgrading are described in Section 5.
Fujiwara & YONEYA Expires September 3, 2009 [Page 13]
Internet-Draft UTF8SMTP Downgrade March 2009
Content-ID:
The Content-ID: header field does not contain non-ASCII characters
except in comments. If the header field contains UTF-8 characters
in comments, perform COMMENT downgrading.
Content-Type:
Content-Disposition:
Perform MIME-VALUE downgrading and COMMENT downgrading.
Content-Description:
Perform UNSTRUCTURED downgrading.
7. Security considerations
A Downgraded message's header fields contain ASCII characters only.
But they still contain MIME encapsulated header fields which contains
non-ASCII UTF-8 characters. Furthermore, the body part may contain
UTF-8 characters. Implementations parsing Internet messages need to
accept UTF-8 body parts and UTF-8 header fields which are MIME
encoded. Thus it inherits the security considerations of MIME
encoded header fields [RFC2047] and [RFC3629].
Rewriting header fields increases the opportunities for undetected
spoofing by the malicious senders. However rewritten header fields
are preserved into Downgraded-* header fields and parsing
Downgraded-* header fields enables detecting spoofing caused by
downgrading.
Addresses that do not appear in the message header fields may appear
in the RCPT commands to an SMTP server for a number of reasons.
Copying information from the Envelope into header fields risks
inadvertent information disclosure (see [RFC5321] and Section 4).
Mitigating inadvertent information disclosure is discussed in same
place.
The techniques described here invalidates methods that depend on
digital signatures over the envelope or any part of the message which
includes the top-level header fields or body part header fields.
Depending on the specific message being downgraded, DKIM especially,
but also possibly S/MIME, PGP, and similar techniques are all likely
to break. The two obvious mitigations are to stick to 7-bit
transport when using these techniques (as most/all of them presently
require), or make sure you have UTF8SMTP end-to-end when needed.
Many gateways and servers on the Internet will discard header fields
with which they are not familiar. To the extent to which the
Fujiwara & YONEYA Expires September 3, 2009 [Page 14]
Internet-Draft UTF8SMTP Downgrade March 2009
downgrade procedures depend on new header fields (e.g.,
"Downgraded-") to avoid information loss, the risk of having those
header fields dropped and its implications must be identified. In
particular, if the Downgraded header fields are dropped, there is no
possibility of reconstructing the original information at any point
(before, during, or after delivery). Such gateways violate [RFC2979]
and can be upgraded to correct the problem.
Even though the information is not lost, the original message cannot
be perfectly reconstructed because some downgrading methods remove
information (see Section 5.1.1 and Section 5.1.5). Hence,
downgrading is a one-way process.
While information in any email header field should usually treated
with some suspicion, current email systems commonly employ various
mechanisms and protocols to make the information more trustworthy.
Currently, information in the new Downgraded-* header fields is
usually not inspected by these mechanisms, and may be even less
trustworthy than the traditional header fields. Note that the
Downgraded-* header fields could have been inserted with malicious
intent. (and with content unrelated to the traditional header
fields).
If an internationalized MUA would simply try to "upgrade" the message
for display purposes (that is, display the information in the
Downgraded-* header fields instead of the traditional header fields),
the effectiveness of the deployed mechanisms and protocols is likely
to be reduced, and the user may be exposed to additional risks. More
guidance on how to display downgraded messages will be given in
[I-D.ietf-eai-downgraded-display].
Concerns about the trustworthiness of the Downgraded-* header fields
are not limited to displaying and replying in MUAs, and should be
carefully considered before using them for other purposes as well.
See "Security considerations" section in [RFC4952] for more
discussion.
8. Implementation notes
8.1. RFC 2047 encoding
While [RFC2047] has a specific algorithm to deal with whitespace in
adjacent encoded-words, there are a number of deployed
implementations that fail to implement the algorithm correctly. As a
result, whitespace behavior is somewhat unpredictable in practice
when multiple encoded words are used. While RFC 5322 states that
Fujiwara & YONEYA Expires September 3, 2009 [Page 15]
Internet-Draft UTF8SMTP Downgrade March 2009
implementations SHOULD limit lines to not more than 78 characters,
implementations MAY choose to allow overlong encoded words in order
to work around faulty [RFC2047] implementations. Implementations
that choose to do so SHOULD have an optional mechanism to limit line
length to 78 characters.
