idnits 2.17.1 draft-ietf-jmap-mdn-17.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- No issues found here. Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- No issues found here. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the IETF Trust and authors Copyright Line does not match the current year -- The document date (January 28, 2021) is 1155 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) No issues found here. Summary: 0 errors (**), 0 flaws (~~), 1 warning (==), 1 comment (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 JMAP R. Ouazana, Ed. 3 Internet-Draft Linagora 4 Intended status: Standards Track January 28, 2021 5 Expires: August 1, 2021 7 Handling Message Disposition Notification with JMAP 8 draft-ietf-jmap-mdn-17 10 Abstract 12 This document specifies a data model for handling Message Disposition 13 Notifications (MDNs, RFC 8098) in the JSON Meta Application Protocol 14 (JMAP, RFCs 8620 and 8621). 16 Status of This Memo 18 This Internet-Draft is submitted in full conformance with the 19 provisions of BCP 78 and BCP 79. 21 Internet-Drafts are working documents of the Internet Engineering 22 Task Force (IETF). Note that other groups may also distribute 23 working documents as Internet-Drafts. The list of current Internet- 24 Drafts is at https://datatracker.ietf.org/drafts/current/. 26 Internet-Drafts are draft documents valid for a maximum of six months 27 and may be updated, replaced, or obsoleted by other documents at any 28 time. It is inappropriate to use Internet-Drafts as reference 29 material or to cite them other than as "work in progress." 31 This Internet-Draft will expire on August 1, 2021. 33 Copyright Notice 35 Copyright (c) 2021 IETF Trust and the persons identified as the 36 document authors. All rights reserved. 38 This document is subject to BCP 78 and the IETF Trust's Legal 39 Provisions Relating to IETF Documents 40 (https://trustee.ietf.org/license-info) in effect on the date of 41 publication of this document. Please review these documents 42 carefully, as they describe your rights and restrictions with respect 43 to this document. Code Components extracted from this document must 44 include Simplified BSD License text as described in Section 4.e of 45 the Trust Legal Provisions and are provided without warranty as 46 described in the Simplified BSD License. 48 Table of Contents 50 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 51 1.1. Notational conventions . . . . . . . . . . . . . . . . . 3 52 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 53 1.3. Addition to the capabilities object . . . . . . . . . . . 3 54 2. MDN . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 55 2.1. MDN/send . . . . . . . . . . . . . . . . . . . . . . . . 5 56 2.2. MDN/parse . . . . . . . . . . . . . . . . . . . . . . . . 7 57 3. Samples . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 58 3.1. Sending an MDN for a received email message . . . . . . . 8 59 3.2. Asking for MDN when sending an email message . . . . . . 9 60 3.3. Parsing a received MDN . . . . . . . . . . . . . . . . . 10 61 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 62 4.1. JMAP Capability Registration for "mdn" . . . . . . . . . 11 63 4.2. JMAP Error Codes Registry . . . . . . . . . . . . . . . . 12 64 5. Security considerations . . . . . . . . . . . . . . . . . . . 12 65 6. Normative References . . . . . . . . . . . . . . . . . . . . 12 66 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 68 1. Introduction 70 JMAP ([RFC8620] - JSON Meta Application Protocol) is a generic 71 protocol for synchronising data, such as mail, calendars or contacts, 72 between a client and a server. It is optimised for mobile and web 73 environments, and provides a consistent interface to different data 74 types. 76 JMAP for Mail ([RFC8621] - The JSON Meta Application Protocol (JMAP) 77 for Mail) specifies a data model for synchronising email data with a 78 server using JMAP. Clients can use this to efficiently search, 79 access, organise, and send messages. 81 Message Disposition Notifications (MDNs) are defined in [RFC8098] and 82 are used as "read receipts", "acknowledgements", or "receipt 83 notifications". 