idnits 2.17.1 draft-ietf-eai-pop-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** The document seems to lack a License Notice according IETF Trust Provisions of 28 Dec 2009, Section 6.b.i or Provisions of 12 Sep 2009 Section 6.b -- however, there's a paragraph with a matching beginning. Boilerplate error? (You're using the IETF Trust Provisions' Section 6.b License Notice from 12 Feb 2009 rather than one of the newer Notices. See https://trustee.ietf.org/license-info/.) Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document updates RFC1939, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year (Using the creation date from RFC1939, updated by this document, for RFC5378 checks: 1995-05-15) -- The document seems to contain a disclaimer for pre-RFC5378 work, and may have content which was first submitted before 10 November 2008. The disclaimer is necessary when there are original authors that you have been unable to contact, or if some do not wish to grant the BCP78 rights to the IETF Trust. If you are able to get all authors (current and original) to grant those rights, you can and should remove the disclaimer; otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 22, 2009) is 5298 days in the past. Is this intentional? Checking references for intended status: Experimental ---------------------------------------------------------------------------- ** Obsolete normative reference: RFC 4646 (Obsoleted by RFC 5646) ** Obsolete normative reference: RFC 4013 (Obsoleted by RFC 7613) ** Obsolete normative reference: RFC 5335 (Obsoleted by RFC 6532) -- Obsolete informational reference (is this intentional?): RFC 5504 (Obsoleted by RFC 6530) Summary: 4 errors (**), 0 flaws (~~), 1 warning (==), 4 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Gellens 3 Internet-Draft QUALCOMM Incorporated 4 Updates: 1939 (if approved) C. Newman 5 Intended status: Experimental Sun Microsystems 6 Expires: April 25, 2010 October 22, 2009 8 POP3 Support for UTF-8 9 draft-ietf-eai-pop-08.txt 11 Status of this Memo 13 This Internet-Draft is submitted to IETF in full conformance with the 14 provisions of BCP 78 and BCP 79. This document may contain material 15 from IETF Documents or IETF Contributions published or made publicly 16 available before November 10, 2008. The person(s) controlling the 17 copyright in some of this material may not have granted the IETF 18 Trust the right to allow modifications of such material outside the 19 IETF Standards Process. Without obtaining an adequate license from 20 the person(s) controlling the copyright in such materials, this 21 document may not be modified outside the IETF Standards Process, and 22 derivative works of it may not be created outside the IETF Standards 23 Process, except to format it for publication as an RFC or to 24 translate it into languages other than English. 26 Internet-Drafts are working documents of the Internet Engineering 27 Task Force (IETF), its areas, and its working groups. Note that 28 other groups may also distribute working documents as Internet- 29 Drafts. 31 Internet-Drafts are draft documents valid for a maximum of six months 32 and may be updated, replaced, or obsoleted by other documents at any 33 time. It is inappropriate to use Internet-Drafts as reference 34 material or to cite them other than as "work in progress." 36 The list of current Internet-Drafts can be accessed at 37 http://www.ietf.org/ietf/1id-abstracts.txt. 39 The list of Internet-Draft Shadow Directories can be accessed at 40 http://www.ietf.org/shadow.html. 42 This Internet-Draft will expire on April 25, 2010. 44 Copyright Notice 46 Copyright (c) 2009 IETF Trust and the persons identified as the 47 document authors. All rights reserved. 49 This document is subject to BCP 78 and the IETF Trust's Legal 50 Provisions Relating to IETF Documents in effect on the date of 51 publication of this document (http://trustee.ietf.org/license-info). 52 Please review these documents carefully, as they describe your rights 53 and restrictions with respect to this document. 55 Abstract 57 This specification extends the Post Office Protocol version 3 (POP3) 58 to support un-encoded international characters in user names, 59 passwords, mail addresses, message headers, and protocol-level 60 textual error strings. 