Email Address Internationalization J. Klensin (EAI) Internet-Draft Y. Ko Intended status: Informational ICU Expires: April 15, 2007 October 12, 2006 Overview and Framework for Internationalized Email draft-ietf-eai-framework-02.txt Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on April 15, 2007. Copyright Notice Copyright (C) The Internet Society (2006). Abstract Full use of electronic mail throughout the world requires that people be able to use their own names, written correctly in their own languages and scripts, as mailbox names in email addresses. This document introduces a series of specifications that define mechanisms and protocol extensions needed to fully support internationalized email addresses. These changes include an SMTP extension and extension of email header syntax to accommodate UTF-8 data. The Klensin & Ko Expires April 15, 2007 [Page 1] Internet-Draft EAI Framework October 2006 document set also includes discussion of key assumptions and issues in deploying fully internationalized email. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.1. Role of This Specification . . . . . . . . . . . . . . . . 3 1.2. Problem statement . . . . . . . . . . . . . . . . . . . . 3 1.3. Terminology . . . . . . . . . . . . . . . . . . . . . . . 4 2. Overview of the Approach . . . . . . . . . . . . . . . . . . . 6 3. Document Plan . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Overview of Protocol Extensions and Changes . . . . . . . . . 6 4.1. SMTP Extension for Internationalized eMail Address . . . . 7 4.2. Transmission of Email Header in UTF-8 Encoding . . . . . . 8 4.3. Downgrading Mechanism for Backward Compatibility . . . . . 8 5. Downgrading Before and After SMTP Transactions . . . . . . . . 9 5.1. Downgrading Before or During Message Submission . . . . . 9 5.2. Downgrading or Other Processing After Final SMTP Delivery . . . . . . . . . . . . . . . . . . . . . . . . . 10 6. Internationalization Considerations . . . . . . . . . . . . . 10 7. Additional Issues . . . . . . . . . . . . . . . . . . . . . . 10 7.1. Impact on IRIs . . . . . . . . . . . . . . . . . . . . . . 10 7.2. Interaction with delivery notifications . . . . . . . . . 11 7.3. Use of email addresses as identifiers . . . . . . . . . . 11 7.4. Encoded-words, signed messages and downgrading . . . . . . 11 8. Experimental Targets . . . . . . . . . . . . . . . . . . . . . 12 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12 10. Security Considerations . . . . . . . . . . . . . . . . . . . 12 11. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 13 12. Change History . . . . . . . . . . . . . . . . . . . . . . . . 14 12.1. draft-klensin-ima-framework: Version 00 . . . . . . . . . 14 12.2. draft-klensin-ima-framework: Version 01 . . . . . . . . . 14 12.3. draft-ietf-eai-framework: Version 00 . . . . . . . . . . . 14 12.4. draft-ietf-eai-framework: Version 01 . . . . . . . . . . . 15 12.5. draft-ietf-eai-framework: Version 02 . . . . . . . . . . . 15 13. References . . . . . . . . . . . . . . . . . . . . . . . . . . 16 13.1. Normative References . . . . . . . . . . . . . . . . . . . 16 13.2. Informative References . . . . . . . . . . . . . . . . . . 16 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 18 Intellectual Property and Copyright Statements . . . . . . . . . . 20 Klensin & Ko Expires April 15, 2007 [Page 2] Internet-Draft EAI Framework October 2006 1. Introduction In order to use internationalized email addresses, we need to internationalize both the domain part and the local part of email addresses. The domain part of email addresses is already internationalized [RFC3490], while the local part is not. Without these extensions, the mailbox name is restricted to a subset of 7-bit ASCII [RFC2821]. Though MIME enables the transport of non-ASCII data, it does not provide a mechanism for internationalized email address. RFC 2047 [RFC2047] defines an encoding mechanism for some specific message header fields to accommodate non-ASCII data. However, it does not address the issue of email addresses that include non-ASCII characters. Without the extensions defined here, or some equivalent set, the only way to incorporate non-ASCII characters in email addresses is to use RFC2047 coding to embed them in what RFC 2822 [RFC2822] calls the "display name" (known as a "name phrase" or by other terms elsewhere) of the relevant headers. Information coded into the display name is invisible in the message envelope and would not be considered by many to be part of the address at all. 1.1. Role of This Specification This document presents the overview and framework for an approach to the next stage of email internationalization. This new stage requires not only internationalization of addresses and headers, but also associated transport and delivery models. This document describes how the various elements of email internationalization fit together and describes the relationships among the various documents involved. 