85 A client can come across MDNs in different ways: 87 1. When receiving an email message, an MDN can be sent to the 88 sender. This specification defines an MDN/send method to cover 89 this case. 91 2. When sending an email message, an MDN can be requested. This 92 must be done with the help of a header field, and is already 93 specified by [RFC8098] and can already be handled by [RFC8621] 94 this way. 96 3. When receiving an MDN, the MDN could be related to an existing 97 sent message. This is already covered by [RFC8621] in the 98 EmailSubmission object. A client might want to display detailed 99 information about a received MDN. This specification defines an 100 MDN/parse method to cover this case. 102 1.1. Notational conventions 104 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 105 "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and 106 "OPTIONAL" in this document are to be interpreted as described in BCP 107 14 [RFC2119] [RFC8174] when, and only when, they appear in all 108 capitals, as shown here. 110 Type signatures, examples and property descriptions in this document 111 follow the conventions established in section 1.1 of [RFC8620]. Data 112 types defined in the core specification are also used in this 113 document. 115 Servers MUST support all properties specified for the new data types 116 defined in this document. 118 1.2. Terminology 120 The same terminology is used in this document as in the core JMAP 121 specification. 123 Because keywords are case-insensitive in IMAP but case-sensitive in 124 JMAP, the "$mdnsent" keyword MUST always be used in lowercase. 126 1.3. Addition to the capabilities object 128 Capabilities are announced as part of the standard JMAP Session 129 resource; see [RFC8620], section 2. This defines a new capability, 130 "urn:ietf:params:jmap:mdn". 132 The capability "urn:ietf:params:jmap:mdn" being present in the 133 "accountCapabilities" property of an account represents support for 134 the "MDN" data type, parsing MDNs via the "MDN/parse" method, and 135 creating and sending MDN messages via the "MDN/send" method. Servers 136 that include the capability in one or more "accountCapabilities" 137 properties MUST also include the property in the "capabilities" 138 property. 140 The value of this "urn:ietf:params:jmap:mdn" property is an empty 141 object both in the account's "accountCapabilities" property and in 142 the "capabilities" property. 144 2. MDN 146 An *MDN* object has the following properties: 148 o forEmailId: "Id|null" Email id of the received message this MDN is 149 relative to. This property MUST NOT be null for "MDN/send", but 150 MAY be null in the response from the "MDN/parse" method. 152 o subject: "String|null" Subject used as "Subject" header field for 153 this MDN. 155 o textBody: "String|null" Human readable part of the MDN, as plain 156 text. 158 o includeOriginalMessage: "Boolean" (default: false). If "true", 159 the content of the original message will appear in the third 160 component of the multipart/report generated for the MDN. See 161 [RFC8098] for details and security considerations. 163 o reportingUA: "String|null" Name of the MUA creating this MDN. It 164 is used to build the MDN Report part of the MDN. Note that a 165 "null" value may have better privacy properties. 167 o disposition: "Disposition" Object containing the diverse MDN 168 disposition options. 170 o mdnGateway: "String|null" (server-set) Name of the gateway or MTA 171 that translated a foreign (non-Internet) message disposition 172 notification into this MDN. 174 o originalRecipient: "String|null" (server-set) Original recipient 175 address as specified by the sender of the message for which the 176 MDN is being issued. 178 o finalRecipient: "String|null" Recipient for which the MDN is being 179 issued. If set, it overrides the value that would be calculated 180 by the server from the Identity defined in the "MDN/Send" method, 181 unless explicitly set by the client. 183 o originalMessageId: "String|null" (server-set) Message-ID (the 184 [RFC5322] header field, not the JMAP id) of the message for which 185 the MDN is being issued. 