idnits 2.17.1 draft-ietf-eai-frmwrk-4952bis-07.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- == The 'Obsoletes: ' line in the draft header should list only the _numbers_ of the RFCs which will be obsoleted by this document (if approved); it should not include the word 'RFC' in the list. -- The draft header indicates that this document obsoletes RFC5504, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document obsoletes RFC5825, but the abstract doesn't seem to mention this, which it should. -- The draft header indicates that this document obsoletes RFC4952, but the abstract doesn't seem to directly say this. It does mention RFC4952 though, so this could be OK. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (August 31, 2010) is 4987 days in the past. Is this intentional? Checking references for intended status: Informational ---------------------------------------------------------------------------- == Unused Reference: 'RFC2033' is defined on line 1038, but no explicit reference was found in the text ** Obsolete normative reference: RFC 1652 (Obsoleted by RFC 6152) ** Obsolete normative reference: RFC 5336 (Obsoleted by RFC 6531) ** Obsolete normative reference: RFC 5337 (Obsoleted by RFC 6533) ** Obsolete normative reference: RFC 5721 (Obsoleted by RFC 6856) ** Obsolete normative reference: RFC 5738 (Obsoleted by RFC 6855) -- Obsolete informational reference (is this intentional?): RFC 821 (Obsoleted by RFC 2821) -- Obsolete informational reference (is this intentional?): RFC 2368 (Obsoleted by RFC 6068) -- Obsolete informational reference (is this intentional?): RFC 2821 (Obsoleted by RFC 5321) -- Obsolete informational reference (is this intentional?): RFC 3501 (Obsoleted by RFC 9051) -- Obsolete informational reference (is this intentional?): RFC 3851 (Obsoleted by RFC 5751) -- Obsolete informational reference (is this intentional?): RFC 4409 (Obsoleted by RFC 6409) -- Obsolete informational reference (is this intentional?): RFC 4952 (Obsoleted by RFC 6530) -- Obsolete informational reference (is this intentional?): RFC 5335 (Obsoleted by RFC 6532) -- Duplicate reference: RFC5336, mentioned in 'RFC5336', was also mentioned in 'RFC5336bis-SMTP'. -- Obsolete informational reference (is this intentional?): RFC 5336 (Obsoleted by RFC 6531) -- Duplicate reference: RFC5337, mentioned in 'RFC5337', was also mentioned in 'RFC5337bis-DSN'. -- Obsolete informational reference (is this intentional?): RFC 5337 (Obsoleted by RFC 6533) -- Obsolete informational reference (is this intentional?): RFC 5504 (Obsoleted by RFC 6530) -- Duplicate reference: RFC5721, mentioned in 'RFC5721', was also mentioned in 'RFC5721bis-POP3'. -- Obsolete informational reference (is this intentional?): RFC 5721 (Obsoleted by RFC 6856) -- Duplicate reference: RFC5738, mentioned in 'RFC5738', was also mentioned in 'RFC5738bis-IMAP'. -- Obsolete informational reference (is this intentional?): RFC 5738 (Obsoleted by RFC 6855) -- Obsolete informational reference (is this intentional?): RFC 5825 (Obsoleted by RFC 6530) Summary: 5 errors (**), 0 flaws (~~), 4 warnings (==), 22 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Email Address Internationalization J. Klensin 3 (EAI) 4 Internet-Draft Y. Ko 5 Obsoletes: RFCs 4952, 5504, 5825 ICU 6 (if approved) August 31, 2010 7 Intended status: Informational 8 Expires: March 4, 2011 10 Overview and Framework for Internationalized Email 11 draft-ietf-eai-frmwrk-4952bis-07 13 Abstract 15 Full use of electronic mail throughout the world requires that 16 (subject to other constraints) people be able to use close variations 17 on their own names (written correctly in their own languages and 18 scripts) as mailbox names in email addresses. This document 19 introduces a series of specifications that define mechanisms and 20 protocol extensions needed to fully support internationalized email 21 addresses. These changes include an SMTP extension and extension of 22 email header syntax to accommodate UTF-8 data. The document set also 23 includes discussion of key assumptions and issues in deploying fully 24 internationalized email. This document is an update of RFC 4952; it 25 reflects additional issues identified since that document was 26 published. 28 Status of This Memo 30 This Internet-Draft is submitted in full conformance with the 31 provisions of BCP 78 and BCP 79. 33 Internet-Drafts are working documents of the Internet Engineering 34 Task Force (IETF). Note that other groups may also distribute 35 working documents as Internet-Drafts. The list of current Internet- 36 Drafts is at http://datatracker.ietf.org/drafts/current/. 38 Internet-Drafts are draft documents valid for a maximum of six months 39 and may be updated, replaced, or obsoleted by other documents at any 40 time. It is inappropriate to use Internet-Drafts as reference 41 material or to cite them other than as "work in progress." 43 This Internet-Draft will expire on March 4, 2011. 45 Copyright Notice 47 Copyright (c) 2010 IETF Trust and the persons identified as the 48 document authors. All rights reserved. 50 This document is subject to BCP 78 and the IETF Trust's Legal 51 Provisions Relating to IETF Documents 52 (http://trustee.ietf.org/license-info) in effect on the date of 53 publication of this document. Please review these documents 54 carefully, as they describe your rights and restrictions with respect 55 to this document. Code Components extracted from this document must 56 include Simplified BSD License text as described in Section 4.e of 57 the Trust Legal Provisions and are provided without warranty as 58 described in the Simplified BSD License. 60 This document may contain material from IETF Documents or IETF 61 Contributions published or made publicly available before November 62 10, 2008. The person(s) controlling the copyright in some of this 63 material may not have granted the IETF Trust the right to allow 64 modifications of such material outside the IETF Standards Process. 65 Without obtaining an adequate license from the person(s) controlling 66 the copyright in such materials, this document may not be modified 67 outside the IETF Standards Process, and derivative works of it may 68 not be created outside the IETF Standards Process, except to format 69 it for publication as an RFC or to translate it into languages other 70 than English. 72 Table of Contents 74 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 75 2. Role of This Specification . . . . . . . . . . . . . . . . . . 4 76 3. Problem Statement . . . . . . . . . . . . . . . . . . . . . . 5 77 4. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 6 78 4.1. Mail User and Mail Transfer Agents . . . . . . . . . . . . 6 79 4.2. Address Character Sets . . . . . . . . . . . . . . . . . . 7 80 4.3. User Types . . . . . . . . . . . . . . . . . . . . . . . . 7 81 4.4. Messages . . . . . . . . . . . . . . . . . . . . . . . . . 8 82 4.5. Mailing Lists . . . . . . . . . . . . . . . . . . . . . . 8 83 4.6. Conventional Message and Internationalized Message . . . . 8 84 4.7. Undeliverable Messages, Notification, and Delivery 85 Receipts . . . . . . . . . . . . . . . . . . . . . . . . . 8 86 5. Overview of the Approach and Document Plan . . . . . . . . . . 9 87 6. Review of Experimental Results . . . . . . . . . . . . . . . . 9 88 7. Overview of Protocol Extensions and Changes . . . . . . . . . 10 89 7.1. SMTP Extension for Internationalized Email Address . . . . 10 90 7.2. Transmission of Email Header Fields in UTF-8 Encoding . . 11 91 7.3. SMTP Service Extension for DSNs . . . . . . . . . . . . . 12 92 8. Downgrading before and after SMTP Transactions . . . . . . . . 12 93 8.1. Downgrading before or during Message Submission . . . . . 13 94 8.2. Downgrading or Other Processing After Final SMTP 95 Delivery . . . . . . . . . . . . . . . . . . . . . . . . . 14 96 9. Downgrading in Transit . . . . . . . . . . . . . . . . . . . . 14 97 10. User Interface and Configuration Issues . . . . . . . . . . . 15 98 10.1. Choices of Mailbox Names and Unicode Normalization . . . . 15 99 11. Additional Issues . . . . . . . . . . . . . . . . . . . . . . 16 100 11.1. Impact on URIs and IRIs . . . . . . . . . . . . . . . . . 16 101 11.2. Use of Email Addresses as Identifiers . . . . . . . . . . 17 102 11.3. Encoded Words, Signed Messages, and Downgrading . . . . . 