idnits 2.17.1 draft-ietf-eai-rfc5721bis-08.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- -- The draft header indicates that this document obsoletes RFC5721, but the abstract doesn't seem to mention this, which it should. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year == The document seems to contain a disclaimer for pre-RFC5378 work, but was first submitted on or after 10 November 2008. The disclaimer is usually necessary only for documents that revise or obsolete older RFCs, and that take significant amounts of text from those RFCs. If you can contact all authors of the source material and they are willing to grant the BCP78 rights to the IETF Trust, you can and should remove the disclaimer. Otherwise, the disclaimer is needed and you can ignore this comment. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (October 22, 2012) is 4194 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: 'RFC2047' is defined on line 527, but no explicit reference was found in the text == Outdated reference: A later version (-12) exists of draft-ietf-eai-5738bis-03 ** Obsolete normative reference: RFC 3454 (Obsoleted by RFC 7564) ** Obsolete normative reference: RFC 4013 (Obsoleted by RFC 7613) -- Obsolete informational reference (is this intentional?): RFC 5721 (Obsoleted by RFC 6856) Summary: 2 errors (**), 0 flaws (~~), 4 warnings (==), 3 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group R. Gellens 3 Internet-Draft QUALCOMM Incorporated 4 Obsoletes: 5721 (if approved) C. Newman 5 Intended status: Standards Track Oracle 6 Expires: April 25, 2013 J. Yao 7 CNNIC 8 K. Fujiwara 9 JPRS 10 October 22, 2012 12 POP3 Support for UTF-8 13 draft-ietf-eai-rfc5721bis-08.txt 15 Abstract 17 This specification extends the Post Office Protocol version 3 (POP3) 18 to support UTF-8 encoded international string in user names, 19 passwords, mail addresses, message headers, and protocol-level 20 textual strings. 22 Status of This Memo 24 This Internet-Draft is submitted in full conformance with the 25 provisions of BCP 78 and BCP 79. 27 Internet-Drafts are working documents of the Internet Engineering 28 Task Force (IETF). Note that other groups may also distribute 29 working documents as Internet-Drafts. The list of current Internet- 30 Drafts is at http://datatracker.ietf.org/drafts/current/. 32 Internet-Drafts are draft documents valid for a maximum of six months 33 and may be updated, replaced, or obsoleted by other documents at any 34 time. It is inappropriate to use Internet-Drafts as reference 35 material or to cite them other than as "work in progress." 37 This Internet-Draft will expire on April 25, 2013. 39 Copyright Notice 41 Copyright (c) 2012 IETF Trust and the persons identified as the 42 document authors. All rights reserved. 44 This document is subject to BCP 78 and the IETF Trust's Legal 45 Provisions Relating to IETF Documents 46 (http://trustee.ietf.org/license-info) in effect on the date of 47 publication of this document. Please review these documents 48 carefully, as they describe your rights and restrictions with respect 49 to this document. Code Components extracted from this document must 50 include Simplified BSD License text as described in Section 4.e of 51 the Trust Legal Provisions and are provided without warranty as 52 described in the Simplified BSD License. 54 This document may contain material from IETF Documents or IETF 55 Contributions published or made publicly available before November 56 10, 2008. The person(s) controlling the copyright in some of this 57 material may not have granted the IETF Trust the right to allow 58 modifications of such material outside the IETF Standards Process. 59 Without obtaining an adequate license from the person(s) controlling 60 the copyright in such materials, this document may not be modified 61 outside the IETF Standards Process, and derivative works of it may 62 not be created outside the IETF Standards Process, except to format 63 it for publication as an RFC or to translate it into languages other 64 than English. 66 Table of Contents 68 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 69 1.1. Conventions Used in This Document . . . . . . . . . . . . 3 70 2. UTF8 Capability . . . . . . . . . . . . . . . . . . . . . . . 4 71 2.1. The UTF8 Command . . . . . . . . . . . . . . . . . . . . . 