187 o error: "String[]|null" (server-set) Additional information in the 188 form of text messages when the "error" disposition modifier 189 appears. 191 o extensionFields: "String[String]|null" Object where keys are 192 extension-field names and values are extension-field values (see 193 [RFC8098] Section 3.3). 195 A *Disposition* object has the following properties: 197 o actionMode: "String" This MUST be one of the following strings: 198 "manual-action" / "automatic-action" 200 o sendingMode: "String" This MUST be one of the following strings: 201 "mdn-sent-manually" / "mdn-sent-automatically" 203 o type: "String" This MUST be one of the following strings: 204 "deleted" / "dispatched" / "displayed" / "processed" 206 See [RFC8098] for the exact meaning of these different fields. These 207 fields are defined case insensitive in [RFC8098] but are case 208 sensitive in this RFC and MUST be converted to lowercase by "MDN/ 209 parse". 211 2.1. MDN/send 213 The MDN/send method sends an [RFC5322] message from an MDN object. 214 When calling this method the "using" property of the Request object 215 MUST contain the capabilities "urn:ietf:params:jmap:mdn" and 216 "urn:ietf:params:jmap:mail"; the latter because of the implicit call 217 to Email/set and the use of Identities, described below. The method 218 takes the following arguments: 220 o accountId: "Id" The id of the account to use. 222 o identityId: "Id" The id of the Identity to associate with these 223 MDNs. The server will use this identity to define the sender of 224 the MDNs and to set the finalRecipient field. 226 o send: "Id[MDN]" A map of creation id (client specified) to MDN 227 objects. 229 o onSuccessUpdateEmail: "Id[PatchObject]|null" A map of id to an 230 object containing properties to update on the Email object 231 referenced by the "MDN/send" if the sending succeeds. This will 232 always be a backward reference to the creation id (see example 233 below in Section 3.1). 235 The response has the following arguments: 237 o accountId: "Id" The id of the account used for the call. 239 o sent: "Id[MDN]|null" A map of creation id to MDN containing any 240 properties that were not set by the client. This includes any 241 properties that were omitted by the client and thus set to a 242 default by the server. This argument is null if no MDN objects 243 were successfully sent. 245 o notSent: "Id[SetError]|null" A map of the creation id to a 246 SetError object for each record that failed to be sent, or null if 247 all successful. 249 In this context, the existing SetError types defined in [RFC8620] and 250 [RFC8621] are interpreted as follows: 252 o notFound: The reference Email id cannot be found, or has no valid 253 "Disposition-Notification-To" header field. 255 o forbidden: MDN/send would violate an ACL or other permissions 256 policy. 258 o forbiddenFrom: The user is not allowed to use the given 259 finalRecipient property. 261 o overQuota: MDN/send would exceed a server-defined limit on the 262 number or total size of sent MDNs. It could include limitations 263 on sent messages. 265 o tooLarge: MDN/send would result in an MDN that exceeds a server- 266 defined limit for the maximum size of an MDN, or more generally on 267 email message. 269 o rateLimit: Too many MDNs or email messages have been created 270 recently, and a server-defined rate limit has been reached. It 271 may work if tried again later. 273 o invalidProperties: The record given is invalid in some way. 275 The following is a new SetError: 277 o mdnAlreadySent: The message has the "$mdnsent" keyword already 278 set. 280 If the accountId or identityId given cannot be found, the method call 281 is rejected with an "invalidArguments" error. 283 The client MUST NOT issue an MDN/send request if the message has the 284 "$mdnsent" keyword set. 286 When sending the MDN, the server is in charge of generating the 287 "originalRecipient" and "originalMessageId" fields according to the 288 [RFC8098] specification. "finalRecipient" will also generally be 289 generated by the server based on the provided identity, but if 290 specified by the client and allowed (see Section 5) the server will 291 use the client provided value. 