17 103 11.4. Other Uses of Local Parts . . . . . . . . . . . . . . . . 18 104 11.5. Non-Standard Encapsulation Formats . . . . . . . . . . . . 18 105 12. Key Changes From the Experimental Protocols and Framework . . 18 106 13. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 18 107 14. Security Considerations . . . . . . . . . . . . . . . . . . . 19 108 15. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 20 109 16. References . . . . . . . . . . . . . . . . . . . . . . . . . . 21 110 16.1. Normative References . . . . . . . . . . . . . . . . . . . 21 111 16.2. Informative References . . . . . . . . . . . . . . . . . . 22 112 Appendix A. Change Log . . . . . . . . . . . . . . . . . . . . . 26 113 A.1. Changes between -00 and -01 . . . . . . . . . . . . . . . 26 114 A.2. Changes between -01 and -02 . . . . . . . . . . . . . . . 26 115 A.3. Changes between -02 and -03 . . . . . . . . . . . . . . . 28 116 A.4. Changes between -03 and -04 . . . . . . . . . . . . . . . 28 117 A.5. Changes between -04 and -05 . . . . . . . . . . . . . . . 28 118 A.6. Changes between -05 and -06 . . . . . . . . . . . . . . . 28 119 A.7. Changes between -06 and -07 . . . . . . . . . . . . . . . 28 121 1. Introduction 123 Note in Draft and to RFC Editor: The keyword represented in this 124 document by "UTF8SMTPbis" (and in the XML source by &EAISMTPkeyword;) 125 is a placeholder. The actual keyword will be assigned when the 126 standards track SMTP extension in this series [RFC5336bis-SMTP] is 127 approved for publication and should be substituted here. This 128 paragraph should be treated as normative reference to that SMTP 129 extension draft, creating a reference hold until it is approved by 130 the IESG. The paragraph should be removed before RFC publication. 132 In order to use internationalized email addresses, we need to 133 internationalize both the domain part and the local part of email 134 addresses. The domain part of email addresses is already 135 internationalized [RFC5890], while the local part is not. Without 136 the extensions specified in this document, the mailbox name is 137 restricted to a subset of 7-bit ASCII [RFC5321]. Though MIME 138 [RFC2045] enables the transport of non-ASCII data, it does not 139 provide a mechanism for internationalized email addresses. In RFC 140 2047 [RFC2047], MIME defines an encoding mechanism for some specific 141 message header fields to accommodate non-ASCII data. However, it 142 does not permit the use of email addresses that include non-ASCII 143 characters. Without the extensions defined here, or some equivalent 144 set, the only way to incorporate non-ASCII characters in any part of 145 email addresses is to use RFC 2047 coding to embed them in what RFC 146 5322 [RFC5322] calls the "display name" (known as a "name phrase" or 147 by other terms elsewhere) of the relevant header fields. Information 148 coded into the display name is invisible in the message envelope and, 149 for many purposes, is not part of the address at all. 151 This document is an update of RFC 4952 [RFC4952]; it reflects 152 additional issues, shared terminology, and some architectural changes 153 identified since that document was published. 155 The pronouns "he" and "she" are used interchangeably to indicate a 156 human of indeterminate gender. 158 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 159 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 160 document are to be interpreted as described in BCP 14, RFC 2119 161 [RFC2119]. Although this document is Informational, those 162 requirements are consistent with requirements specified in the 163 Standards Track documents in this set as described in Section 5. 165 2. Role of This Specification 167 This document presents the overview and framework for an approach to 168 the next stage of email internationalization. This new stage 169 requires not only internationalization of addresses and header 170 fields, but also associated transport and delivery models. A prior 171 version of this specification, RFC 4952 [RFC4952], also provided an 172 introduction to a series of experimental protocols [RFC5335] 173 [RFC5336] [RFC5337] [RFC5504] [RFC5721] [RFC5738] [RFC5825]. This 174 revised form provides overview and conceptual information for the 175 standards-track successors of a subset of those protocols. Details 176 of the documents and the relationships among them appear in Section 5 177 and a discussion of what was learned from the Experimental protocols 178 and their implementations appears in Section 6. 180 Taken together, these specifications provide the details for a way to 181 implement and support internationalized email. The document itself 182 describes how the various elements of email internationalization fit 183 together and the relationships among the primary specifications 184 associated with message transport, header formats, and handling. 186 This document, and others that comprise the collection described 187 above, assume a reasonable familiarity with the basic Internet 188 electronic mail specifications and terminology [RFC5321][RFC5322] and 189 the MIME [RFC2045] and 8BITMIME [RFC1652] ones as well. While not 190 strictly required to implement this specification, a general 191 familiarity with the terminology and functions of IDNA 192 [RFC5890][RFC5891] [RFC5892][RFC5893] [RFC5894] are also assumed. 194 3. Problem Statement 196 Internationalizing Domain Names in Applications (IDNA) [RFC5890] 197 permits internationalized domain names, but deployment has not yet 198 reached most users. One of the reasons for this is that we do not 199 yet have fully internationalized naming schemes. Domain names are 200 just one of the various names and identifiers that are required to be 201 internationalized. In many contexts, until more of those identifiers 202 are internationalized, internationalized domain names alone have 203 little value. 205 Email addresses are prime examples of why it is not good enough to 206 just internationalize the domain name. As most observers have 207 learned from experience, users strongly prefer email addresses that 208 resemble names or initials to those involving seemingly meaningless 209 strings of letters or numbers. Unless the entire email address can 210 use familiar characters and formats, users will perceive email as 211 being culturally unfriendly. If the names and initials used in email 212 addresses can be expressed in the native languages and writing 213 systems of the users, the Internet will be perceived as more natural, 214 especially by those whose native language is not written in a subset 215 of a Roman-derived script. 217 Internationalization of email addresses is not merely a matter of 218 changing the SMTP envelope; or of modifying the From, To, and Cc 219 header fields; or of permitting upgraded Mail User Agents (MUAs) to 220 decode a special coding and respond by displaying local characters. 221 To be perceived as usable, the addresses must be internationalized 222 and handled consistently in all of the contexts in which they occur. 223 This requirement has far-reaching implications: collections of 224 patches and workarounds are not adequate. Even if they were 225 adequate, a workaround-based approach may result in an assortment of 226 implementations with different sets of patches and workarounds having 227 been applied with consequent user confusion about what is actually 228 usable and supported. Instead, we need to build a fully 229 internationalized email environment, focusing on permitting efficient 230 communication among those who share a language or other community. 231 That, in turn, implies changes to the mail header environment to 232 permit the full range of Unicode characters where that makes sense, 233 an SMTP Extension to permit UTF-8 [RFC3629] [RFC5198] mail addressing 234 and delivery of those extended header fields, support for 235 internationalization of delivery and service notifications [RFC3461] 236 [RFC3464], and (finally) a requirement for support of the 8BITMIME 237 SMTP Extension [RFC1652] so that all of these can be transported 238 through the mail system without having to overcome the limitation 239 that header fields do not have content-transfer-encodings. 241 4. Terminology 243 This document assumes a reasonable understanding of the protocols and 244 terminology of the core email standards as documented in [RFC5321] 245 and [RFC5322]. 