62 Table of Contents 64 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 65 1.1. Conventions Used in this Document . . . . . . . . . . . . 3 66 1.2. Change History . . . . . . . . . . . . . . . . . . . . . . 3 67 1.2.1. Changes from -07 to -08 . . . . . . . . . . . . . . . 4 68 1.2.2. Changes from -06 to -07 . . . . . . . . . . . . . . . 4 69 1.2.3. Changes from -05 to -06 . . . . . . . . . . . . . . . 5 70 1.2.4. Changes from -04 to -05 . . . . . . . . . . . . . . . 5 71 1.2.5. Changes from -03 to -04 . . . . . . . . . . . . . . . 6 72 1.2.6. Changes from -02 to -03 . . . . . . . . . . . . . . . 6 73 1.2.7. Changes from -01 to -02 . . . . . . . . . . . . . . . 6 74 1.2.8. Changes from -00 to -01 . . . . . . . . . . . . . . . 7 75 1.2.9. Changes from draft-newman-ima-pop . . . . . . . . . . 7 76 1.3. Open Issues . . . . . . . . . . . . . . . . . . . . . . . 7 77 2. LANG Capability . . . . . . . . . . . . . . . . . . . . . . . 7 78 3. UTF8 Capability . . . . . . . . . . . . . . . . . . . . . . . 10 79 3.1. The UTF8 Command . . . . . . . . . . . . . . . . . . . . . 11 80 3.2. USER Argument to UTF8 Capability . . . . . . . . . . . . . 12 81 4. Issues with UTF-8 Header maildrop . . . . . . . . . . . . . . 13 82 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 13 83 6. Security Considerations . . . . . . . . . . . . . . . . . . . 13 84 7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14 85 7.1. Normative References . . . . . . . . . . . . . . . . . . . 14 86 7.2. Informative References . . . . . . . . . . . . . . . . . . 15 87 Appendix A. Design Rationale . . . . . . . . . . . . . . . . . . 15 88 Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . . 16 89 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16 91 1. Introduction 93 This specification extends POP3 [RFC1939] using the POP3 Extension 94 Mechanism [RFC2449] to permit un-encoded UTF-8 [RFC3629] in headers 95 as described in Internationalized Email Headers [RFC5335]. It also 96 adds a mechanism to support login names outside the ASCII character 97 set, and a mechanism to support UTF-8 protocol-level error strings in 98 a language appropriate for the user. 100 This document updates POP3 [RFC1939], and the fact that an 101 Experimental specification updates a Standards-Track specification 102 means that people who participate in the experiment have to consider 103 the standard updated. 105 Within this specification, the term down-conversion refers to the 106 process of modifying a message containing UTF8 headers [RFC5335] or 107 body parts with 8bit content-transfer-encoding as defined in MIME 108 section 2.8 [RFC2045] into conforming 7-bit Internet Message Format 109 [RFC5322] with Message Header Extensions for Non-ASCII Text [RFC2047] 110 and other 7-bit encodings. Down-conversion is specified by 111 Downgrading mechanism for Email Address Internationalization 112 [RFC5504]. 114 1.1. Conventions Used in this Document 116 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 117 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 118 document are to be interpreted as described in "Key words for use in 119 RFCs to Indicate Requirement Levels" [RFC2119]. 121 The formal syntax uses the Augmented Backus-Naur Form (ABNF) 122 [RFC5234] notation including the core rules defined in Appendix B of 123 RFC 5234. 125 In examples, "C:" and "S:" indicate lines sent by the client and 126 server respectively. If a single "C:" or "S:" label applies to 127 multiple lines, then the line breaks between those lines are for 128 editorial clarity only and are not part of the actual protocol 129 exchange. 131 Note that examples always use 7-bit ASCII characters due to 132 limitations of this document format; in particular, some examples for 133 the "LANG" command may appear silly as a result. 135 1.2. Change History 137 This section describes the change history of this Internet draft and 138 will be removed when/if this is published as an RFC. 140 1.2.1. Changes from -07 to -08 142 o Changed wording on applying SASLprep to APOP digest inputs. 144 o Added mandatory rejection of user names or passwords which fail to 145 comply with formal syntax of RFC 3629. 