4 72 2.2. USER Argument to UTF8 Capability . . . . . . . . . . . . . 6 73 3. LANG Capability . . . . . . . . . . . . . . . . . . . . . . . 6 74 4. Non-ASCII character Maildrops . . . . . . . . . . . . . . . . 9 75 5. UTF8 Response Code . . . . . . . . . . . . . . . . . . . . . . 9 76 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 77 7. Security Considerations . . . . . . . . . . . . . . . . . . . 10 78 8. Change History . . . . . . . . . . . . . . . . . . . . . . . . 10 79 8.1. draft-ietf-eai-rfc5721bis: Version 00 . . . . . . . . . . 10 80 8.2. draft-ietf-eai-rfc5721bis: Version 01 . . . . . . . . . . 10 81 8.3. draft-ietf-eai-rfc5721bis: Version 02 . . . . . . . . . . 11 82 8.4. draft-ietf-eai-rfc5721bis: Version 03 . . . . . . . . . . 11 83 8.5. draft-ietf-eai-rfc5721bis: Version 04 . . . . . . . . . . 11 84 8.6. draft-ietf-eai-rfc5721bis: Version 05 . . . . . . . . . . 11 85 8.7. draft-ietf-eai-rfc5721bis: Version 06 . . . . . . . . . . 11 86 8.8. draft-ietf-eai-rfc5721bis: Version 07 . . . . . . . . . . 11 87 8.9. draft-ietf-eai-rfc5721bis: Version 08 . . . . . . . . . . 11 88 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 11 89 9.1. Normative References . . . . . . . . . . . . . . . . . . . 11 90 9.2. Informative References . . . . . . . . . . . . . . . . . . 13 91 Appendix A. Design Rationale . . . . . . . . . . . . . . . . . . 13 92 Appendix B. Acknowledgments . . . . . . . . . . . . . . . . . . . 13 94 1. Introduction 96 This document forms part of the Email Address Internationalization 97 protocols described in the Email Address Internationalization 98 Framework document [RFC6530]. As part of the overall Email Address 99 Internationalization work, email messages could be transmitted and 100 delivered containing Unicode string encoded in UTF-8 in the header 101 and/or body, and maildrops that are accessed using POP3 [RFC1939] 102 might natively store UTF-8. 104 This specification extends POP3 [RFC1939] using the POP3 extension 105 mechanism [RFC2449] to permit un-encoded UTF-8 [RFC3629] in headers, 106 and bodies (e.g., transferred using 8-bit Content Transfer Encoding) 107 as described in "Internationalized Email Headers" [RFC6532]. It also 108 adds a mechanism to support login names and passwords containing 109 UTF-8 string and a mechanism to support UTF-8 string in protocol 110 level response strings as well as the ability to negotiate a language 111 for such response strings. 113 This specification also adds a new response code to indicate that a 114 message was not delivered because it required UTF-8 mode discussed in 115 section 2 and the server was unable or unwilling to create and 116 deliver a variant form of the message as discussed in Section 7 of 117 [I-D.ietf-eai-5738bis]. 119 This specification replaces an earlier, experimental, approach to the 120 same problem RFC 5721 [RFC5721]. 122 1.1. Conventions Used in This Document 124 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 125 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 126 document are to be interpreted as described in "Key words for use in 127 RFCs to Indicate Requirement Levels" [RFC2119]. 129 The terms "UTF-8 string" or "UTF-8 character" are used to refer to 130 Unicode characters, which may or may not be members of the ASCII 131 subset, in UTF-8 RFC3629 [RFC3629], a standard Unicode Encoding Form. 132 All other specialized terms used in this specification are defined in 133 the Email Address Internationalization framework document. 135 In examples, "C:" and "S:" indicate lines sent by the client and 136 server, respectively. If a single "C:" or "S:" label applies to 137 multiple lines, then the line breaks between those lines are for 138 editorial clarity only and are not part of the actual protocol 139 exchange. 141 Note that examples always use ASCII characters due to limitations of 142 this document format; otherwise, some examples for the "LANG" command 143 may appear incorrectly. 145 2. UTF8 Capability 147 This specification adds a new POP3 Extension [RFC2449] capability 148 response tag and command to specify support for header field 149 information in UTF-8 rather than only ASCII. The capability tag and 150 new command and functionality are described below. 