247 4.1. Mail User and Mail Transfer Agents 249 Much of the description in this document depends on the abstractions 250 of "Mail Transfer Agent" ("MTA") and "Mail User Agent" ("MUA"). 251 However, it is important to understand that those terms and the 252 underlying concepts postdate the design of the Internet's email 253 architecture and the application of the "protocols on the wire" 254 principle to it. That email architecture, as it has evolved, and 255 that "on the wire" principle have prevented any strong and 256 standardized distinctions about how MTAs and MUAs interact on a given 257 origin or destination host (or even whether they are separate). 259 However, the term "final delivery MTA" is used in this document in a 260 fashion equivalent to the term "delivery system" or "final delivery 261 system" of RFC 5321. This is the SMTP server that controls the 262 format of the local parts of addresses and is permitted to inspect 263 and interpret them. It receives messages from the network for 264 delivery to mailboxes or for other local processing, including any 265 forwarding or aliasing that changes envelope addresses, rather than 266 relaying. From the perspective of the network, any local delivery 267 arrangements such as saving to a message store, handoff to specific 268 message delivery programs or agents, and mechanisms for retrieving 269 messages are all "behind" the final delivery MTA and hence are not 270 part of the SMTP transport or delivery process. 272 4.2. Address Character Sets 274 In this document, an address is "all-ASCII", or just an "ASCII 275 address", if every character in the address is in the ASCII character 276 repertoire [ASCII]; an address is "non-ASCII", or an "i18n-address", 277 if any character is not in the ASCII character repertoire. Such 278 addresses MAY be restricted in other ways, but those restrictions are 279 not relevant to this definition. The term "all-ASCII" is also 280 applied to other protocol elements when the distinction is important, 281 with "non-ASCII" or "internationalized" as its opposite. 283 The umbrella term to describe the email address internationalization 284 specified by this document and its companion documents is 285 "UTF8SMTPbis". 286 [[anchor3: Note in Draft: Keyword to be changed before publication.]] 287 For example, an address permitted by this specification is referred 288 to as a "UTF8SMTPbis (compliant) address". 290 Please note that, according to the definitions given here, the set of 291 all "all-ASCII" addresses and the set of all "non-ASCII" addresses 292 are mutually exclusive. The set of all addresses permitted when 293 UTF8SMTPbis appears is the union of these two sets. 295 4.3. User Types 297 An "ASCII user" (i) exclusively uses email addresses that contain 298 ASCII characters only, and (ii) cannot generate recipient addresses 299 that contain non-ASCII characters. 301 An "i18mail user" has one or more non-ASCII email addresses, or is 302 able to generate recipient addresses that contain non-ASCII 303 characters. Such a user may have ASCII addresses too; if the user 304 has more than one email account and a corresponding address, or more 305 than one alias for the same address, he or she has some method to 306 choose which address to use on outgoing email. Note that under this 307 definition, it is not possible to tell from an ASCII address if the 308 owner of that address is an i18mail user or not. (A non-ASCII 309 address implies a belief that the owner of that address is an i18mail 310 user.) There is no such thing as an "i18mail message"; the term 311 applies only to users and their agents and capabilities. In 312 particular, the use of non-ASCII message content is an integral part 313 of the MIME specifications [RFC2045] and does not require these 314 extensions (although it is compatible with them). 316 4.4. Messages 318 A "message" is sent from one user (sender) using a particular email 319 address to one or more other recipient email addresses (often 320 referred to just as "users" or "recipient users"). 322 4.5. Mailing Lists 324 A "mailing list" is a mechanism whereby a message may be distributed 325 to multiple recipients by sending it to one recipient address. An 326 agent (typically not a human being) at that single address then 327 causes the message to be redistributed to the target recipients. 328 This agent sets the envelope return address of the redistributed 329 message to a different address from that of the original single 330 recipient message. Using a different envelope return address 331 (reverse-path) causes error (and other automatically generated) 332 messages to go to an error handling address. 334 Special provisions for managing mailing lists that might contain non- 335 ASCII addresses are discussed in a document that is specific to that 336 topic [EAI-Mailinglist] [RFCNNNNbis-MailingList]. 338 4.6. Conventional Message and Internationalized Message 340 o A conventional message is one that does not use any extension 341 defined in the SMTP extension document [RFC5336] or in the 342 UTF8header specification [RFC5335], and is strictly conformant to 343 RFC 5322 [RFC5322]. 345 o An internationalized message is a message utilizing one or more of 346 the extensions defined in this set of specifications, so that it 347 is no longer conformant to the traditional specification of an 348 email message or its transport. 350 4.7. Undeliverable Messages, Notification, and Delivery Receipts 352 As specified in RFC 5321, a message that is undeliverable for some 353 reason is expected to result in notification to the sender. This can 354 occur in either of two ways. One, typically called "Rejection", 355 occurs when an SMTP server returns a reply code indicating a fatal 356 error (a "5yz" code) or persistently returns a temporary failure 357 error (a "4yz" code). The other involves accepting the message 358 during SMTP processing and then generating a message to the sender, 359 typically known as a "Non-delivery Notification" or "NDN". Current 360 practice often favors rejection over NDNs because of the reduced 361 likelihood that the generation of NDNs will be used as a spamming 362 technique. The latter, NDN, case is unavoidable if an intermediate 363 MTA accepts a message that is then rejected by the next-hop server. 365 A sender MAY also explicitly request message receipts [RFC3461] that 366 raise the same issues for these internationalization extensions as 367 NDNs. 369 5. Overview of the Approach and Document Plan 371 This set of specifications changes both SMTP and the character 372 encoding of email message headers to permit non-ASCII characters to 373 be represented directly. Each important component of the work is 374 described in a separate document. The document set, whose members 375 are described below, also contains informational documents whose 376 purpose is to provide implementation suggestions and guidance for the 377 protocols. 379 In addition to this document, the following documents make up this 380 specification and provide advice and context for it. 382 o SMTP extensions. This document [RFC5336bis-SMTP] provides an SMTP 383 extension (as provided for in RFC 5321) for internationalized 384 addresses. 386 o Email message headers in UTF-8. This document [RFC5335bis-Hdrs] 387 essentially updates RFC 5322 to permit some information in email 388 message headers to be expressed directly by Unicode characters 389 encoded in UTF-8 when the SMTP extension described above is used. 390 This document, possibly with one or more supplemental ones, will 391 also need to address the interactions with MIME, including 392 relationships between UTF8SMTPbis and internal MIME headers and 393 content types. 395 o Extensions to delivery status and notification handling to adapt 396 to internationalized addresses [RFC5337bis-DSN]. 398 o Extensions to the IMAP protocol to support internationalized 399 message headers [RFC5738bis-IMAP]. 401 o Parallel extensions to the POP protocol [RFC5721] 402 [RFC5721bis-POP3]. 