1.2. Problem statement Though domain names are already internationalized, the internationalized forms are far from general adoption by ordinary users. One of the reasons for this is that we do not yet have fully internationalized naming schemes. Domain names are just one of the various names and identifiers that are required to be internationalized. Email addresses are particularly important examples in which internationalization of domain names alone is not sufficient. Unless email addresses are presented to the user in familiar characters and formats, the user's perception will not be of internationalization and behavior that is culturally friendly. One thing most of us have almost certainly learned from the experience with email usage is that users strongly prefer email addresses that closely resemble names or Klensin & Ko Expires April 15, 2007 [Page 3] Internet-Draft EAI Framework October 2006 initials to those involving meaningless strings of letters or numbers. If the names or initials of the names in the email address can be expressed in the native languages and writing systems of the users, the Internet will be perceived as more natural, especially by those whose native language is not written in a subset of a Roman- derived script. Internationalization of email addresses is not merely a matter of changing the SMTP envelope; or of modifying the From, To, and Cc headers; or of permitting upgraded mail user agents (MUAs) to decode a special coding and respond by displaying local characters. To be perceived as usable by end users, the addresses must be internationalized and handled consistently in all of the contexts in which they occur. That requirement has far-reaching implications: collections of patches and workarounds are not adequate. Even if they were adequate, a workaround-based approach may result in an assortment of implementations with different sets of patches and workarounds having been applied with consequent user confusion about what is actually usable and supported. Instead, we need to build a fully internationalized email environment, focusing on permitting efficient communication among those who share a language or other community. That, in turn, implies changes to the mail header environment to permit the full range of Unicode characters where that makes sense, an SMTP extension to permit UTF-8 [RFC3629] mail addressing and delivery of those extended headers, and (finally) a requirement for support of the 8BITMIME SMTP Extension [RFC1652] so that all of this can be transported through the mail system without having to overcome the limitation that headers do not have content- transfer-encodings. 1.3. Terminology This document assumes a reasonable understanding of the protocols and terminology of the core email standards as documented in [RFC2821] and [RFC2822]. Much of the description in this document depends on the abstractions of "Mail Transfer Agent" ("MTA") and "Mail User Agent" ("MUA"). However, it is important to understand that those terms and the underlying concepts postdate the design of the Internet's email architecture and the application of the "protocols on the wire" principle to it. That email architecture, as it has evolved, and the "wire" principle have prevented any strong and standardized distinctions about how MTAs and MUAs interact on a given origin or destination host (or even whether they are separate). In this document, an address is "all-ASCII", or just an "ASCII address", if every character in the address is in the ASCII character Klensin & Ko Expires April 15, 2007 [Page 4] Internet-Draft EAI Framework October 2006 repertoire [ASCII]; an address is "non-ASCII", or "an i18mail address", if any character is not in the ASCII character repertoire. Such addresses may be restricted in other ways, but those restrictions are not relevant here. The term "all-ASCII" is also applied to other protocol elements when the distinction is important, with "non-ASCII" or "internationalized" as its opposite. The umbrella term to describe the email address internationalization specified by this document and its companion documents is "UTF8SMTP". For example, an address permitted by this specification is referred as a "UTF8SMTP (compliant) address". Please note that according to definitions given here the set of all "all-ASCII" addresses and the set of all "non-ASCII" addresses are mutually exclusive. The