8.2. Trivial downgrading
Downgrading is an alternative to avoid the rejection of messages
which require UTF8SMTP support by a server which does not provide
this. Implementing the full specification of this document is
desirable, but a partial implementation is also possible.
If a partial downgrading implementation confronts an unsupported
downgrading target, the implementation MUST NOT send the message to a
server which does not support UTF8SMTP. Instead, it MUST reject the
message or generate a notification of non-deliverability.
A partial downgrading, Trivial downgrading is discussed. It does not
support non-ASCII addresses in SMTP envelope and address header
fields, unknown header fields downgrading, the MIME body part header
fields downgrading. It supports
o some simple header fields downgrading: Subject
o comments and display name downgrading: From, To, Cc
o trace header field downgrading: Received
Otherwise, the downgrading fails.
Trivial downgrading targets mail messages which are generated by
UTF8SMTP aware MUAs and contain non-ASCII characters in comments,
display names, unstructured parts without using non-ASCII E-mail
addresses. This mail message does not contain non-ASCII E-mail
addresses in the SMTP Envelope and its header fields. But it is not
deliverable via a UTF8SMTP un-aware SMTP server. Implementing full
specification downgrading may be hard, but trivial downgrading saves
mail messages without using non-ASCII addresses.
8.3. 7bit transport consideration
The SMTP client may encounter a SMTP server which does not support
the 8BITMIME SMTP extension [RFC1652]. The server does not support
"8bit" or "binary" data. Implementers need to consider converting
"8bit" data to "base64" or "quoted-printable" encoded form and adjust
the "Content-Transfer-Encoding" header field accordingly. If the
body contains multiple MIME parts, this conversion MUST be performed
for each MIME part.
Fujiwara & YONEYA Expires September 3, 2009 [Page 16]
Internet-Draft UTF8SMTP Downgrade March 2009
9. IANA Considerations
IANA is requested to register the following header fields in the
Permanent Message Header Field Repository, in accordance with the
procedures set out in [RFC3864].
Header field name: Downgraded-Mail-From
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Rcpt-To
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-From
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Sender
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-To
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Cc
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Bcc
Applicable protocol: mail
Fujiwara & YONEYA Expires September 3, 2009 [Page 17]
Internet-Draft UTF8SMTP Downgrade March 2009
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Reply-To
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Resent-From
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Resent-Sender
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Resent-To
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Resent-Cc
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Resent-Bcc
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Resent-Reply-To
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Fujiwara & YONEYA Expires September 3, 2009 [Page 18]
Internet-Draft UTF8SMTP Downgrade March 2009
Specification document(s): This document (Section 3)
Header field name: Downgraded-Return-Path
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Header field name: Downgraded-Disposition-Notification-To
Applicable protocol: mail
Status: experimental
Author/change controller: IETF
Specification document(s): This document (Section 3)
Furthermore, IANA is requested to refuse registration of all the
field names that start with "Downgraded-" for unknown header fields
downgrading described in Section 3.3 to avoid conflicts with existing
IETF activity (Email Address Internationalization).
10. Acknowledgements
Significant comments and suggestions were received from John Klensin,
Harald Alvestrand, Chris Newman, Randall Gellens, Charles Lindsey,
Marcos Sanz, Alexey Melnikov, Frank Ellermann, Edward Lewis, S.
Moonesamy and JET members.
11. Change History
This section is used for tracking the update of this document. Will
be removed after finalize.