404 6. Review of Experimental Results 406 The key difference between this set of protocols and the experimental 407 set that preceded them [RFC5335] [RFC5336] [RFC5337] [RFC5504] 408 [RFC5721] [RFC5738] [RFC5825] is that the earlier group provided a 409 mechanism for in-transit downgrading of messages (described in detail 410 in RFC 5504). That mechanism permitted, and essentially required, 411 that each non-ASCII address be accompanied by an all-ASCII 412 equivalent. That, in turn, raised security concerns associated with 413 pairing of addresses that could not be authenticated. It also 414 introduced the first incompatible change to Internet mail addressing 415 in many years, raising concerns about interoperability issues if the 416 new address forms "leaked" into legacy email implementations. The WG 417 concluded that the advantages of in-transit downgrading, were it 418 feasible operationally, would be significant enough to overcome those 419 concerns. 421 Operationally that turned out to not be the case, with 422 interoperability problems among initial implementations. Prior to 423 starting on the work that led to this set of specifications, the WG 424 concluded that the combination of requirements and long-term 425 implications of that earlier model were too complex to be 426 satisfactory and that work should move ahead without it. 428 7. Overview of Protocol Extensions and Changes 430 7.1. SMTP Extension for Internationalized Email Address 432 An SMTP extension, "UTF8SMTPbis" is specified as follows: 434 o Permits the use of UTF-8 strings in email addresses, both local 435 parts and domain names. 437 o Permits the selective use of UTF-8 strings in email message 438 headers (see Section 7.2). 440 o Requires that the server advertise the 8BITMIME extension 441 [RFC1652] and that the client support 8-bit transmission so that 442 header information can be transmitted without using a special 443 content-transfer-encoding. 445 Some general principles affect the development decisions underlying 446 this work. 448 1. Email addresses enter subsystems (such as a user interface) that 449 may perform charset conversions or other encoding changes. When 450 the left hand side of the address includes characters outside the 451 US-ASCII character repertoire, use of ASCII-compatible encoding 452 (ACE) [RFC3492] [RFC5890] on the right hand side is discouraged 453 to promote consistent processing of characters throughout the 454 address. 456 2. An SMTP relay MUST 458 * Either recognize the format explicitly, agreeing to do so via 459 an ESMTP option, or 461 * Reject the message or, if necessary, return a non-delivery 462 notification message, so that the sender can make another 463 plan. 465 3. If the message cannot be forwarded because the next-hop system 466 cannot accept the extension it MUST be rejected or a non-delivery 467 message MUST be generated and sent. 469 4. In the interest of interoperability, charsets other than UTF-8 470 are prohibited in mail addresses and message headers being 471 transmitted over the Internet. There is no practical way to 472 identify multiple charsets properly with an extension similar to 473 this without introducing great complexity. 475 Conformance to the group of standards specified here for email 476 transport and delivery requires implementation of the SMTP Extension 477 specification and the UTF-8 Header specification. If the system 478 implements IMAP or POP, it MUST conform to the i18n IMAP or POP 479 specifications respectively. 481 7.2. Transmission of Email Header Fields in UTF-8 Encoding 483 There are many places in MUAs or in a user presentation in which 484 email addresses or domain names appear. Examples include the 485 conventional From, To, or Cc header fields; Message-ID and 486 In-Reply-To header fields that normally contain domain names (but 487 that may be a special case); and in message bodies. Each of these 488 must be examined from an internationalization perspective. The user 489 will expect to see mailbox and domain names in local characters, and 490 to see them consistently. If non-obvious encodings, such as 491 protocol-specific ASCII-Compatible Encoding (ACE) variants, are used, 492 the user will inevitably, if only occasionally, see them rather than 493 "native" characters and will find that discomfiting or astonishing. 494 Similarly, if different codings are used for mail transport and 495 message bodies, the user is particularly likely to be surprised, if 496 only as a consequence of the long-established "things leak" 497 principle. The only practical way to avoid these sources of 498 discomfort, in both the medium and the longer term, is to have the 499 encodings used in transport be as similar to the encodings used in 500 message headers and message bodies as possible. 502 When email local parts are internationalized, they SHOULD be 503 accompanied by arrangements for the message headers to be in the 504 fully internationalized form. That form SHOULD presumably use UTF-8 505 rather than ASCII as the base character set for the contents of 506 header fields (protocol elements such as the header field names 507 themselves are unchanged and remain entirely in ASCII). For 508 transition purposes and compatibility with legacy systems, this can 509 done by extending the traditional MIME encoding models for non-ASCII 510 characters in headers [RFC2045] [RFC2231]. However, the target is 511 fully internationalized message headers, as discussed in 512 [RFC5335bis-Hdrs] and not an extended and painful transition. 514 7.3. SMTP Service Extension for DSNs 516 The existing Draft Standard Delivery status notifications (DSNs) 517 specification [RFC3461] is limited to ASCII text in the machine 518 readable portions of the protocol. "International Delivery and 519 Disposition Notifications" [RFC5337bis-DSN] adds a new address type 520 for international email addresses so an original recipient address 521 with non-ASCII characters can be correctly preserved even after 522 downgrading. If an SMTP server advertises both the UTF8SMTPbis and 523 the DSN extension, that server MUST implement internationalized DSNs 524 including support for the ORCPT parameter specified in RFC 3461 525 [RFC3461]. 527 8. Downgrading before and after SMTP Transactions 529 An important issue with these extensions is how to handle 530 interactions between systems that support non-ASCII addresses and 531 legacy systems that expect ASCII. There is, of course, no problem 532 with ASCII-only systems sending to those that can handle 533 internationalized forms because the ASCII forms are just a proper 534 subset. But, when systems that support these extensions send mail, 535 they MAY include non-ASCII addresses for senders, receivers, or both 536 and might also provide non-ASCII header information other than 537 addresses. If the extension is not supported by the first-hop system 538 (SMTP server accessed by the Submission server acting as an SMTP 539 client), message originating systems SHOULD be prepared to either 540 send conventional envelopes and message headers or to return the 541 message to the originating user so the message may be manually 542 downgraded to the traditional form, possibly using encoded words 543 [RFC2047] in the message headers. Of course, such transformations 544 imply that the originating user or system must have ASCII-only 545 addresses available for all senders and recipients. Mechanisms by 546 which such addresses may be found or identified are outside the scope 547 of these specifications as are decisions about the design of 548 originating systems such as whether any required transformations are 549 made by the user, the originating MUA, or the Submission server. 551 A somewhat more complex situation arises when the first-hop system 552 supports these extensions but some subsequent server in the SMTP 553 transmission chain does not. It is important to note that most cases 554 of that situation with forward-pointing addresses will be the result 555 of configuration errors: especially if it hosts non-ASCII addresses, 556 a final delivery MTA that accepts these extensions SHOULD NOT be 557 configured with lower-preference MX hosts that do not. When the only 558 non-ASCII address being transmitted is backward-pointing (e.g., in an 559 SMTP MAIL command), recipient configuration can not help in general. 560 On the other hand, alternate, all-ASCII, addresses for senders are 561 those most likely to be authoritatively known by the submission 562 environment or the sender herself. Consequently, if an intermediate 563 SMTP relay that requires these extensions then discovers that the 564 next system in the chain does not support them, it will have little 565 choice other than to reject or return the message. 