147 o Added text that, when applying SASLprep, servers MUST reject user 148 names or passwords which contain characters listed in section 2.3 149 of RFC 4013. 151 o Added normative reference to RFC 3629. 153 o Changed SASLprep language so that both clients and servers MUST 154 apply SASLprep to user names and passwords used to compute APOP 155 digest, and servers SHOULD apply SASLprep to arguments of USER and 156 PASS. 158 o Fixed typo ("ACII" instead of "ASCII"). 160 o Clarified that size doesn't include byte-stuffing. 162 o Added explanation to Introduction regarding updating RFC 1939. 164 o Added more prominent text on examples which are silly because they 165 use 7-bit ASCII. 167 o Replaced French examples with Spanish to try and make them 168 slightly less embarrassing. 170 o Replaced French-Canadian (fr-ca) example with Swedish, to try and 171 avoid accented characters. Also added Swedish to language 172 listing. 174 o Added "Examples" to LANG command examples. 176 o Added introductory text to sections on LANG and UTF8 capability 177 tags. 179 1.2.2. Changes from -06 to -07 181 o Added discussion about accuracy of size. 183 o Added mention of potential buffer overflow problems because of 184 inaccurate sizes to the Security Considerations. 186 o Added informative reference to SASL for POP3 (RFC 5034). 188 o Removed text making changes to AUTH, as this is handled by POP3 189 SASL. 191 o Fixed typo ("depricated" instead of "deprecated"). 193 o Reworded Design Rationale appendix. 195 1.2.3. Changes from -05 to -06 197 o Removed LIST and TOP as possible arguments to the UTF8 tag in the 198 CAPA response. 200 o Clarified that the UTF8 command has no parameters. 202 o Changed "arguments" to "arguments with CAPA tag" to clarify that 203 these are possible arguments to the tag in the CAPA response and 204 not command parameters. 206 o Clarified use of "argument" to refer to CAPA tag and "parameter" 207 to refer to commands. 209 o Clarified that free-form text is non-standard. 211 o Removed open issue (downgrading). 213 o Added discussion of downgrading to Appendix A. 215 o Updated downgrade reference to RFC 5504. 217 o Tweaked RFC 2119 text to satisfy I-D nit checker. 219 1.2.4. Changes from -04 to -05 221 o Downgrading is back to an informative, not normative reference, 222 and is suggested as a good idea but explicitly not required. 224 o Language listing now specifies that the human-readable description 225 of a language is in the language itself. 227 o Updated 2822 reference to 5322, made text "Internet Message 228 Format". 230 o Updated reference to utf8headers draft to RFC5335. 232 o Updated reference to RFC4234 to RFC5234. 234 1.2.5. Changes from -03 to -04 236 o Specified that it is an error to issue STLS after UTF8. 238 o Removed prior open issues. 240 o Downgrading added as open issue. 242 1.2.6. Changes from -02 to -03 244 o Updated references. 246 o Replaced US-ASCII with ASCII. 248 o Added comment to language listing failure example. 250 o Replaced RET8, LST8, and TOP8 commands with a single mode-switch 251 UTF8 command issued before authentication. This simplifies the 252 protocol, and allows servers to optionally down-convert a cache of 253 the maildrop prior to issuing the +OK response entering 254 TRANSACTION state. 256 o Removed most up-conversion material. 258 o Removed definition of up-conversion. 260 o Removed IMAP4 reference. 262 o Added AUTH command to those affected by UTF8 capability. 264 o Removed LST8 and TOP8 capability parameters and commands. 266 o Removed NO-RETR capability. POP servers are now unconditionally 267 required to support down-conversion of UTF8-native maildrops. 269 o Added sentence about modifying authentication code to Security 270 Considerations. 272 o eai-downgrade draft is now normative and required. 274 o Deleted references to RFCs 1341, 1847, 2049, 2183, 3501, 3516, and 275 3490. 277 1.2.7. Changes from -01 to -02 279 o Minor grammatical tweaks. 281 o Add passwords to Abstract. 283 o Removed new editor's name from Acknowledgments. 285 1.2.8. Changes from -00 to -01 287 o Update references 289 1.2.9. Changes from draft-newman-ima-pop 291 o Change title to make this a WG document. 293 o Add LANG command and extension. 295 o Rename RET8 capability to UTF8 and add sub-sections for arguments. 297 o Add TOP8 command. 