152 CAPA tag: 153 UTF8 155 Arguments with CAPA tag: 156 USER 158 Added Commands: 159 UTF8 161 Standard commands affected: 162 USER, PASS, APOP, LIST, TOP, RETR 164 Announced states / possible differences: 165 both / no 167 Commands valid in states: 168 AUTHORIZATION 170 Specification reference: 171 this document 173 Discussion: 175 This capability adds the "UTF8" command to POP3. The UTF8 command 176 switches the session from the ASCII-only mode of RFC 1939 to UTF-8 177 mode. The UTF-8 mode means that, all messages transmitted between 178 servers and clients are UTF-8 strings, and both servers and clients 179 can send and accept UTF-8 string. 181 2.1. The UTF8 Command 183 The UTF8 command enables UTF-8 mode. The UTF8 command has no 184 parameters. 186 UTF-8 mode has no effect on messages in an ASCII-only maildrop. 187 Messages in native UTF-8 maildrops can be encoded either in UTF-8 188 using internationalized headers [RFC6532] and/or 8bit content- 189 transfer-encoding (see MIME Section 2.8 [RFC2045]), or in ASCII. The 190 message at maildrops can be encoded in ASCII, UTF-8, or something 191 else. In UTF-8 mode, if the character encoding format of maildrops 192 is UTF-8 or ASCII, the messages are sent to the client as-is; if the 193 character encoding format of maildrops is format other than UTF-8 or 194 ASCII, the messages' encoding format SHOULD be converted to be UTF-8 195 before they are sent to the client. When UTF-8 mode has not been 196 enabled, non-ASCII strings MUST NOT be sent to the client as-is. If 197 a client requests a UTF-8 message when UTF-8 mode is not enabled, the 198 server MUST either send the client a surrogate message that complies 199 with unextended POP and Internet Mail Format without UTF-8 mode 200 support, or fail the request with a -ERR response. See 201 [I-D.ietf-eai-5738bis], Section 7, for information about creating a 202 surrogate message, and for a discussion of potential issues. Section 203 5 of this document discusses UTF8 response codes. The server MAY 204 respond to the UTF8 command with an -ERR response. 206 Note that even in UTF-8 mode, MIME binary content-transfer-encoding 207 as defined in MIME Section 6.2 [RFC2045] is still not permitted. 208 MIME 8bit content-transfer-encoding (8BITMIME) [RFC6152] is obviously 209 allowed. 211 The octet count (size) of a message reported in a response to the 212 LIST command SHOULD match the actual number of octets sent in a RETR 213 response (not counting byte-stuffing). Sizes reported elsewhere, 214 such as in STAT responses and non-standardized, free-form text in 215 positive status indicators (following "+OK") need not be accurate, 216 but it is preferable if they were. 218 Normal operation for maildrops that natively support non-ASCII 219 characters will be for both servers and clients to support the 220 extension discussed in this specification. Upgrading of both clients 221 and servers is the only fully satisfactory way to support the 222 capabilities offered by the "UTF8" extension and SMTPUTF8 mail more 223 generally. Servers must, however, anticipate the possibility of a 224 client attempting to access a message that requires this extension 225 without having issued the "UTF8" command. There are no completely 226 satisfactory responses for that case other than upgrading the client 227 to support this specification. One solution, unsatisfactory because 228 the user may be confused by being able to access the message through 229 some means and not others, is that a server MAY choose to reject the 230 command to retrieve the message as discussed in Section 5. Other 231 alternatives, including the possibility of creating and delivering 232 variant form of the message, are discussed in Section 7 of 233 [I-D.ietf-eai-5738bis]. 235 Clients MUST NOT issue the STLS command [RFC2595] after issuing UTF8; 236 servers MAY (but are not required to) enforce this by rejecting with 237 an "-ERR" response an STLS command issued subsequent to a successful 238 UTF8 command. (Because this is a protocol error as opposed to a 239 failure based on conditions, an extended response code [RFC2449] is 240 not specified.) 242 2.2. USER Argument to UTF8 Capability 244 If the USER argument is included with this capability, it indicates 245 that the server accepts UTF-8 user names and passwords. 