567 As discussed above, downgrading to an ASCII-only form may occur 568 before or during the initial message submission. It might also occur 569 after the delivery to the final delivery MTA in order to accommodate 570 messages stores or IMAP or POP servers or clients that have different 571 capabilities than the delivery MTA. These two cases are discussed in 572 the subsections below. 574 8.1. Downgrading before or during Message Submission 576 It is likely that the most common cases in which a message that 577 requires these extensions is sent to a system that does not will 578 involve the combination of ASCII-only forward-pointing addresses with 579 a non-ASCII backward-pointing one. Until the extensions described 580 here have been universally implemented in the Internet email 581 environment, senders who prefer to use non-ASCII addresses (or raw 582 UTF-8 characters in header fields) even when their intended 583 recipients use and expect all-ASCII ones will need to be especially 584 careful about the error conditions that can arise, especially if they 585 are working in an environment in which non-delivery messages (or 586 other indications from submission servers) are routinely dropped or 587 ignored. 589 Perhaps obviously, the most convenient time to find an ASCII address 590 corresponding to an internationalized address is at the originating 591 MUA or closely-associated systems. This can occur either before the 592 message is sent or after the internationalized form of the message is 593 rejected. It is also the most convenient time to convert a message 594 from the internationalized form into conventional ASCII form or to 595 generate a non-delivery message to the sender if either is necessary. 596 At that point, the user has a full range of choices available, 597 including changing backward-pointing addresses, contacting the 598 intended recipient out of band for an alternate address, consulting 599 appropriate directories, arranging for translation of both addresses 600 and message content into a different language, and so on. While it 601 is natural to think of message downgrading as optimally being a 602 fully-automated process, we should not underestimate the capabilities 603 of a user of at least moderate intelligence who wishes to communicate 604 with another such user. 606 In this context, one can easily imagine modifications to message 607 submission servers (as described in RFC 4409 [RFC4409]) so that they 608 would perform downgrading operations or perhaps even upgrading ones. 609 Such operations would permit receiving messages with one or more of 610 the internationalization extensions discussed here and adapting the 611 outgoing message, as needed, to respond to the delivery or next-hop 612 environment the submission server encounters. 614 8.2. Downgrading or Other Processing After Final SMTP Delivery 616 When an email message is received by a final delivery MTA, it is 617 usually stored in some form. Then it is retrieved either by software 618 that reads the stored form directly or by client software via some 619 email retrieval mechanisms such as POP or IMAP. 621 The SMTP extension described in Section 7.1 provides protection only 622 in transport. It does not prevent MUAs and email retrieval 623 mechanisms that have not been upgraded to understand 624 internationalized addresses and UTF-8 message headers from accessing 625 stored internationalized emails. 627 Since the final delivery MTA (or, to be more specific, its 628 corresponding mail storage agent) cannot safely assume that agents 629 accessing email storage will always be capable of handling the 630 extensions proposed here, it MAY downgrade internationalized emails, 631 specially identify messages that utilize these extensions, or both. 632 If this is done, the final delivery MTA SHOULD include a mechanism to 633 preserve or recover the original internationalized forms without 634 information loss to support access by UTF8SMTPbis-aware agents. 636 9. Downgrading in Transit 638 The base SMTP specification (Section 2.3.11 of RFC 5321 [RFC5321]) 639 states that "due to a long history of problems when intermediate 640 hosts have attempted to optimize transport by modifying them, the 641 local-part MUST be interpreted and assigned semantics only by the 642 host specified in the domain part of the address". This is not a new 643 requirement; equivalent statements appeared in specifications in 2001 644 [RFC2821] and even in 1989 [RFC1123]. 646 Adherence to this rule means that a downgrade mechanism that 647 transforms the local-part of an email address cannot be utilized in 648 transit. It can only be applied at the endpoints, specifically by 649 the MUA or submission server or by the final delivery MTA. 651 One of the reasons for this rule has to do with legacy email systems 652 that embed mail routing information in the local-part of the address 653 field. Transforming the email address destroys such routing 654 information. There is no way a server other than the final delivery 655 server can know, for example, whether the local-part of 656 user%foo@example.com is a route ("user" is reached via "foo") or 657 simply a local address. 659 10. User Interface and Configuration Issues 661 Internationalization of addresses and message headers, especially in 662 combination with variations on character coding that are inherent to 663 Unicode, may make careful choices of addresses and careful 664 configuration of servers and DNS records even more important than 665 they are for traditional Internet email. It is likely that, as 666 experience develops with the use of these protocols, it will be 667 desirable to produce one or more additional documents that offer 668 guidance for configuration and interfaces. A document that discusses 669 issues with mail user agents (MUAs), especially with regard to 670 downgrading [EAI-MUA-issues], is expected to be developed in the EAI 671 Working Group. The subsections below address some other issues. 673 10.1. Choices of Mailbox Names and Unicode Normalization 675 It has long been the case that the email syntax permits choices about 676 mailbox names that are unwise in practice if one actually intends the 677 mailboxes to be accessible to a broad range of senders. The most- 678 often-cited examples involve the use of case-sensitivity and tricky 679 quoting of embedded characters in mailbox local parts. While these 680 are permitted by the protocols and servers are expected to support 681 them and there are special cases where they can provide value, taking 682 advantage of those features is almost always bad practice unless the 683 intent is to create some form of security by obscurity. 685 In the absence of these extensions, SMTP clients and servers are 686 constrained to using only those addresses permitted by RFC 5321. The 687 local parts of those addresses MAY be made up of any ASCII characters 688 except the control characters that 5321 prohibits, although some of 689 them MUST be quoted as specified there. It is notable in an 690 internationalization context that there is a long history on some 691 systems of using overstruck ASCII characters (a character, a 692 backspace, and another character) within a quoted string to 693 approximate non-ASCII characters. This form of internationalization 694 was permitted by RFC 821 [RFC0821] but is prohibited by RFC 5321 695 because it requires a backspace character (a prohibited C0 control). 697 The practice SHOULD be phased out as this extension becomes widely 698 deployed but backward-compatibility considerations may require that 699 it continue to be recognized. 701 For the particular case of EAI mailbox names, special attention MUST 702 be paid to Unicode normalization [Unicode-UAX15], in part because 703 Unicode strings may be normalized by other processes independent of 704 what a mail protocol specifies (this is exactly analogous to what may 705 happen with quoting and dequoting in traditional addresses). 