299 o Add definition of up-conversion and down-conversion. 301 o Some grammar fix-ups and section re-ordering based on RFC editor 302 style. 304 1.3. Open Issues 306 1. none 308 2. LANG Capability 310 Per the POP3 Extension Mechanism [RFC2449], this document adds a new 311 capability response tag to indicate support for a new command: LANG. 312 The capability tag and new command are described below. 314 CAPA tag: 315 LANG 317 Arguments with CAPA tag: 318 none 320 Added Commands: 321 LANG 323 Standard commands affected: 324 All 326 Announced states / possible differences: 327 both / no 329 Commands valid in states: 330 AUTHENTICATION, TRANSACTION 332 Specification reference: 333 this document 335 Discussion: 337 POP3 allows most +OK and -ERR server responses to include human- 338 readable text that in some cases needs to be presented to the user. 339 But that text is limited to ASCII by the POP3 specification 340 [RFC1939]. The LANG capability and command permit a POP3 client to 341 negotiate which language the server should use when sending human- 342 readable text. 344 A server that advertises the LANG extension MUST use the language 345 "i-default" as described in [RFC2277] as its default language until 346 another supported language is negotiated by the client. A server 347 MUST include "i-default" as one of its supported languages. 349 The LANG command requests that human-readable text included in all 350 subsequent +OK and -ERR responses be localized to a language matching 351 the language range argument as described by [RFC4647]. If the 352 command succeeds, the server returns a +OK response followed by a 353 single space, the exact language tag selected, another space, and the 354 rest of the line is human-readable text in the appropriate language. 355 This and subsequent protocol-level human readable text is encoded in 356 the UTF-8 charset. 358 If the command fails, the server returns an -ERR response and 359 subsequent human-readable response text continues to use the language 360 that was previously active (typically i-default). 362 The special "*" language range argument indicates a request to use a 363 language designated as preferred by the server administrator. The 364 preferred language MAY vary based on the currently active user. 366 If no argument is given and the POP3 server issues a positive 367 response, then the response given is multi-line. After the initial 368 +OK, for each language tag the server supports, the POP3 server 369 responds with a line for that language. This line is called a 370 "language listing". 372 In order to simplify parsing, all POP3 servers are required to use a 373 certain format for language listings. A language listing consists of 374 the language tag [RFC4646] of the message, optionally followed by a 375 single space and a human readable description of the language in the 376 language itself, using the UTF-8 charset. 378 Examples: 380 < Note that some examples do not include the correct character 381 accents due to limitations of this document format. > 383 < The server defaults to using English i-default responses until 384 the client explicitly changes the language. > 386 C: USER karen 387 S: +OK Hello, karen 388 C: PASS password 389 S: +OK karen's maildrop contains 2 messages (320 octets) 391 < Client requests deprecated MUL language. Server replies 392 with -ERR response > 394 C: LANG MUL 395 S: -ERR invalid language MUL 397 < A LANG command with no parameters is a request for 398 a language listing. > 400 C: LANG 401 S: +OK Language listing follows: 402 S: en English 403 S: en-boont English Boontling dialect 404 S: de Deutsch 405 S: it Italiano 406 S: es Espanol 407 S: sv Svenska 408 S: i-default Default language 409 S: . 411 < A request for a language listing might fail > 413 C: LANG 414 S: -ERR Server is unable to list languages 416 < Once the client changes the language, all responses will be in 417 that language starting with the response to the LANG command. 