11.1. draft-yoneya-ima-downgrade: Version 00
o Initial version
o Followed draft-yeh-ima-utf8headers-00 and draft-yao-smtpext-00
11.2. draft-yoneya-ima-downgrade: Version 01
o Document structure was changed
o Followed draft-yeh-ima-utf8headers-01 and draft-yao-smtpext-02
o Downgrading requirements were added
o SMTP DATA encapsulation method was proposed
o Downgrading examples was provided
Fujiwara & YONEYA Expires September 3, 2009 [Page 19]
Internet-Draft UTF8SMTP Downgrade March 2009
11.3. draft-ietf-eai-downgrade: Version 00
o Followed draft-yeh-ima-utf8headers-01 and
draft-ietf-eai-smtpext-00
o No header field downgrading method was proposed
o Header encapsulation method was proposed
11.4. draft-ietf-eai-downgrade: Version 01
o Followed draft-ietf-eai-utf8headers-00
o Header conversion and encapsulation method was merged
o Header conversion method was defined in detail
11.5. draft-ietf-eai-downgrade: Version 02
o Followed draft-ietf-eai-utf8headers-01 and
draft-ietf-eai-smtpext-01
o Specification about algorithmic generated address is removed
o No header field downgrading method was removed
o SMTP DATA encapsulation method was removed
11.6. draft-ietf-eai-downgrade: Version 03
o Followed draft-ietf-eai-utf8headers-03 and
draft-ietf-eai-smtpext-03
o Downgraded: and Envelope-Downgraded: headers definition was added
o Mail header fields downgrading method was refined
o Examples in Appendix A were refined
11.7. draft-ietf-eai-downgrade: Version 04
o Followed draft-ietf-eai-utf8headers-06, draft-ietf-eai-smtpext-07
and draft-ietf-eai-dsn-02
o Downgrading requirements and conditions were moved to
Introduction.
o Descriptions about upgrading were removed.
o SPF and DKIM discussion were removed.
o Added many header fields downgrading.
o Allow address literal rewriting without alternate ASCII address in
header fields.
o Added MIME body part headers downgrading.
o Added ORCPT downgrading.
11.8. draft-ietf-eai-downgrade: Version 05
o fixed examples
Fujiwara & YONEYA Expires September 3, 2009 [Page 20]
Internet-Draft UTF8SMTP Downgrade March 2009
* ALT-ADDRESS parameter mistake
* RFC2047(x) notation was changed to encoded-word format
o Added implementation consideration section and trivial downgrading
o Downgraded: and Envelope-Downgraded: headers are separated for
each original headers.
o Removed list-* header fields downgrading
o Changed the way of writing the header field downgrading section
11.9. draft-ietf-eai-downgrade: Version 06
o Moved decoding downgraded messages as a separate document
o Added a text to UNSTRUCTURED downgrading
o Added "replacing SMTP connection" if necessary to SMTP
downgrading.
o fixed examples
11.10. draft-ietf-eai-downgrade: Version 07
o Fixed some typos
o Added a text about 7bit transport
11.11. draft-ietf-eai-downgrade: Version 08
o Comments from the working group last call (wording)
11.12. draft-ietf-eai-downgrade: Version 09
o References
11.13. draft-ietf-eai-downgrade: Version 10
o Comments from AD Review
11.14. draft-ietf-eai-downgrade: Version 11
o IETF Last call: Comments from Gen-ART and IANA
o Added new downgraded header field definitions for Resent-Reply-To,
Recent-Bcc and Disposition-Notification-To
o Separated "Email header fields downgrading" section into
subsections
o Updated ORCPT and TYPED-ADDRESS downgrading
11.15. draft-ietf-eai-downgrade: Version 12
o Comments from IESG
o rewrite all 'header' to 'header field'.
Fujiwara & YONEYA Expires September 3, 2009 [Page 21]
Internet-Draft UTF8SMTP Downgrade March 2009
12. References
12.1. Normative References
[RFC1652] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extension for 8bit-MIMEtransport",
RFC 1652, July 1994.
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2183] Troost, R., Dorner, S., and K. Moore, "Communicating
Presentation Information in Internet Messages: The
Content-Disposition Header Field", RFC 2183, August 1997.
[RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and Encoded
Word Extensions:
Character Sets, Languages, and Continuations", RFC 2231,
November 1997.
[RFC2979] Freed, N., "Behavior of and Requirements for Internet
Firewalls", RFC 2979, October 2000.
[RFC3461] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service
Extension for Delivery Status Notifications (DSNs)",
RFC 3461, January 2003.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864,
September 2004.