706 Consequently, the following principles are offered as advice to those 707 who are selecting names for mailboxes: 709 o In general, it is wise to support addresses in Normalized form, 710 using either Normalization Form NFC and, except in unusual 711 circumstances, NFKC. 713 o It may be wise to support other forms of the same local-part 714 string, either as aliases or by normalization of strings reaching 715 the delivery server, in the event that the sender does not send 716 the strings in normalized form. 718 o Stated differently and in more specific terms, the rules of the 719 protocol for local-part strings essentially provide that: 721 * Unnormalized strings are valid, but sufficiently bad practice 722 that they may not work reliably on a global basis. 724 * C0 (and presumably C1) controls (see The Unicode Standard 725 [Unicode52]) are prohibited, the first in RFC 5321 and the 726 second by an obvious extension from it [RFC5198]. 728 * Other kinds of punctuation, spaces, etc., are risky practice. 729 Perhaps they will work, and SMTP receiver code is required to 730 handle them, but creating dependencies on them in mailbox names 731 that are chosen is usually a bad practice and may lead to 732 interoperability problems. 734 11. Additional Issues 736 This section identifies issues that are not covered, or not covered 737 comprehensively, as part of this set of specifications, but that will 738 require ongoing review as part of deployment of email address and 739 header internationalization. 741 11.1. Impact on URIs and IRIs 743 The mailto: schema [RFC2368] and discussed in the Internationalized 744 Resource Identifier (IRI) specification [RFC3987] may need to be 745 modified when this work is completed and standardized. 747 11.2. Use of Email Addresses as Identifiers 749 There are a number of places in contemporary Internet usage in which 750 email addresses are used as identifiers for individuals, including as 751 identifiers to Web servers supporting some electronic commerce sites 752 and in some X.509 certificates [RFC5280]. These documents do not 753 address those uses, but it is reasonable to expect that some 754 difficulties will be encountered when internationalized addresses are 755 first used in those contexts, many of which cannot even handle the 756 full range of addresses permitted today. 758 11.3. Encoded Words, Signed Messages, and Downgrading 760 One particular characteristic of the email format is its persistency: 761 MUAs are expected to handle messages that were originally sent 762 decades ago and not just those delivered seconds ago. As such, MUAs 763 and mail filtering software, such as that specified in Sieve 764 [RFC5228], will need to continue to accept and decode header fields 765 that use the "encoded word" mechanism [RFC2047] to accommodate non- 766 ASCII characters in some header fields. While extensions to both 767 POP3 [RFC1939] and IMAP [RFC3501] have been defined that include 768 automatic upgrading of messages that carry non-ASCII information in 769 encoded form -- including RFC 2047 decoding -- of messages by the 770 POP3 [RFC5721bis-POP3] or IMAP [RFC5738bis-IMAP] server, there are 771 message structures and MIME content-types for which that cannot be 772 done or where the change would have unacceptable side effects. 774 For example, message parts that are cryptographically signed, using 775 e.g., S/MIME [RFC3851] or Pretty Good Privacy (PGP) [RFC3156], cannot 776 be upgraded from the RFC 2047 form to normal UTF-8 characters without 777 breaking the signature. Similarly, message parts that are encrypted 778 may contain, when decrypted, header fields that use the RFC 2047 779 encoding; such messages cannot be 'fully' upgraded without access to 780 cryptographic keys. 782 Similar issues may arise if messages are signed and then subsequently 783 downgraded, e.g., as discussed in Section 8.1, and then an attempt is 784 made to upgrade them to the original form and then verify the 785 signatures. Even the very subtle changes that may result from 786 algorithms to downgrade and then upgrade again may be sufficient to 787 invalidate the signatures if they impact either the primary or MIME 788 bodypart headers. When signatures are present, downgrading MUST be 789 performed with extreme care if at all. 791 11.4. Other Uses of Local Parts 793 Local parts are sometimes used to construct domain labels, e.g., the 794 local part "user" in the address user@domain.example could be 795 converted into a vanity host user.domain.example with its Web space 796 at and the catchall addresses 797 any.thing.goes@user.domain.example. 799 Such schemes are obviously limited by, among other things, the SMTP 800 rules for domain names, and will not work without further 801 restrictions for other local parts such as the 802 specified in [RFC5335bis-Hdrs]. Whether those limitations are 803 relevant to these specifications is an open question. It may be 804 simply another case of the considerable flexibility accorded to 805 delivery MTAs in determining the mailbox names they will accept and 806 how they are interpreted. 808 11.5. Non-Standard Encapsulation Formats 810 Some applications use formats similar to the application/mbox format 811 defined in [RFC4155] instead of the message/digest form described in 812 RFC 2046, Section 5.1.5 [RFC2046] to transfer multiple messages as 813 single units. Insofar as such applications assume that all stored 814 messages use the message/rfc822 format described in RFC 2046, Section 815 5.2.1 [RFC2046] with US-ASCII message headers, they are not ready for 816 the extensions specified in this series of documents and special 817 measures may be needed to properly detect and process them. 819 12. Key Changes From the Experimental Protocols and Framework 821 The original framework for internationalized email addresses and 822 headers was described in RFC 4952 and a subsequent set of 823 experimental protocol documents. Those relationships are described 824 in Section 3. The key architectural difference between the 825 experimental specifications and this newer set is that the earlier 826 specifications supported in-transit downgrading including providing 827 syntax and functions to support passing alternate, all-ASCII, 828 addresses with the non-ASCII ones and special headers to indicate the 829 downgraded status of messages. Those features were eliminated after 830 experimentation indicated that they were more complex and less 831 necessary than had been assumed earlier. Those issues are described 832 in more detail in Section 6 and Section 9. 834 13. IANA Considerations 836 This overview description and framework document does not contemplate 837 any IANA registrations or other actions. Some of the documents in 838 the group have their own IANA considerations sections and 839 requirements. 841 14. Security Considerations 843 Any expansion of permitted characters and encoding forms in email 844 addresses raises some risks. There have been discussions on so 845 called "IDN-spoofing" or "IDN homograph attacks". These attacks 846 allow an attacker (or "phisher") to spoof the domain or URLs of 847 businesses. The same kind of attack is also possible on the local 848 part of internationalized email addresses. It should be noted that 849 the proposed fix involving forcing all displayed elements into 850 normalized lower-case works for domain names in URLs, but not email 851 local parts since those are case sensitive. 853 Since email addresses are often transcribed from business cards and 854 notes on paper, they are subject to problems arising from confusable 855 characters (see [RFC4690]). These problems are somewhat reduced if 856 the domain associated with the mailbox is unambiguous and supports a 857 relatively small number of mailboxes whose names follow local system 858 conventions. They are increased with very large mail systems in 859 which users can freely select their own addresses. 861 The internationalization of email addresses and message headers must 862 not leave the Internet less secure than it is without the required 863 extensions. The requirements and mechanisms documented in this set 864 of specifications do not, in general, raise any new security issues. 866 They do require a review of issues associated with confusable 867 characters -- a topic that is being explored thoroughly elsewhere 868 (see, e.g., RFC 4690 [RFC4690]) -- and, potentially, some issues with 869 UTF-8 normalization, discussed in RFC 3629 [RFC3629], and other 870 transformations. Normalization and other issues associated with 871 transformations and standard forms are also part of the subject of 872 work described elsewhere [RFC5198] [RFC5893] [IAB-idn-encoding]. 