set of all UTF8SMTP addresses is the union of these two sets. An "ASCII user" (i) exclusively uses email addresses that contain ASCII characters only, and (ii) cannot generate recipient addresses that contain non-ASCII characters. A "i18mail user" has one or more non-ASCII email addresses. Such a user may have ASCII addresses too; if the user has more than one email address, he or she has some method to choose which address to use on outgoing email. Note that under this definition, it is not possible to tell from the address that an email sender or recipient is an i18mail user. A "message" is sent from one user (sender) using a particular email address to one or more other recipient email addresses (often referred to just as "users" or "recipient users"). A "mailing list" is a mechanism whereby a message may be distributed to multiple recipients by sending to one recipient address. An agent (typically not a human being) at that single address then causes the message to be redistributed to the target recipients and sets the envelope return address of the redistributed message to a different error handling address from the original single recipient message. The pronouns "he" and "she" are used interchangeably to indicate a human of indeterminate gender. The key words "MUST", "SHALL", "REQUIRED", "SHOULD", "RECOMMENDED", and "MAY" in this document are to be interpreted as described in RFC 2119 [RFC2119]. Klensin & Ko Expires April 15, 2007 [Page 5] Internet-Draft EAI Framework October 2006 2. Overview of the Approach This set of specifications changes both SMTP and the format of email headers to permit non-ASCII characters to be represented directly. Each important component of the work is described in a separate document. The document set, whose members are described in the next section, also contains informational documents whose purpose is to provide implementation suggestions and guidance for the protocols. 3. Document Plan In addition to this document, the following documents make up this specification and provide advice and context for it. o SMTP extensions. This document [I18Nemail-SMTPext] provides an SMTP extension for internationalized addresses, as provided for in RFC 2821. o Email headers in UTF-8. This document [I18Nemail-UTF8] essentially updates RFC 2822 to permit some information in email headers to be expressed directly by Unicode characters encoded in UTF-8 when the SMTP extension described above is used. o In-transit downgrading from internationalized addressing with the SMTP extension and UTF-8 headers to traditional email formats and characters [I18Nemail-downgrade]. Downgrading either at the point of message origination or after the mail has successfully been received by a final delivery SMTP server (sometimes called an "MDA") involve different constraints and possibilities; see Section 4.3 and Section 5, below. o Extensions to the IMAP protocol to support internationalized headers [I18Nemail-imap]. o Parallel extensions to the POP protocol [I18Nemail-pop]. o Description of internationalization changes for delivery notifications (DSNs) [I18Nemail-DSN]. o Scenarios for the use of these protocols [I18Nemail-scenarios]. 4. Overview of Protocol Extensions and Changes Klensin & Ko Expires April 15, 2007 [Page 6] Internet-Draft EAI Framework October 2006 4.1. SMTP Extension for Internationalized eMail Address An SMTP extension, "UTF8SMTP" is specified that o Permits the use of UTF-8 strings in email addresses, both local parts and domain names. o Permits the selective use of UTF-8 strings in email headers (see the next subsection). o Requires that the server advertise the 8BITMIME extension [RFC1652] and that the client support 8-bit transmission so that header information can be transmitted without using a special content-transfer-encoding. o Provides information to support downgrading mechanisms. Some general principles apply to this work. 1. Whatever encoding is used should apply to the whole address and be directly compatible with software used at the user interface. 2. An SMTP relay must * Either recognize the format explicitly, agreeing to do so via an ESMTP option, * Select and use an ASCII-only address, downgrading other information as needed (see Section 4.3), or * Bounce the message so that the sender can make another plan. If the message cannot be forwarded because the next-hop system cannot accept the extension and insufficient information is available to reliably downgrade it, it MUST be bounced. 