[RFC4021] Klyne, G. and J. Palme, "Registration of Mail and MIME
Header Fields", RFC 4021, March 2005.
[RFC4952] Klensin, J. and Y. Ko, "Overview and Framework for
Internationalized Email", RFC 4952, July 2007.
Fujiwara & YONEYA Expires September 3, 2009 [Page 22]
Internet-Draft UTF8SMTP Downgrade March 2009
[RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
October 2008.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
October 2008.
[RFC5335] Abel, Y., "Internationalized Email Headers", RFC 5335,
September 2008.
[RFC5336] Yao, J. and W. Mao, "SMTP Extension for Internationalized
Email Addresses", RFC 5336, September 2008.
[RFC5337] Newman, C. and A. Melnikov, "Internationalized Delivery
Status and Disposition Notifications", RFC 5337,
September 2008.
12.2. Informative References
[I-D.ietf-eai-downgraded-display]
Fujiwara, K., "Displaying Downgraded Messages for Email
Address Internationalization",
draft-ietf-eai-downgraded-display-00 (work in progress),
October 2008.
[I-D.ietf-eai-dsnbis]
Newman, C. and A. Melnikov, "Internationalized Delivery
Status and Disposition Notifications",
draft-ietf-eai-dsnbis-00 (work in progress),
December 2008.
Appendix A. Examples
A.1. Downgrading example 1
This section shows an SMTP Downgrading example. Consider a mail
message where:
o The sender address is "NON-ASCII-local@example.com" which is a
non-ASCII address. Its ASCII alternative is
"ASCII-local@example.com" and its display-name is "DISPLAY-local".
o The "To:" address is "NON-ASCII-remote1@example.net" which is a
non-ASCII address. Its ASCII alternative is
"ASCII-remote1@example.net" and its display-name is "DISPLAY-
remote1".
o The "Cc:" address is a non-ASCII address
"NON-ASCII-remote2@example.org" without alternative ASCII address.
Its display-name is "DISPLAY-remote2".
Fujiwara & YONEYA Expires September 3, 2009 [Page 23]
Internet-Draft UTF8SMTP Downgrade March 2009
o Three display-names contain non-ASCII characters.
o The Subject header field is "NON-ASCII-SUBJECT" which contains
non-ASCII characters.
o Assuming the "To:" recipient's MTA (example.net) does not support
UTF8SMTP.
o assuming the "Cc:" recipient's MTA (example.org) supports
UTF8SMTP.
The example SMTP envelope/message is shown in Figure 1. In this
example, the "To:" recipient's session is the focus.
MAIL FROM:
ALT-ADDRESS=ASCII-local@example.com
RCPT TO:
ALT-ADDRESS=ASCII-remote1@example.net
RCPT TO:
-------------------------------------------------------------
Message-Id: MESSAGE_ID
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: NON-ASCII-SUBJECT
From: DISPLAY-local >
To: DISPLAY-remote1 >
Cc: DISPLAY-remote2
Date: DATE
MAIL_BODY
Figure 1: Original envelope/message (example 1)
In this example, there are two SMTP recipients, one is "To:", the
other is "Cc:". The SMTP downgrading treats To: session downgrading.
Figure 2 shows SMTP downgraded example.
Fujiwara & YONEYA Expires September 3, 2009 [Page 24]
Internet-Draft UTF8SMTP Downgrade March 2009
MAIL FROM:
RCPT TO:
-------------------------------------------------------------
Downgraded-Mail-From: =?UTF-8?Q?>?=
Downgraded-Rcpt-To: =?UTF-8?Q?>?=
Message-Id: MESSAGE_ID
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: NON-ASCII-SUBJECT
From: DISPLAY-local >
To: DISPLAY-remote1 >
Cc: DISPLAY-remote2
Date: DATE
MAIL_BODY
Figure 2: SMTP Downgraded envelope/message (example 1)
After SMTP downgrading, header fields downgrading is performed.
Final downgraded message is shown in Figure 3. Return-Path header
field will be added by the final destination MTA.