419 C: LANG es 420 S: +OK es Idioma cambiado 421 < If a server does not support the requested primary language, 422 responses will continue to be returned in the current language 423 the server is using. > 425 C: LANG uga 426 S: -ERR es Idioma <> no es conocido 428 C: LANG sv 429 S: +OK sv Kommandot "LANG" lyckades 431 C: LANG * 432 S: +OK es Idioma cambiado 434 Examples 436 3. UTF8 Capability 438 Per the POP3 Extension Mechanism [RFC2449], this document adds a new 439 capability response tag to indicate support for new server 440 functionality including a new command, UTF8. The capability tag and 441 new command and functionality are described below. 443 CAPA tag: 444 UTF8 446 Arguments with CAPA tag: 447 USER 449 Added Commands: 450 UTF8 452 Standard commands affected: 453 USER, PASS, APOP, LIST, TOP, RETR 455 Announced states / possible differences: 456 both / no 458 Commands valid in states: 459 AUTHORIZATION 461 Specification reference: 462 this document 464 Discussion: 466 This capability adds the "UTF8" command to POP3. The UTF8 command 467 switches the session from ASCII to UTF8 mode. 469 3.1. The UTF8 Command 471 The UTF8 command enables UTF8 mode. The UTF8 command has no 472 parameters. 474 Maildrops can natively store UTF8 or be limited to ASCII. UTF8 mode 475 has no effect on messages in an ASCII-only maildrop. Messages in 476 native-UTF8 maildrops can be ASCII or UTF8 using internationalized 477 headers [RFC5335] and/or 8bit content-transfer-encoding as defined in 478 MIME section 2.8 [RFC2045]. In UTF8 mode, both UTF8 and ASCII 479 messages are sent to the client as-is (without conversion). When not 480 in UTF8 mode, UTF8 messages in a native UTF8 maildrop MUST be down- 481 converted (downgraded) to comply with unextended POP and Internet 482 Mail Format. POP servers (unlike SMTP and Submit servers) are not 483 required to use Downgrading mechanism for Email Address 484 Internationalization [RFC5504]. 486 Discussion: The main argument against a single required mechanism for 487 downgrade by a POP server is that the only clients that have any use 488 for a standardized downgraded message (because they wish to interpret 489 downgrade headers, for example) are ones that can support UTF8 and 490 hence will issue the UTF8 command in the first place. The counter 491 argument to this is that non-UTF8 clients might be upgraded in the 492 future; it's desirable for an upgraded client to be capable of 493 interpreting prior downgraded messages in the local mail store, which 494 is most likely if the messages were downgraded using one standardized 495 procedure. 497 Therefore, while POP servers are not required to use the Downgrading 498 mechanism for Email Address Internationalization [RFC5504], there are 499 advantages to them doing so. 501 Note that even in UTF8 mode, MIME binary content-transfer-encoding is 502 still not permitted. 504 The octet count (size) of a message reported in a response to the 505 LIST command SHOULD match the actual number of octets sent in a RETR 506 response (not counting byte-stuffing). Sizes reported elsewhere, 507 such as in STAT responses and non-standardized free-form text in 508 positive status indicators (following "+OK") need not be accurate, 509 but it is preferable if they are. 511 Discussion: Mail stores are either ASCII or native UTF-8, and clients 512 either issue the UTF8 command or not. The message needs converting 513 only when it is native UTF8 and the client has not issued the UTF8 514 command, in which case the server must downconvert it. The 515 downconverted message may be larger. The server may choose various 516 strategies regarding downconversion, which include when to 517 downconvert, whether to cache or store the downconverted form of a 518 message (and if so, for how long), and whether to calculate or retain 519 the size of a downconverted message independently of the 520 downconverted content. If the server does not have immediate access 521 to the accurate downconverted size, it may be faster to estimate 522 rather than calculate it. Servers are expected to normally follow 523 the RFC 1939 [RFC1939] text on using the "exact size" in a scan 524 listing, but there may be situations with maildrops containing very 525 large numbers of messages in which this might be a problem. If the 526 server does estimate, reporting a scan listing size smaller than what 527 it turns out to be could be a problem for some clients. In summary, 528 it is better for servers to report accurate sizes, but if not, high 529 guesses are better than small ones. Some POP servers include the 530 message size in the non-standardized text response following "+OK" 531 (the 'text' production of RFC 2449 [RFC2449]), in a RETR or TOP 532 response (possibly because some examples in POP3 [RFC1939] do so). 