3. In the interest of interoperability, charsets other than UTF-8 are prohibited. There is no practical way to identify them properly with an extension similar to this without introducing great complexity. Conformance to the group of standards specified here for email transport and delivery requires implementation of the SMTP Extension specification, including recognition of the keywords associated with alternate addresses, and the UTF-8 Header specification. Support for downgrading is not required, but, if implemented, MUST be implemented as specified. Similarly, _if_ the system implements IMAP it conforms Klensin & Ko Expires April 15, 2007 [Page 7] Internet-Draft EAI Framework October 2006 to i18n IMAP spec, ditto for POP.??? 4.2. Transmission of Email Header in UTF-8 Encoding There are many places in MUAs or in user presentation in which email addresses or domain names appear. Examples include the conventional From, To, or Cc header fields; Message-IDs; In-Reply-To fields that may contain addresses or domain names; and in message bodies. We must examine all of them from an internationalization perspective. The user will expect to see mailbox and domain names in local characters, and to see them consistently. If non-obvious encodings, such as protocol-specific ASCII-Compatible Encoding (ACE) variants, are used, the user will inevitably, if only occasionally, see them rather than "native" characters and will find that discomfiting or astonishing. Similarly, if different codings are used for mail transport and message bodies, the user is particularly likely to be surprised, if only as a consequence of the long-established "things leak" principle. The only practical way to avoid these sources of discomfort, in both the medium and the longer term, is to have the encodings used in transport be as nearly as possible the same as the encodings used in message headers and message bodies. It seems clear that the point at which email local parts are internationalized is the point that email headers should simply be shifted to a full internationalized form, presumably using UTF-8 rather than ASCII as the base character set for other than protocol elements such as the header field names themselves. The transition to that model includes support for address, and address-related, fields within the headers of legacy systems. This is done by extending the encoding models of [RFC2045] and [RFC2231]. However, our target should be fully internationalized headers, as discussed in [I18Nemail-UTF8]. 4.3. Downgrading Mechanism for Backward Compatibility As with any use of the SMTP extension mechanism, there is always the possibility of a client that requires the feature encountering a server that does not support the required feature. In the case of email address and header internationalization, the risk should be minimized by the fact that the selection of submission servers are presumably under the control of the sender's client and the selection of potential intermediate relays is under the control of the administration of the final delivery server. For those situations, there are basically two possibilities: o Reject or bounce the message, requiring the sender to resubmit it with traditional-format addresses and headers. Klensin & Ko Expires April 15, 2007 [Page 8] Internet-Draft EAI Framework October 2006 o Figure out a way to downgrade the envelope or message body in transit. Especially when internationalized addresses are involved, downgrading will require that all-ASCII addresses be obtained from some source. An optional extension parameter is provided as a way of transmitting an alternate address. Downgrade issues and a specification are discussed in [I18Nemail-downgrade]. The first of these two options, that of rejecting or returning the message to the sender MAY always be chosen. There is also a third case, one in which the client is I18Nemail- capable, the server is not, but the message does not require the extended capabilities. In other words, both the addresses in the envelope and the entire set of headers of the message are entirely in ASCII (perhaps including encoded-words in the headers). In that case, the client SHOULD send the message whether or not the server announces the capability specified here. 5. Downgrading Before and After SMTP Transactions In addition to the in-transit downgrades discussed above, downgrading may also occur before or during initial message submission or after delivery to the final delivery MTA. Because these cases have a different set of available information from in-transit cases, the constraints and opportunities may be somewhat different too. These two cases are discussed in the subsections below. 