247 Servers that include the USER argument in the UTF8 capability 248 response SHOULD apply SASLprep [RFC4013] or one of its standards- 249 track successors to the arguments of the USER and PASS commands. 251 A client or server that supports APOP and permits UTF-8 in user names 252 or passwords MUST apply SASLprep [RFC4013] or one of its standards- 253 track successors to the user name and password used to compute the 254 APOP digest. 256 When applying SASLprep [RFC4013], servers MUST reject UTF-8 user 257 names or passwords that contain a UTF-8 character listed in Section 258 2.3 of SASLprep. When applying SASLprep to the USER argument, the 259 PASS argument, or the APOP username argument, a compliant server or 260 client MUST treat them as a query string [RFC3454]. When applying 261 SASLprep to the APOP password argument, a compliant server or client 262 MUST treat them as a stored string [RFC3454]. 264 The client does not need to issue the UTF8 command prior to using 265 UTF-8 in authentication. However, clients MUST NOT use UTF-8 string 266 in USER, PASS, or APOP commands unless the USER argument is included 267 in the UTF8 capability response. 269 The server MUST reject UTF-8 user names or passwords that fail to 270 comply with the formal syntax in UTF-8 [RFC3629]. 272 Use of UTF-8 string in the AUTH command is governed by the POP3 SASL 273 [RFC5034] mechanism. 275 3. LANG Capability 277 This document adds a new POP3 Extension [RFC2449] capability response 278 tag to indicate support for a new command: LANG. The capability tag 279 and new command are described below. 281 CAPA tag: 282 LANG 284 Arguments with CAPA tag: 285 none 287 Added Commands: 288 LANG 290 Standard commands affected: 291 All 293 Announced states / possible differences: 294 both / no 296 Commands valid in states: 297 AUTHORIZATION, TRANSACTION 299 Specification reference: 300 this document 302 Discussion: 304 POP3 allows most +OK and -ERR server responses to include human- 305 readable text that, in some cases, might be presented to the user. 306 But that text is limited to ASCII by the POP3 specification 307 [RFC1939]. The LANG capability and command permit a POP3 client to 308 negotiate which language the server uses when sending human-readable 309 text. 311 The LANG command requests that human-readable text included in all 312 subsequent +OK and -ERR responses be localized to a language matching 313 the language range argument (the "Basic Language Range" as described 314 by [RFC4647]). If the command succeeds, the server returns a +OK 315 response followed by a single space, the exact language tag selected, 316 another space. Human-readable text in the appropriate language then 317 appears in the rest of the line. This and subsequent protocol-level 318 human-readable text is encoded in the UTF-8 charset. 320 If the command fails, the server returns an -ERR response and 321 subsequent human-readable response text continues to use the language 322 that was previously used. 324 If the client issues a LANG command with the special "*" language 325 range argument, it indicates a request to use a language designated 326 as preferred by the server administrator. The preferred language MAY 327 vary based on the currently active user. 329 If no argument is given and the POP3 server issues a positive 330 response, that response will usually consist of multi-lines. After 331 the initial +OK, for each language tag the server supports, the POP3 332 server responds with a line for that language. This line is called a 333 "language listing". 335 In order to simplify parsing, all POP3 servers are required to use a 336 certain format for language listings. A language listing consists of 337 the language tag [RFC5646] of the message, optionally followed by a 338 single space and a human-readable description of the language in the 339 language itself, using the UTF-8 charset. There are no specific 340 listing order of languages, which may depend on configuration or 341 implementation. 343 Examples: 345 Note that some examples do not include the correct character 346 accents due to limitations of this document format. 348 C: USER karen 349 S: +OK Hello, karen 350 C: PASS password 351 S: +OK karen's maildrop contains 2 messages (320 octets) 353 Client requests deprecated MUL language. Server replies 354 with -ERR response. 356 C: LANG MUL 357 S: -ERR invalid language MUL 359 A LANG command with no parameters is a request for 360 a language listing. 