533 There has been at least one known case of a client relying on this to 534 know when it had received all of the message rather than following 535 the POP3 [RFC1939] rule of looking for a line consisting of a 536 termination octet (".") and a CRLF pair. While any such client is 537 non-compliant, if a server does include the size in such text, it is 538 better if it is accurate. 540 Clients MUST NOT issue the STLS command [RFC2595] after issuing UTF8; 541 servers MAY (but are not required to) enforce this by rejecting with 542 an "-ERR" response an STLS command issued subsequent to a successful 543 UTF8 command. (Because this is a protocol error as opposed to a 544 failure based on conditions, an extended response code [RFC2449] is 545 not specified.) 547 3.2. USER Argument to UTF8 Capability 549 If the USER argument is included with this capability, it indicates 550 that the server accepts UTF-8 user names and passwords. 552 Servers which include the USER argument in the UTF8 capability 553 response SHOULD apply SASLprep [RFC4013] to the arguments of the USER 554 and PASS commands. 556 A client or server that supports APOP and permits UTF-8 in user names 557 or passwords MUST apply SASLprep [RFC4013] to the user name and 558 password used to compute the APOP digest. 560 When applying SASLprep [RFC4013], servers MUST reject UTF-8 user 561 names or passwords which contain a Unicode character listed in 562 section 2.3 of SASLprep [RFC4013]. 564 The client does not need to issue the UTF8 command prior to using 565 UTF8 in authentication. However, clients MUST NOT use UTF8 in USER, 566 PASS, or APOP commands unless the USER argument is included in the 567 UTF8 capability response. 569 The server MUST reject UTF-8 user names or passwords which fail to 570 comply with the formal syntax in UTF-8 [RFC3629]. 572 Use of UTF8 in the AUTH command is governed by the POP3 SASL 573 [RFC5034] mechanism. 575 4. Issues with UTF-8 Header maildrop 577 When a POP3 server uses a UTF8-native maildrop, it is the 578 responsibility of the server to comply with the POP3 base 579 specification [RFC1939] and Internet Message Format [RFC5322] when 580 not in UTF8 mode. Mechanisms for 7-bit downgrading to help comply 581 with the standards are described in Downgrading mechanism for Email 582 Address Internationalization [RFC5504]. 584 5. IANA Considerations 586 This adds two new capabilities ("UTF8" and "LANG") to the POP3 587 capability registry [RFC2449]. 589 6. Security Considerations 591 The security considerations of UTF-8 [RFC3629] and SASLprep [RFC4013] 592 apply to this specification, particularly with respect to use of 593 UTF-8 in user names and passwords. 595 The "LANG *" command can reveal the existence and preferred language 596 of a user to an active attacker probing the system if the active 597 language changes in response to the USER, PASS, or APOP commands 598 prior to validating the user's credentials. Servers MUST implement a 599 configuration to prevent this exposure. 601 It is possible for a man-in-the-middle attacker to insert a LANG 602 command in the command stream thus making protocol-level diagnostic 603 responses unintelligible to the user. A mechanism to integrity 604 protect the session, such as TLS [RFC2595] can be used to defeat such 605 attacks. 607 Modifying server authentication code (in this case, to support UTF8) 608 needs to be done with care to avoid introducing vulnerabilities (for 609 example, in string parsing). 611 The UTF8 Command (Section 3.1) description contains a discussion on 612 reporting inaccurate sizes. An additional risk to doing so is that, 613 if a client allocates buffers based on the reported size, it may 614 overrun the buffer, crash, or have other problems if the message data 615 is larger than reported. 617 7. References 619 7.1. Normative References 621 [RFC1939] Myers, J. and M. Rose, "Post Office Protocol - Version 3", 622 STD 53, RFC 1939, May 1996. 