5.1. Downgrading Before or During Message Submission Perhaps obviously, the most convenient time to find an ASCII address corresponding to an internationalized address, or to convert a message from the internationalized form into conventional ASCII form, is at the originating MUA, either before the message is sent or after the internationalized form of the message is rejected or bounced by some MTA in the path to the presumed destination. At that point, the user has a full range of choices available, including contacting the intended recipient out of band for an alternate address, consulting appropriate directories, arranging for translation of both addresses and message content into a different language, and so on. While it is natural to think of message downgrading as optimally being a fully-automated process, we should not underestimate the capabilities of a user of at least moderate intelligence who wishes to communicate with another such user. In this context, one can easily imagine modifications to message submission servers (as described in [RFC4409]) so that they would perform downgrading, or perhaps even upgrading, operations, receiving Klensin & Ko Expires April 15, 2007 [Page 9] Internet-Draft EAI Framework October 2006 messages with one or more of the internationalization extensions discussed here and adapting the outgoing message, as needed, to respond to the delivery or next-hop environment it encounters. 5.2. Downgrading or Other Processing After Final SMTP Delivery When an email message is received by a final delivery SMTP server, it is usually stored in some form. Then it is retrieved either by software that reads the stored form directly or by client software via some email retrieval mechanisms such as POP or IMAP. The SMTP extension described in Section 4.1 provides protection only in transport. It does not prevent MUAs and email retrieval mechanisms that have not been upgraded to understand internationalized addresses and UTF-8 headers from accessing stored internationalized emails. Since the final delivery SMTP server (or, to be more specific, its corresponding mail storage agent) cannot safely assume that agents accessing email storage will be always be capable of handling the extensions proposed here, it MAY either downgrade internationalized emails or specially identify messages that utilize these extensions, or both. If this done, the final delivery SMTP server SHOULD include a mechanism to preserve or recover the original internationalized forms without information loss to support access by I18Nemail-aware agents. 6. Internationalization Considerations This entire specification addresses issues in internationalization and especially the boundaries between internationalization and localization and between network protocols and client/user interface actions. 7. Additional Issues This section identifies issues that are not covered as part of this set of specifications, but that will need to be considered as part of deployment of email address and header internationalization. 7.1. Impact on IRIs The mailto: schema defined in [RFC2368] and discussed in IRI [RFC3987] may need to be modified when this work is completed and standardized. Klensin & Ko Expires April 15, 2007 [Page 10] Internet-Draft EAI Framework October 2006 7.2. Interaction with delivery notifications The advent of UTF8SMTP will make necessary consideration of the interaction with delivery notification mechanisms, including the SMTP extension for requesting delivery notifications [RFC3461], and the format of delivery notifications [RFC3464]. These issues are discussed in a forthcoming document that will update those RFCs as needed [I18Nemail-DSN]. 7.3. Use of email addresses as identifiers There are a number of places in contemporary Internet usage in which email addresses are used as identifiers for individuals, including as identifiers to web servers supporting some electronic commerce sites. These documents do not address those uses, but it is reasonable to expect that some difficulties will be encountered when internationalized addresses are first used in those contexts, many of which cannot handle the full range of addresses permitted today. 