Fujiwara & YONEYA Expires September 3, 2009 [Page 25]
Internet-Draft UTF8SMTP Downgrade March 2009
Return-Path:
Downgraded-Mail-From: =?UTF-8?Q?>?=
Downgraded-Rcpt-To: =?UTF-8?Q?>?=
Message-Id: MESSAGE_ID
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: =?UTF-8?Q?NON-ASCII-SUBJECT?=
From: =?UTF-8?Q?DISPLAY-local?=
Downgraded-From: =?UTF-8?Q?DISPLAY-local_>?=
To: =?UTF-8?Q?DISPLAY-remote1?=
Downgraded-To: =?UTF-8?Q?DISPLAY-remote1_?=
=?UTF-8?Q?>?=
Cc: =?UTF-8?Q?DISPLAY-remote2?= Internationalized address
=?UTF-8?Q?NON-ASCII-remote2@example.org?= removed:;
Downgraded-Cc: =?UTF-8?Q?DISPLAY-remote2_?=
=?UTF-8?Q??=
Date: DATE
MAIL_BODY
Figure 3: Downgraded message (example 1)
A.2. Downgrading example 2
In many cases, the sender wants to use non-ASCII address and the
recipient is a traditional mail user. The SMTP server handing mail
for the recipient and/or the recipient's MUA does not support
UTF8SMTP extension. Consider a mail message where:
o The sender address is "NON-ASCII-local@example.com" which is a
non-ASCII address. Its ASCII alternative is
"ASCII-local@example.com". It has a display-name "DISPLAY-local"
which contains non-ASCII characters.
o The "To:" address is "ASCII-remote1@example.net" which is ASCII
only. It has a display-name "DISPLAY-remote1" which contains non-
ASCII characters.
o The "Subject:" header field is "NON-ASCII-SUBJECT" which contains
non-ASCII characters.
The second example envelope/message is shown in Figure 4.
Fujiwara & YONEYA Expires September 3, 2009 [Page 26]
Internet-Draft UTF8SMTP Downgrade March 2009
MAIL From:
ALT-ADDRESS=ASCII-local@example.com
RCPT TO:
-------------------------------------------------------------
Message-Id: MESSAGE_ID
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: NON-ASCII-SUBJECT
From: DISPLAY-local >
To: DISPLAY-remote1
Date: DATE
MAIL_BODY
Figure 4: Original message (example 2)
In this example, SMTP session is downgradable. Figure 5 shows SMTP
downgraded envelope/message.
MAIL From:
RCPT TO:
-------------------------------------------------------------
Downgraded-Mail-From: =?UTF-8?Q?>?=
Message-Id: MESSAGE_ID
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: NON-ASCII-SUBJECT
From: DISPLAY-local >
To: DISPLAY-remote1
Date: DATE
MAIL_BODY
Figure 5: SMTP Downgraded envelope/message (example 2)
After SMTP downgrading, header fields downgrading is performed. The
downgraded example is shown in Figure 6.
Fujiwara & YONEYA Expires September 3, 2009 [Page 27]
Internet-Draft UTF8SMTP Downgrade March 2009
Return-Path:
Downgraded-Mail-From: =?UTF-8?Q?>?=
Message-Id: MESSAGE_ID
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: =?UTF-8?Q?NON-ASCII-SUBJECT?=
Downgraded-From: =?UTF-8?Q?DISPLAY-local_>?=
From: =?UTF-8?Q?DISPLAY-local?=
To: =?UTF-8?Q?DISPLAY-remote1?=
Date: DATE
MAIL_BODY
Figure 6: Downgraded message (example 2)
Authors' Addresses
Kazunori Fujiwara (editor)
Japan Registry Services Co., Ltd.
Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
Chiyoda-ku, Tokyo 101-0065
Japan
Phone: +81 3 5215 8451
Email: fujiwara@jprs.co.jp
Yoshiro YONEYA (editor)
Japan Registry Services Co., Ltd.
Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
Chiyoda-ku, Tokyo 101-0065
Japan
Phone: +81 3 5215 8451
Email: yone@jprs.co.jp
Fujiwara & YONEYA Expires September 3, 2009 [Page 28]