624 [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail 625 Extensions (MIME) Part One: Format of Internet Message 626 Bodies", RFC 2045, November 1996. 628 [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) 629 Part Three: Message Header Extensions for Non-ASCII Text", 630 RFC 2047, November 1996. 632 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 633 Requirement Levels", BCP 14, RFC 2119, March 1997. 635 [RFC2277] Alvestrand, H., "IETF Policy on Character Sets and 636 Languages", BCP 18, RFC 2277, January 1998. 638 [RFC2449] Gellens, R., Newman, C., and L. Lundblade, "POP3 Extension 639 Mechanism", RFC 2449, November 1998. 641 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 642 October 2008. 644 [RFC4646] Phillips, A. and M. Davis, "Tags for Identifying 645 Languages", BCP 47, RFC 4646, September 2006. 647 [RFC4647] Phillips, A. and M. Davis, "Matching of Language Tags", 648 BCP 47, RFC 4647, September 2006. 650 [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 651 10646", STD 63, RFC 3629, November 2003. 653 [RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile for User Names 654 and Passwords", RFC 4013, February 2005. 656 [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax 657 Specifications: ABNF", STD 68, RFC 5234, January 2008. 659 [RFC5335] Abel, Y., "Internationalized Email Headers", RFC 5335, 660 September 2008. 662 7.2. Informative References 664 [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", 665 RFC 2595, June 1999. 667 [RFC5034] Siemborski, R. and A. Menon-Sen, "The Post Office Protocol 668 (POP3) Simple Authentication and Security Layer (SASL) 669 Authentication Mechanism", RFC 5034, July 2007. 671 [RFC5504] Fujiwara, K. and Y. Yoneya, "Downgrading Mechanism for 672 Email Address Internationalization", RFC 5504, March 2009. 674 Appendix A. Design Rationale 676 This non-normative section discusses the reasons behind some of the 677 design choices in the above specification. 679 Having servers perform up-conversion so that, at a minimum, RFC2047- 680 encoded words are decoded into UTF8 is tempting, since this is an 681 area that clients often fail to correctly implement. However, after 682 much discussion the group felt that the benefits did not justify the 683 burden. 685 Due to interoperability problems with RFC 2047 and limited deployment 686 of RFC 2231, it is hoped these 7-bit encoding mechanisms can be 687 deprecated in the future when UTF-8 header support becomes prevalent. 689 USER is optional because the implementation burden of SASLprep 690 [RFC4013] is not well understood and mandating such support in all 691 cases could negatively impact deployment. 693 While it is possible to provide useful examples for language 694 negotiation without support for non-ASCII characters, it is difficult 695 to provide useful examples for commands specifically designed to use 696 the UTF-8 charset un-encoded when the document format is limited to 697 ASCII. As a result, there are no plans to provide examples for that 698 part of the specification as long as this remains an experimental 699 proposal. However, implementers of this specification are encouraged 700 to provide examples to the document author for a future revision. 702 While down-conversion of native-UTF8 messages is mandatory in the 703 absence of the UTF8 command, servers are not required to do so as 704 specified in Downgrading Mechanism [RFC5504]. As clients are 705 upgraded with UTF8 support and the ability to intelligently handle 706 (e.g., display and reply to) UTF8 messages that were downgraded in 707 transit, it is better if they are also able to handle messages in the 708 local mail store that were downgraded by the POP server. This is 709 more likely if the POP server downgrades messages using the same 710 mechanism as an SMTP server. 712 Appendix B. Acknowledgments 714 Thanks to John Klensin, Tony Hansen and other EAI working group 715 participants who provided helpful suggestions and interesting debate 716 that improved this specification. 718 Authors' Addresses 720 Randall Gellens 721 QUALCOMM Incorporated 722 5775 Morehouse Drive 723 San Diego, CA 92651 724 US 726 Email: rg+ietf@qualcomm.com 728 Chris Newman 729 Sun Microsystems 730 800 Royal Oaks 731 Monrovia, CA 91016-6347 732 US 734 Email: chris.newman@sun.com