7.4. Encoded-words, signed messages and downgrading One particular characteristic of the email format is its persistency: MUA are expected to handle messages that were originally sent decades ago and not just those delivered seconds ago. As such, MUAs and mail filtering software will need to continue to accept and decode header fields that use the "encoded word" mechanism [RFC2047] to accommodate non-ASCII characters in some header fields. While extensions to both POP3 and IMAP have been proposed to enable automatic EAI-upgrade--- including RFC 2047 decoding---of messages by the POP3 or IMAP server, there are message structures and MIME content-types for which that cannot be done or where the change would have unacceptable side- effects. For example, message parts that are cryptographically signed using, e.g., S/MIME [RFC2663] or PGP [RFC3156], cannot be upgraded from RFC 2047 form to normal UTF-8 characters without breaking the signature. Similarly, message parts that are encrypted encrypted) may contain, when decrypted, header fields that use the RFC 2047 encoding; such messages cannot be 'fully' upgraded without access to cryptographic keys. Similar issues may arise if signed messages are downgraded in transit [I18Nemail-downgrade] and then an attempt is made to upgrade them to the original form and then verify the signatures. Even the very subtle changes that may result from algorithms to downgrade and then upgrade again may be sufficient to invalidate the signatures if they impact either the primary or MIME bodypart headers. When signatures are present, downgrading must be performed with extreme care if at Klensin & Ko Expires April 15, 2007 [Page 11] Internet-Draft EAI Framework October 2006 all. 8. Experimental Targets In addition to the simple question of whether the model outlined here can be made to work in a satisfactory way for upgraded systems and provide adequate protection for un-upgraded ones, we expect that actually working with the systems will provide answers to two additional questions: what restrictions such as character lists or normalization should be placed, if any, on the characters that are permitted to be used in address local-parts and how useful, in practice, will downgrading turn out to be given whatever restrictions and constraints that must be placed upon it. 9. IANA Considerations This overview description and framework document does not contemplate any IANA registrations or other actions. Some of the documents in the group have their own IANA considerations sections and requirements. 10. Security Considerations Any expansion of permitted characters and encoding forms in email addresses raises some risks. There have been discussions on so called "IDN-spoofing" or "IDN homograph attacks". These attacks allow an attacker (or "phisher") to spoof the domain or URLs of businesses. The same kind of attack is also possible on the local part of internationalized email addresses. It should be noted that one of the proposed fixes for, e.g., domain names in URLs, does not work for email local parts since they are case-sensitive. That fix involves forcing all elements that are displayed to be in lower-case and normalized. Since email addresses are often transcribed from business cards and notes on paper, they are subject to problems arising from confusable characters. These problems are somewhat reduced if the domain associated with the mailbox is unambiguous and supports a relatively small number of mailboxes whose names follow local system conventions; they are increased with very large mail systems in which users can freely select their own addresses. The internationalization of email addresses and headers must not leave the Internet less secure than it is that without the required extensions. The requirements and mechanisms documented in this set Klensin & Ko Expires April 15, 2007 [Page 12] Internet-Draft EAI Framework October 2006 of specifications do not, in general, raise any new security issues. They do require a review of issues associated with confusable characters -- a topic that is being explored thoroughly elsewhere [RFC4690] -- and, potentially, some issues with UTF-8 canonicalization, discussed in [RFC3629]. The latter is also part of the subject of ongoing work discussed in [Net-Unicode]. Specific issues are discussed in more detail in the other documents in this set. However, in particular, caution should be taken that any "downgrading" mechanism, or use of downgraded addresses, does not inappropriately assume authenticated bindings between the internationalized and ASCII addresses. The new UTF-8 header and message formats might also raise, or aggravate, another known issue. If the model creates new forms of 'invalid' or 'malformed' message, then a new email attack is created: in an effort to be robust, some or or most agents will accept such message and interpret them as if they were well-formed. If a filter interprets such a message differently than then final MUA, then it may be possible to create a message which appears acceptable under the filter's interpretation but which should be rejected under the interpretation given it by the final MUA. Such attacks already exist for existing messages and encoding layers, e.g., invalid MIME syntax, invalid HTML markup, and invalid coding of particular image types. In addition, email