362 C: LANG 363 S: +OK Language listing follows: 364 S: en English 365 S: en-boont English Boontling dialect 366 S: de Deutsch 367 S: it Italiano 368 S: es Espanol 369 S: sv Svenska 370 S: . 372 A request for a language listing might fail. 374 C: LANG 375 S: -ERR Server is unable to list languages 377 Once the client selects the language, all responses will be in 378 that language, starting with the response to the LANG command. 380 C: LANG es 381 S: +OK es Idioma cambiado 383 If a server returns an -ERR response to a LANG command 384 that specifies a primary language, the current language 385 for responses remains in effect. 387 C: LANG uga 388 S: -ERR es Idioma <> no es conocido 390 C: LANG sv 391 S: +OK sv Kommandot "LANG" lyckades 393 C: LANG * 394 S: +OK es Idioma cambiado 396 4. Non-ASCII character Maildrops 398 When a POP3 server uses a native non-ASCII character maildrop, it is 399 the responsibility of the server to comply with the POP3 base 400 specification [RFC1939] and Internet Message Format [RFC5322] when 401 not in UTF-8 mode. When the server is not in UTF-8 mode and the 402 message requires that mode, requests to download the message MAY be 403 rejected (as specified in the next section) or the various other 404 alternatives outlined in Section 2.1 above, including creation and 405 delivery of variations on the original message, MAY be considered. 407 5. UTF8 Response Code 409 Per "POP3 Extension Mechanism" [RFC2449], this document adds a new 410 response code: UTF8, described below. 412 Complete response code: 413 UTF8 415 Valid for responses: 416 -ERR 418 Valid for commands: 419 LIST, TOP, RETR 421 Response code meaning and expected client behavior: 423 The UTF8 response code indicates that a failure is due to a request 424 when not in UTF-8 mode for message content containing UTF-8 string. 426 The client MAY reissue the command after entering UTF-8 mode. 428 6. IANA Considerations 430 Section 2 and 3 of this specification update two capabilities ("UTF8" 431 and "LANG") to the POP3 capability registry [RFC2449]. 433 Section 5 of this specification also adds one new response code 434 ("UTF8") to the POP3 response codes registry [RFC2449]. 436 7. Security Considerations 438 The security considerations of UTF-8 [RFC3629], SASLprep [RFC4013] 439 and Unicode Format for Network Interchange [RFC5198] apply to this 440 specification, particularly with respect to use of UTF-8 in user 441 names and passwords. 443 The "LANG *" command might reveal the existence and preferred 444 language of a user to an active attacker probing the system if the 445 active language changes in response to the USER, PASS, or APOP 446 commands prior to validating the user's credentials. Servers are 447 strongly advised to implement a configuration to prevent this 448 exposure. 450 It is possible for a man-in-the-middle attacker to insert a LANG 451 command in the command stream, thus making protocol-level diagnostic 452 responses unintelligible to the user. A mechanism to protect the 453 integrity of the session can be used to defeat such attacks. For 454 example, a client can issue the STLS command [RFC2595] before issuing 455 the LANG command. 457 As with other internationalization upgrades, modifications to server 458 authentication code (in this case, to support non-ASCII strings) 459 needs to be done with care to avoid introducing vulnerabilities (for 460 example, in string parsing or matching). This is particularly 461 important if the native databases or mailstore of the operating 462 system use some character set or encoding other than Unicode in 463 UTF-8. 465 8. Change History 467 8.1. draft-ietf-eai-rfc5721bis: Version 00 469 following the new charter 471 8.2. draft-ietf-eai-rfc5721bis: Version 01 473 refine the texts 475 8.3. draft-ietf-eai-rfc5721bis: Version 02 477 update the texts based on Joseph's comments 479 8.4. draft-ietf-eai-rfc5721bis: Version 03 481 improve the texts 483 text instructing servers to either downconvert or reject 485 new UTF-8 response code for use 487 8.5. draft-ietf-eai-rfc5721bis: Version 04 489 improve the texts 491 8.6. draft-ietf-eai-rfc5721bis: Version 05 493 updated according to jabber interim meeting result 495 updated according to john and apparea's review comments 497 8.7. draft-ietf-eai-rfc5721bis: Version 06 499 improve the texts, updated section 3.2 to provide for SASL successor 500 specs. 