874 Some issues specifically related to internationalized addresses and 875 message headers are discussed in more detail in the other documents 876 in this set. However, in particular, caution should be taken that 877 any "downgrading" mechanism, or use of downgraded addresses, does not 878 inappropriately assume authenticated bindings between the 879 internationalized and ASCII addresses. Expecting and most or all 880 such transformations prior to final delivery be done by systems that 881 are presumed to be under the administrative control of the sending 882 user ameliorates the potential problem somewhat as compared to what 883 it would be if the relationships were changed in transit. 885 The new UTF-8 header and message formats might also raise, or 886 aggravate, another known issue. If the model creates new forms of an 887 'invalid' or 'malformed' message, then a new email attack is created: 888 in an effort to be robust, some or most agents will accept such 889 message and interpret them as if they were well-formed. If a filter 890 interprets such a message differently than the MUA used by the 891 recipient, then it may be possible to create a message that appears 892 acceptable under the filter's interpretation but that should be 893 rejected under the interpretation given to it by that MUA. Such 894 attacks already exist for existing messages and encoding layers, 895 e.g., invalid MIME syntax, invalid HTML markup, and invalid coding of 896 particular image types. 898 In addition, email addresses are used in many contexts other than 899 sending mail, such as for identifiers under various circumstances 900 (see Section 11.2). Each of those contexts will need to be 901 evaluated, in turn, to determine whether the use of non-ASCII forms 902 is appropriate and what particular issues they raise. 904 This work will clearly affect any systems or mechanisms that are 905 dependent on digital signatures or similar integrity protection for 906 email message headers (see also the discussion in Section 11.3). 907 Many conventional uses of PGP and S/MIME are not affected since they 908 are used to sign body parts but not message headers. On the other 909 hand, the developing work on domain keys identified mail (DKIM) 910 [RFC5863] will eventually need to consider this work and vice versa: 911 while this specification does not address or solve the issues raised 912 by DKIM and other signed header mechanisms, the issues will have to 913 be coordinated and resolved eventually if the two sets of protocols 914 are to co-exist. In addition, to the degree to which email addresses 915 appear in PKI (Public Key Infrastructure) certificates, standards 916 addressing such certificates will need to be upgraded to address 917 these internationalized addresses. Those upgrades will need to 918 address questions of spoofing by look-alikes of the addresses 919 themselves. 921 15. Acknowledgments 923 This document is an update to, and derived from, RFC 4952. This 924 document would have been impossible without the work and 925 contributions acknowledged in it. The present document benefited 926 significantly from discussions in the EAI WG and elsewhere after RFC 927 4952 was published, especially discussions about the experimental 928 versions of other documents in the internationalized email 929 collection, and from RFC errata on RFC 4952 itself. 931 Special thanks are due to Ernie Dainow for careful reviews and 932 suggested text in this version. 934 16. References 935 16.1. Normative References 937 [ASCII] American National Standards Institute 938 (formerly United States of America 939 Standards Institute), "USA Code for 940 Information Interchange", ANSI X3.4-1968, 941 1968. 943 ANSI X3.4-1968 has been replaced by newer 944 versions with slight modifications, but the 945 1968 version remains definitive for the 946 Internet. 948 [RFC1652] Klensin, J., Freed, N., Rose, M., 949 Stefferud, E., and D. Crocker, "SMTP 950 Service Extension for 8bit-MIMEtransport", 951 RFC 1652, July 1994. 953 [RFC2119] Bradner, S., "Key words for use in RFCs to 954 Indicate Requirement Levels", BCP 14, 955 RFC 2119, March 1997. 957 [RFC3629] Yergeau, F., "UTF-8, a transformation 958 format of ISO 10646", STD 63, RFC 3629, 959 November 2003. 961 [RFC5321] Klensin, J., "Simple Mail Transfer 962 Protocol", RFC 5321, October 2008. 964 [RFC5322] Resnick, P., Ed., "Internet Message 965 Format", RFC 5322, October 2008. 967 [RFC5335bis-Hdrs] Yang, A. and S. Steele, "Internationalized 968 Email Headers", July 2010, . 972 [RFC5336bis-SMTP] Yao, J. and W. Mao, "SMTP Extension for 973 Internationalized Email Address", 974 August 2010, . 977 [RFC5337bis-DSN] Not yet posted?, "Internationalized 978 Delivery Status and Disposition 979 Notifications", Unwritten waiting for I-D, 980 2010. 982 [RFC5721bis-POP3] Not yet posted?, "POP3 Support for UTF-8", 983 Unwritten waiting for I-D, 2010. 985 [RFC5738bis-IMAP] Not yet posted?, "IMAP Support for UTF-8", 986 Unwritten waiting for I-D, 2010. 988 [RFC5890] Klensin, J., "Internationalized Domain 989 Names for Applications (IDNA): Definitions 990 and Document Framework", RFC 5890, 991 August 2010. 993 [RFCNNNNbis-MailingList] Not yet posted?, "Mailing Lists and 994 Internationalized Email Addresses", First 995 Version still not in RFC Editor queue https 996 ://datatracker.ietf.org/doc/ 997 draft-ietf-eai-mailinglist/, 998 Unwritten waiting for I-D, 2010. 1000 16.2. Informative References 1002 [EAI-MUA-issues] EAI WG, "Still-unnamed proposed document on 1003 MUA issues", Not assigned or agreed to yet, 1004 2011. 1006 Note to IESG and RFC Editor: While there is 1007 provision for a document on this subject in 1008 the WG Charter, there is, as yet, no plan 1009 for producing it or even for adding it to 1010 the WG's task list with benchmarks. If the 1011 present document is approved for 1012 publication before the is at least a title 1013 and author(s) for an I-D, the citation and 1014 reference should simply be dropped. 1016 [EAI-Mailinglist] Gellens, R., "Mailing Lists and 1017 Internationalized Email Addresses", 1018 June 2010, . 1021 [IAB-idn-encoding] Thaler, D., Klensin, J., and S. Cheshire, 1022 "IAB Thoughts on Encodings for 1023 Internationalized Domain Names", 2010, . 1027 [RFC0821] Postel, J., "Simple Mail Transfer 1028 Protocol", STD 10, RFC 821, August 1982. 1030 [RFC1123] Braden, R., "Requirements for Internet 1031 Hosts - Application and Support", STD 3, 1032 RFC 1123, October 1989. 1034 [RFC1939] Myers, J. and M. Rose, "Post Office 1035 Protocol - Version 3", STD 53, RFC 1939, 1036 May 1996. 1038 [RFC2033] Myers, J., "Local Mail Transfer Protocol", 1039 RFC 2033, October 1996. 1041 [RFC2045] Freed, N. and N. Borenstein, "Multipurpose 1042 Internet Mail Extensions (MIME) Part One: 1043 Format of Internet Message Bodies", 1044 RFC 2045, November 1996. 1046 [RFC2046] Freed, N. and N. Borenstein, "Multipurpose 1047 Internet Mail Extensions (MIME) Part Two: 1048 Media Types", RFC 2046, November 1996. 1050 [RFC2047] Moore, K., "MIME (Multipurpose Internet 1051 Mail Extensions) Part Three: Message Header 1052 Extensions for Non-ASCII Text", RFC 2047, 1053 November 1996. 1055 [RFC2231] Freed, N. and K. Moore, "MIME Parameter 1056 Value and Encoded Word Extensions: Characte 1057 r Sets, Languages, and Continuations", 1058 RFC 2231, November 1997. 1060 [RFC2368] Hoffman, P., Masinter, L., and J. Zawinski, 1061 "The mailto URL scheme", RFC 2368, 1062 July 1998. 1064 [RFC2821] Klensin, J., "Simple Mail Transfer 1065 Protocol", RFC 2821, April 2001. 1067 [RFC3156] Elkins, M., Del Torto, D., Levien, R., and 1068 T. Roessler, "MIME Security with OpenPGP", 1069 RFC 3156, August 2001. 1071 [RFC3461] Moore, K., "Simple Mail Transfer Protocol 1072 (SMTP) Service Extension for Delivery 1073 Status Notifications (DSNs)", RFC 3461, 1074 January 2003. 1076 [RFC3464] Moore, K. and G. Vaudreuil, "An Extensible 1077 Message Format for Delivery Status 1078 Notifications", RFC 3464, January 2003. 1080 [RFC3492] Costello, A., "Punycode: A Bootstring 1081 encoding of Unicode for Internationalized 1082 Domain Names in Applications (IDNA)", 1083 RFC 3492, March 2003. 