addresses are used in many contexts other than sending mail, such as for identifiers under various circumstances (see Section 7.3). Each of those contexts will need to be evaluated, in turn, to determine whether the use of non-ASCII forms is appropriate and what particular issues they raise. This work will clearly impact any systems or mechanisms that is dependent on digital signatures or similar integrity protection for mail headers (see also the discussion in Section 7.4. Many conventional uses of PGP and S/MIME are not affected since they are used to sign body parts but not headers. On the other hand, the developing work on domain keys identified mail (DKIM [DKIM-Charter]) will eventually need to consider this work and vice versa: while this experiment does not propose to address or solve the issues raised by DKIM and other signed header mechanisms, the issues will have to be coordinated and resolved eventually. 11. Acknowledgements This document, and the related ones, were originally derived from drafts by John Klensin and the JET group [Klensin-emailaddr], [JET-IMA]. The work drew inspiration from discussions on the "IMAA" mailing list, sponsored by the Internet Mail Consortium and Klensin & Ko Expires April 15, 2007 [Page 13] Internet-Draft EAI Framework October 2006 especially from an early draft by Paul Hoffman and Adam Costello [Hoffman-IMAA] that attempted to define an MUA-only solution to the address internationalization problem. More recent drafts have benefited from considerable discussion within the IETF EAI Working Group and especially from suggestions and text provided by Frank Ellermann, Philip Guenther, and Kari Hurtta, and from extended discussions among the editors and authors of the core documents cited in Section 3: Harald Alvestrand, Kazunori Fujiwara, Chris Newman, Pete Resnick, Jiankang Yao, Jeff Yeh, and Yoshiro Yoneya. 12. Change History This document has evolved through several titles as well as the usual version numbers. The list below tries to trace that thread as well as changes within the substance of the document. The first document of the series was posted as draft-klensin-emailaddr-i18n-00.txt in October 2003. 12.1. draft-klensin-ima-framework: Version 00 This version supercedes draft-lee-jet-ima-00 and draft-klensin-emailaddr-i18n-03. It represents a major rewrite and change of architecture from the former and incorporates many ideas and some text from the latter. 12.2. draft-klensin-ima-framework: Version 01 o Some clarifications of terminology (more to follow) and general editorial improvements. o Upgrades to reflect discussions during IETF 64. o Improved treatment of downgrading before and after message transport. 12.3. draft-ietf-eai-framework: Version 00 This version supercedes draft-klensin-ima-framework-01; its file name should represent the form to be used until the IETF email address and header internationalization ("EAI") work concludes. o Changed "display name" terminology to be consistent with RFC 2822. Also clarified some other terminology issues. Klensin & Ko Expires April 15, 2007 [Page 14] Internet-Draft EAI Framework October 2006 o Added a comment about the possible role of MessageSubmission servers in downgrading. o Removed the "IMA" terminology, converting it to either "EAI" or prose. o Per meeting and mailing list discussion, added conformance statements about bouncing if neither forwarding nor downgrading were possible and about implementation requirements. o Updated several references. Some documents are still tentative. o Fixed many typographical errors. 12.4. draft-ietf-eai-framework: Version 01 o Added comments about PGP, S/MIME, and DKIM to Security Considerations o Rationalized terminology and included terminology from scenarios document. 12.5. draft-ietf-eai-framework: Version 02 o Clarified comment about IRIs and MAILTO. o Identified issue with S/MIME and PGP for encapsulated content. o Added note about the definitive "UTF8SMTP" terminology. o Removed mail exploder related discussions and reference. o Adjusted some requirement levels. o Removed computed ASCII address (aka ATOMIC) related discussion. o Added a section about delivery notifications and created a pointer to a new document about them. o Added a new section noting the use of email addresses as identifiers. o Added a new section discussing implications of downgrading to digital signatures on messages. o Many editorial revisions, corrections to references, etc., including moving the references to the other documents in the series to "informative" -- this document does not depend on them Klensin & Ko Expires April 15, 2007 [Page 15] Internet-Draft EAI Framework October 2006 for a specification and is, itself, intended to be Informational. 