293 The client is expected to explicitly update each "Email" for which an 294 "MDN/send" has been invoked in order to set the "$mdnsent" keyword on 295 these messages. To ensure that, the server MUST reject an "MDN/send" 296 which does not result in setting the keyword "$mdnsent". Thus the 297 server MUST check that the "onSuccessUpdateEmail" property of the 298 method is correctly set to update this keyword. 300 2.2. MDN/parse 302 This method allows a client to parse blobs as [RFC5322] messages to 303 get MDN objects. This can be used to parse and get detailed 304 information about blobs referenced in the "mdnBlobIds" of the 305 EmailSubmission object, or any email message the client could expect 306 to be an MDN. 308 The "forEmailId" property can be null or missing if the 309 "originalMessageId" property is missing or does not refer to an 310 existing message, or if the server cannot efficiently calculate the 311 related message (for example, if several messages get the same 312 "Message-Id" header field). 314 The MDN/parse method takes the following arguments: 316 o accountId: "Id" The id of the account to use. 318 o blobIds: "Id[]" The ids of the blobs to parse. 320 The response has the following arguments: 322 o accountId: "Id" The id of the account used for the call. 324 o parsed: "Id[MDN]|null" A map of blob id to parsed MDN 325 representation for each successfully parsed blob, or null if none. 327 o notParsable: "Id[]|null" A list of ids given that corresponded to 328 blobs that could not be parsed as MDNs, or null if none. 330 o notFound: "Id[]|null" A list of blob ids given that could not be 331 found, or null if none. 333 The following additional errors may be returned instead of the MDN/ 334 parse response: 336 o requestTooLarge: The number of ids requested by the client exceeds 337 the maximum number the server is willing to process in a single 338 method call. 340 o invalidArguments: If the accountId given cannot be found, the MDN 341 parsing is rejected with an "invalidArguments" error. 343 3. Samples 345 3.1. Sending an MDN for a received email message 347 A client can use the following request to send an MDN back to the 348 sender: 350 [[ "MDN/send", { 351 "accountId": "ue150411c", 352 "identityId": "I64588216", 353 "send": { 354 "k1546": { 355 "forEmailId": "Md45b47b4877521042cec0938", 356 "subject": "Read receipt for: World domination", 357 "textBody": "This receipt shows that the email has been 358 displayed on your recipient's computer. There is no 359 guaranty it has been read or understood.", 360 "reportingUA": "joes-pc.cs.example.com; Foomail 97.1", 361 "disposition": { 362 "actionMode": "manual-action", 363 "sendingMode": "mdn-sent-manually", 364 "type": "displayed" 365 }, 366 "extension": { 367 "EXTENSION-EXAMPLE": "example.com" 368 } 369 } 370 }, 371 "onSuccessUpdateEmail": { 372 "#k1546": { 373 "keywords/$mdnsent": true 374 } 375 } 376 }, "0" ]] 378 If the email id matches an existing email message without the 379 "$mdnsent" keyword, the server can answer: 381 [[ "MDN/send", { 382 "accountId": "ue150411c", 383 "sent": { 384 "k1546": { 385 "finalRecipient": "rfc822; john@example.com", 386 "originalMessageId": "<199509192301.23456@example.org>" 387 } 388 } 389 }, "0" ], 390 [ "Email/set", { 391 "accountId": "ue150411c", 392 "oldState": "23", 393 "newState": "42", 394 "updated": { 395 "Md45b47b4877521042cec0938": {} 396 } 397 }, "0" ]] 399 If the "$mdnsent" keyword has already been set, the server can answer 400 an error: 402 [[ "MDN/send", { 403 "accountId": "ue150411c", 404 "notSent": { 405 "k1546": { 406 "type": "mdnAlreadySent", 407 "description" : "$mdnsent keyword is already present" 408 } 409 } 410 }, "0" ]] 412 3.2. Asking for MDN when sending an email message 414 This is done with the [RFC8621] "Email/set" "create" method. 416 [[ "Email/set", { 417 "accountId": "ue150411c", 418 "create": { 419 "k2657": { 420 "mailboxIds": { 421 "2ea1ca41b38e": true 422 }, 423 "keywords": { 424 "$seen": true, 425 "$draft": true 426 }, 427 "from": [{ 428 "name": "Joe Bloggs", 429 "email": "joe@example.com" 430 }], 431 "to": [{ 432 "name": "John", 433 "email": "john@example.com" 434 }], 435 "header:Disposition-Notification-To:asText": "joe@example.com", 436 "subject": "World domination", 437 ... 