502 8.8. draft-ietf-eai-rfc5721bis: Version 07 504 updated according to John's comments 506 8.9. draft-ietf-eai-rfc5721bis: Version 08 508 improve the texts 510 9. References 512 9.1. Normative References 514 [I-D.ietf-eai-5738bis] Resnick, P., Newman, C., and S. Shen, "IMAP 515 Support for UTF-8", draft-ietf-eai-5738bis-03 516 (work in progress), December 2011. 518 [RFC1939] Myers, J. and M. Rose, "Post Office Protocol 519 - Version 3", STD 53, RFC 1939, May 1996. 521 [RFC2045] Freed, N. and N. Borenstein, "Multipurpose 522 Internet Mail Extensions (MIME) Part One: 524 Format of Internet Message Bodies", RFC 2045, 525 November 1996. 527 [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail 528 Extensions) Part Three: Message Header 529 Extensions for Non-ASCII Text", RFC 2047, 530 November 1996. 532 [RFC2119] Bradner, S., "Key words for use in RFCs to 533 Indicate Requirement Levels", BCP 14, 534 RFC 2119, March 1997. 536 [RFC2449] Gellens, R., Newman, C., and L. Lundblade, 537 "POP3 Extension Mechanism", RFC 2449, 538 November 1998. 540 [RFC3454] Hoffman, P. and M. Blanchet, "Preparation of 541 Internationalized Strings ("stringprep")", 542 RFC 3454, December 2002. 544 [RFC3629] Yergeau, F., "UTF-8, a transformation format 545 of ISO 10646", STD 63, RFC 3629, 546 November 2003. 548 [RFC4013] Zeilenga, K., "SASLprep: Stringprep Profile 549 for User Names and Passwords", RFC 4013, 550 February 2005. 552 [RFC4647] Phillips, A. and M. Davis, "Matching of 553 Language Tags", BCP 47, RFC 4647, 554 September 2006. 556 [RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format 557 for Network Interchange", RFC 5198, 558 March 2008. 560 [RFC5322] Resnick, P., Ed., "Internet Message Format", 561 RFC 5322, October 2008. 563 [RFC5646] Phillips, A. and M. Davis, "Tags for 564 Identifying Languages", BCP 47, RFC 5646, 565 September 2009. 567 [RFC6152] Klensin, J., Freed, N., Rose, M., and D. 568 Crocker, "SMTP Service Extension for 8-bit 569 MIME Transport", STD 71, RFC 6152, 570 March 2011. 572 [RFC6530] Klensin, J. and Y. Ko, "Overview and 573 Framework for Internationalized Email", 574 RFC 6530, February 2012. 576 [RFC6532] Yang, A., Steele, S., and N. Freed, 577 "Internationalized Email Headers", RFC 6532, 578 February 2012. 580 9.2. Informative References 582 [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and 583 ACAP", RFC 2595, June 1999. 585 [RFC5034] Siemborski, R. and A. Menon-Sen, "The Post 586 Office Protocol (POP3) Simple Authentication 587 and Security Layer (SASL) Authentication 588 Mechanism", RFC 5034, July 2007. 590 [RFC5721] Gellens, R. and C. Newman, "POP3 Support for 591 UTF-8", RFC 5721, February 2010. 593 Appendix A. Design Rationale 595 This non-normative section discusses the reasons behind some of the 596 design choices in the above specification. 598 Due to interoperability problems with RFC 2047 and limited deployment 599 of RFC 2231, it is hoped these 7-bit encoding mechanisms can be 600 deprecated in the future when UTF-8 header support becomes prevalent. 602 The USER capability (Section 2.2) and hence the upgraded USER command 603 and additional support for non-ASCII credentials, are optional 604 because the implementation burden of SASLprep [RFC4013] is not well 605 understood, and mandating such support in all cases could negatively 606 impact deployment. 608 Appendix B. Acknowledgments 610 Thanks to John Klensin, Joseph Yee, Tony Hansen, Alexey Melnikov and 611 other Email Address Internationalization working group participants 612 who provided helpful suggestions and interesting debate that improved 613 this specification. 615 Authors' Addresses 617 Randall Gellens 618 QUALCOMM Incorporated 619 5775 Morehouse Drive 620 San Diego, CA 92651 621 US 623 EMail: rg+ietf@qualcomm.com 625 Chris Newman 626 Oracle 627 800 Royal Oaks 628 Monrovia, CA 91016-6347 629 US 631 EMail: chris.newman@oracle.com 633 Jiankang YAO 634 CNNIC 635 No.4 South 4th Street, Zhongguancun 636 Beijing 638 Phone: +86 10 58813007 639 EMail: yaojk@cnnic.cn 641 Kazunori Fujiwara 642 Japan Registry Services Co., Ltd. 643 Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda 644 Tokyo 646 Phone: +81 3 5215 8451 647 EMail: fujiwara@jprs.co.jp