13. References 13.1. Normative References [ASCII] American National Standards Institute (formerly United States of America Standards Institute), "USA Code for Information Interchange", ANSI X3.4-1968, 1968. ANSI X3.4-1968 has been replaced by newer versions with slight modifications, but the 1968 version remains definitive for the Internet. [RFC1652] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D. Crocker, "SMTP Service Extension for 8bit-MIMEtransport", RFC 1652, July 1994. [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels'", RFC 2119, March 1997. [RFC2821] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. [RFC3490] Faltstrom, P., Hoffman, P., and A. Costello, "Internationalizing Domain Names in Applications (IDNA)", RFC 3490, March 2003. [RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO 10646", STD 63, RFC 3629, November 2003. 13.2. Informative References [DKIM-Charter] IETF, "Domain Keys Identified Mail (dkim)", October 2006, . [Hoffman-IMAA] Hoffman, P. and A. Costello, "Internationalizing Mail Addresses in Applications (IMAA)", draft-hoffman-imaa-03 (work in progress), October 2003. [I18Nemail-DSN] Newman, C., "UTF-8 Delivery and Disposition Notification", draft-ietf-eai-dsn-00 (work in progress), January 2007. This document is under development by the WG. The date Klensin & Ko Expires April 15, 2007 [Page 16] Internet-Draft EAI Framework October 2006 given is an estimate for a version ready for posting. [I18Nemail-SMTPext] Yao, J., Ed. and W. Mao, Ed., "SMTP extension for internationalized email address", draft-ietf-eai-smtpext-01 (work in progress), July 2006. [I18Nemail-UTF8] Yeh, J., "Internationalized Email Headers", draft-ietf-eai-utf8headers-01.txt (work in progress), August 2006. [I18Nemail-downgrade] YONEYA, Y., Ed. and K. Fujiwara, Ed., "Downgrading mechanism for Internationalized eMail Address (IMA)", draft-ietf-eai-downgrade-02 (work in progress), August 2005. [I18Nemail-imap] Resnick, P. and C. Newman, "IMAP Support for UTF-8", draft-ietf-eai-imap-utf8-00 (work in progress), May 2006. [I18Nemail-pop] Newman, C., "POP3 Support for UTF-8", June 2006, . [I18Nemail-scenarios] Alvestrand, H., "UTF-8 Mail: Scenarios", draft-ietf-eai-scenarios-01 (work in progress), June 2006. [JET-IMA] Yao, J. and J. Yeh, "Internationalized eMail Address (IMA)", draft-lee-jet-ima-00 (work in progress), June 2005. [Klensin-emailaddr] Klensin, J., "Internationalization of Email Addresses", draft-klensin-emailaddr-i18n-03 (work in progress), July 2005. [Net-Unicode] Klensin, J. and M. Padlipsky, "Unicode Format for Network Interchange", April 2006, . [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. Klensin & Ko Expires April 15, 2007 [Page 17] Internet-Draft EAI Framework October 2006 [RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text", RFC 2047, November 1996. [RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations", RFC 2231, November 1997. [RFC2368] Hoffman, P., Masinter, L., and J. Zawinski, "The mailto URL scheme", RFC 2368, July 1998. [RFC2663] Srisuresh, P. and M. Holdrege, "IP Network Address Translator (NAT) Terminology and Considerations", RFC 2663, August 1999. [RFC2822] Resnick, P., "Internet Message Format", RFC 2822, April 2001. [RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler, "MIME Security with OpenPGP", RFC 3156, August 2001. [RFC3461] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications (DSNs)", RFC 3461, January 2003. [RFC3464] Moore, K. and G. Vaudreuil, "An Extensible Message Format for Delivery Status Notifications", RFC 3464, January 2003. [RFC3987] Duerst, M. and M. Suignard, "Internationalized Resource Identifiers (IRIs)", RFC 3987, January 2005. [RFC4409] Gellens, R. and J. Klensin, "Message Submission for Mail", RFC 4409, April 2006. [RFC4690] Klensin, J., Faltstrom, P., Karp, C., and IAB, "Review and Recommendations for Internationalized Domain Names (IDNs)", RFC 4690, September 2006. Klensin & Ko Expires April 15, 2007 [Page 18] Internet-Draft EAI Framework October 2006 Authors' Addresses John C Klensin 1770 Massachusetts Ave, #322 Cambridge, MA 02140 USA Phone: +1 617 491 5735 Email: john-ietf@jck.com YangWoo Ko ICU 119 Munjiro Yuseong-gu, Daejeon 305-732 Republic of Korea Email: yw@mrko.pe.kr Klensin & Ko Expires April 15, 2007 [Page 19] Internet-Draft EAI Framework October 2006 Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Intellectual Property The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org. Acknowledgment Funding for the RFC Editor function is provided by the IETF Administrative Support Activity (IASA). Klensin & Ko Expires April 15, 2007 [Page 20]