438 } 439 } 440 }, "0" ]] 442 Note the specified "Disposition-Notification-To" header field 443 indicating where to send MDN back (usually the sender of the 444 message). 446 3.3. Parsing a received MDN 448 The client issues a parse request: 450 [[ "MDN/parse", { 451 "accountId": "ue150411c", 452 "blobIds": [ "0f9f65ab-dc7b-4146-850f-6e4881093965" ] 453 }, "0" ]] 455 The server responds: 457 [[ "MDN/parse", { 458 "accountId": "ue150411c", 459 "parsed": { 460 "0f9f65ab-dc7b-4146-850f-6e4881093965": { 461 "forEmailId": "Md45b47b4877521042cec0938", 462 "subject": "Read receipt for: World domination", 463 "textBody": "This receipt shows that the email has been 464 displayed on your recipient's computer. There is no 465 guaranty it has been read or understood.", 466 "reportingUA": "joes-pc.cs.example.com; Foomail 97.1", 467 "disposition": { 468 "actionMode": "manual-action", 469 "sendingMode": "mdn-sent-manually", 470 "type": "displayed" 471 }, 472 "finalRecipient": "rfc822; john@example.com", 473 "originalMessageId": "<199509192301.23456@example.org>" 474 } 475 } 476 }, "0" ]] 478 In case of a not found blobId, the server would respond: 480 [[ "MDN/parse", { 481 "accountId": "ue150411c", 482 "notFound": [ "0f9f65ab-dc7b-4146-850f-6e4881093965" ] 483 }, "0" ]] 485 If the blobId has been found but is not parsable, the server would 486 respond: 488 [[ "MDN/parse", { 489 "accountId": "ue150411c", 490 "notParsable": [ "0f9f65ab-dc7b-4146-850f-6e4881093965" ] 491 }, "0" ]] 493 4. IANA Considerations 495 4.1. JMAP Capability Registration for "mdn" 497 IANA will register the "mdn" JMAP Capability as follows: 499 Capability Name: "urn:ietf:params:jmap:mdn" 501 Specification document: this document 503 Intended use: common 504 Change Controller: IETF 506 Security and privacy considerations: this document, section 5. 508 4.2. JMAP Error Codes Registry 510 This section registers one new error code in the "JMAP Error Codes" 511 registry, as defined in [RFC8620]. 513 JMAP Error Code: mdnAlreadySent 515 Intended use: common 517 Change controller: IETF 519 Reference: This document, Section 2.1 521 Description: The message has the "$mdnsent" keyword already set. The 522 client MUST NOT try again to send an MDN for this message. 524 5. Security considerations 526 The same considerations regarding MDN (see [RFC8098] and [RFC3503]) 527 apply to this document. 529 In order to reinforce trust regarding the relation between the user 530 sending an email message and the identity of this user, the server 531 SHOULD validate in conformance to the provided Identity that the user 532 is permitted to use the finalRecipient value and return a 533 forbiddenFrom error if not. 535 6. Normative References 537 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate 538 Requirement Levels", BCP 14, RFC 2119, 539 DOI 10.17487/RFC2119, March 1997, 540 . 542 [RFC3503] Melnikov, A., "Message Disposition Notification (MDN) 543 profile for Internet Message Access Protocol (IMAP)", 544 RFC 3503, DOI 10.17487/RFC3503, March 2003, 545 . 547 [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, 548 DOI 10.17487/RFC5322, October 2008, 549 . 551 [RFC8098] Hansen, T., Ed. and A. Melnikov, Ed., "Message Disposition 552 Notification", STD 85, RFC 8098, DOI 10.17487/RFC8098, 553 February 2017, . 555 [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 556 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 557 May 2017, . 559 [RFC8620] Jenkins, N. and C. Newman, "The JSON Meta Application 560 Protocol (JMAP)", RFC 8620, DOI 10.17487/RFC8620, July 561 2019, . 563 [RFC8621] Jenkins, N. and C. Newman, "The JSON Meta Application 564 Protocol (JMAP) for Mail", RFC 8621, DOI 10.17487/RFC8621, 565 August 2019, . 567 Author's Address 569 Raphael Ouazana (editor) 570 Linagora 571 100 Terrasse Boieldieu - Tour Franklin 572 Paris - La Defense CEDEX 92042 573 France 575 Email: rouazana@linagora.com 576 URI: https://www.linagora.com