1085 [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS 1086 PROTOCOL - VERSION 4rev1", RFC 3501, 1087 March 2003. 1089 [RFC3851] Ramsdell, B., "Secure/Multipurpose Internet 1090 Mail Extensions (S/MIME) Version 3.1 1091 Message Specification", RFC 3851, 1092 July 2004. 1094 [RFC3987] Duerst, M. and M. Suignard, 1095 "Internationalized Resource Identifiers 1096 (IRIs)", RFC 3987, January 2005. 1098 [RFC4155] Hall, E., "The application/mbox Media 1099 Type", RFC 4155, September 2005. 1101 [RFC4409] Gellens, R. and J. Klensin, "Message 1102 Submission for Mail", RFC 4409, April 2006. 1104 [RFC4690] Klensin, J., Faltstrom, P., Karp, C., and 1105 IAB, "Review and Recommendations for 1106 Internationalized Domain Names (IDNs)", 1107 RFC 4690, September 2006. 1109 [RFC4952] Klensin, J. and Y. Ko, "Overview and 1110 Framework for Internationalized Email", 1111 RFC 4952, July 2007. 1113 [RFC5198] Klensin, J. and M. Padlipsky, "Unicode 1114 Format for Network Interchange", RFC 5198, 1115 March 2008. 1117 [RFC5228] Guenther, P. and T. Showalter, "Sieve: An 1118 Email Filtering Language", RFC 5228, 1119 January 2008. 1121 [RFC5280] Cooper, D., Santesson, S., Farrell, S., 1122 Boeyen, S., Housley, R., and W. Polk, 1123 "Internet X.509 Public Key Infrastructure 1124 Certificate and Certificate Revocation List 1125 (CRL) Profile", RFC 5280, May 2008. 1127 [RFC5335] Abel, Y., "Internationalized Email 1128 Headers", RFC 5335, September 2008. 1130 [RFC5336] Yao, J. and W. Mao, "SMTP Extension for 1131 Internationalized Email Addresses", 1132 RFC 5336, September 2008. 1134 [RFC5337] Newman, C. and A. Melnikov, 1135 "Internationalized Delivery Status and 1136 Disposition Notifications", RFC 5337, 1137 September 2008. 1139 [RFC5504] Fujiwara, K. and Y. Yoneya, "Downgrading 1140 Mechanism for Email Address 1141 Internationalization", RFC 5504, 1142 March 2009. 1144 [RFC5721] Gellens, R. and C. Newman, "POP3 Support 1145 for UTF-8", RFC 5721, February 2010. 1147 [RFC5738] Resnick, P. and C. Newman, "IMAP Support 1148 for UTF-8", RFC 5738, March 2010. 1150 [RFC5825] Fujiwara, K. and B. Leiba, "Displaying 1151 Downgraded Messages for Email Address 1152 Internationalization", RFC 5825, 1153 April 2010. 1155 [RFC5863] Hansen, T., Siegel, E., Hallam-Baker, P., 1156 and D. Crocker, "DomainKeys Identified Mail 1157 (DKIM) Development, Deployment, and 1158 Operations", RFC 5863, May 2010. 1160 [RFC5891] Klensin, J., "Internationalized Domain 1161 Names in Applications (IDNA): Protocol", 1162 RFC 5891, August 2010. 1164 [RFC5892] Faltstrom, P., "The Unicode Code Points and 1165 Internationalized Domain Names for 1166 Applications (IDNA)", RFC 5892, 1167 August 2010. 1169 [RFC5893] Alvestrand, H. and C. Karp, "Right-to-Left 1170 Scripts for Internationalized Domain Names 1171 for Applications (IDNA)", RFC 5893, 1172 August 2010. 1174 [RFC5894] Klensin, J., "Internationalized Domain 1175 Names for Applications (IDNA): Background, 1176 Explanation, and Rationale", RFC 5894, 1177 August 2010. 1179 [Unicode-UAX15] The Unicode Consortium, "Unicode Standard 1180 Annex #15: Unicode Normalization Forms", 1181 March 2008, 1182 . 1184 [Unicode52] The Unicode Consortium. The Unicode 1185 Standard, Version 5.2.0, defined by:, "The 1186 Unicode Standard, Version 5.2.0", (Mountain 1187 View, CA: The Unicode Consortium, 1188 2009. ISBN 978-1-936213-00-9)., . 1191 Appendix A. Change Log 1193 [[RFC Editor: Please remove this section prior to publication.]] 1195 A.1. Changes between -00 and -01 1197 o Because there has been no feedback on the mailing list, updated 1198 the various questions to refer to this version as well. 1200 o Reflected RFC Editor erratum #1507 by correcting terminology for 1201 headers and header fields and distinguishing between "message 1202 headers" and different sorts of headers (e.g., the MIME ones). 1204 A.2. Changes between -01 and -02 1206 Note that section numbers in the list that follows may refer to -01 1207 and not -02. 1209 o Discussion of RFC 5825 ("downgraded display") has been removed per 1210 the earlier note and on-list discussion. Any needed discussion 1211 about reconstructed messages will need to appear in the IMAP and 1212 POP documents. However, the introductory material has been 1213 reworded to permit keeping 5504 and 5825 on the list there, 1214 without which the back chain would not be complete. For 1215 consistency with this change, 5504 and 5825 have been added to the 1216 "Obsoletes" list (as far as I know, an Informational spec can 1217 obsolete or update Experimental ones, so no downref problem here 1218 --JcK). 1220 o Reference to alternate addresses dropped from (former) Section 1221 7.1. 1223 o Reference to RFC 5504 added to (former) Section 8 for 1224 completeness. 1226 o Ernie's draft comments added (with some minor edits) to replace 1227 the placeholder in (former) Section 9 ("Downgrading in Transit"). 1228 It is intended to capture at least an introduction the earlier 1229 discussions of algorithmic downgrading generally and ACE/Punycode 1230 transformations in particular. Anyone who is unhappy with it 1231 should say so and propose alternate text. RSN. 1233 o In the interest of clarity and consistency with the terminology in 1234 Section 4.1, all uses of "final delivery SMTP server" and "final 1235 delivery server" have been changed to "final delivery MTA". 1237 o Placeholder at the end of Section 2 has been removed and the text 1238 revised to promise less. The "Document Plan" (Section 5) has been 1239 revised accordingly. We need to discuss this at IETF 78 if not 1240 sooner. 1242 o Sections 5 and 6 have been collapsed into one -- there wasn't 1243 enough left in the former Section 5 to justify a separate section. 1245 o Former Section 11.1 has been dropped and the DSN document moved up 1246 into the "Document Plan" as suggested earlier. 1248 o Section 12, "Experimental Targets", has been removed. 1250 o Updated references for the new version EAI documents and added 1251 placeholders for all of the known remaining drafts that will 1252 become part of the core EAI series but that have not been written. 1254 o Inserted an additional clarification about the relationship of 1255 these extensions to non-ASCII messages. 1257 o Changed some normative/informative reference classifications based 1258 on review of the new text. 1260 o Removed references to the pre-EAI documents that were cited for 1261 historical context in 4952. 1263 o Got rid of a remaining pointer to address downgrading in the 1264 discussion of an updated MAILTO URI. 1266 o Minor additional editorial cleanups and tuning. 1268 A.3. Changes between -02 and -03 1270 o Inserted paragraph clarifying the status of the UTF8SMTPbis 1271 keyword as a result of discussion prior to and during IETF 79. 1273 o Adjusted some references including adding an explicit citation of 1274 RFC 821. 1276 o Removed the discussion of the experimental work from an inline 1277 aside to a separate section, Section 6. 1279 o Rewrote the discussion of configuration errors in MX setups to 1280 make it clear that they are an issue with forward-pointing 1281 addresses only and improved the discussion of backward-pointing 1282 addresses. 1284 o Removed some now-obsolete placeholder notes and resolved the 1285 remaining one to a dangling reference. 1287 A.4. Changes between -03 and -04 1289 o Several minor editorial changes. 1291 o Added a discussion of the relationship to the base email, MIME, 1292 and IDNA specifications. 1294 A.5. Changes between -04 and -05 1296 o Several more minor editorial changes. 1298 A.6. Changes between -05 and -06 1300 o Corrections to more precisely reflect RFC 2119 language 1301 requirements and closely-related issues.. 1303 A.7. Changes between -06 and -07 1305 o Added a new section (now Section 12) to explicitly discuss the 1306 changes from the previous version. 1308 o Removed the discussion of LMTP from Section 11; it is more 1309 appropriately placed in the SMTP Extension document (5336bis). 1311 Authors' Addresses 1313 John C KLENSIN 1314 1770 Massachusetts Ave, #322 1315 Cambridge, MA 02140 1316 USA 1318 Phone: +1 617 491 5735 1319 EMail: john-ietf@jck.com 1321 YangWoo KO 1322 ICU 1323 119 Munjiro 1324 Yuseong-gu, Daejeon 305-732 1325 Republic of Korea 1327 EMail: yw@mrko.pe.kr