[Docs] [txt|pdf|xml] [Tracker] [WG] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 06 07 08 RFC 6857

Email Address Internationalization                           K. Fujiwara
(EAI)                                                               JPRS
Internet-Draft                                              Oct 22, 2012
Intended status: Standards Track
Expires: April 25, 2013


 Post-delivery Message Downgrading for Internationalized Email Messages
                draft-ietf-eai-popimap-downgrade-08.txt

Abstract

   The Email Address Internationalization (SMTPUTF8) extension to SMTP
   allows UTF-8 characters in mail header fields.  Upgraded POP and IMAP
   servers support internationalized Email messages.  If a POP/IMAP
   client does not support Email Address Internationalization, POP/IMAP
   servers cannot deliver Internationalized Email Headers to the client
   and cannot remove the message.  To avoid the situation, this document
   describes a conversion mechanism for internationalized Email messages
   to be in traditional message format.  In the process, message
   elements requiring internationalized treatment are recoded or removed
   and receivers are able to know that they received messages containing
   such elements even if they cannot process the internationalized
   elements.

Status of This Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on April 25, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal



Fujiwara                 Expires April 25, 2013                 [Page 1]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
     1.1.  Problem statement  . . . . . . . . . . . . . . . . . . . .  4
     1.2.  Possible solutions . . . . . . . . . . . . . . . . . . . .  4
     1.3.  Approach taken in this specification . . . . . . . . . . .  4
   2.  Terminology  . . . . . . . . . . . . . . . . . . . . . . . . .  6
   3.  Email Header Fields Downgrading  . . . . . . . . . . . . . . .  6
     3.1.  Downgrading Method for Each ABNF Element . . . . . . . . .  6
       3.1.1.  UNSTRUCTURED Downgrading . . . . . . . . . . . . . . .  6
       3.1.2.  WORD Downgrading . . . . . . . . . . . . . . . . . . .  6
       3.1.3.  COMMENT Downgrading  . . . . . . . . . . . . . . . . .  6
       3.1.4.  MIME-VALUE Downgrading . . . . . . . . . . . . . . . .  7
       3.1.5.  DISPLAY-NAME Downgrading . . . . . . . . . . . . . . .  7
       3.1.6.  DOMAIN Downgrading . . . . . . . . . . . . . . . . . .  7
       3.1.7.  GROUP Downgrading  . . . . . . . . . . . . . . . . . .  7
       3.1.8.  MAILBOX Downgrading  . . . . . . . . . . . . . . . . .  8
       3.1.9.  TYPED-ADDRESS Downgrading  . . . . . . . . . . . . . .  8
       3.1.10. ENCAPSULATION: A Last Resort . . . . . . . . . . . . .  8
     3.2.  Downgrading Method for Each Header Field . . . . . . . . . 10
       3.2.1.  Address Header Fields That Contain <address>s  . . . . 10
       3.2.2.  Downgrading Non-ASCII in Comments  . . . . . . . . . . 11
       3.2.3.  Message-ID Header Fields . . . . . . . . . . . . . . . 11
       3.2.4.  Received Header Field  . . . . . . . . . . . . . . . . 11
       3.2.5.  MIME Content Header Fields . . . . . . . . . . . . . . 12
       3.2.6.  Non-ASCII in <unstructured>  . . . . . . . . . . . . . 12
       3.2.7.  Non-ASCII in <phrase>  . . . . . . . . . . . . . . . . 12
       3.2.8.  Other Header Fields  . . . . . . . . . . . . . . . . . 12
   4.  MIME Downgrading . . . . . . . . . . . . . . . . . . . . . . . 12
     4.1.  MIME Body-Part Header Field Downgrading  . . . . . . . . . 13
     4.2.  Delivery Status Notification downgrading . . . . . . . . . 13
   5.  Security Considerations  . . . . . . . . . . . . . . . . . . . 13
   6.  Implementation Notes . . . . . . . . . . . . . . . . . . . . . 14
     6.1.  RFC 2047 Encoding  . . . . . . . . . . . . . . . . . . . . 14
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 15
     7.1.  Obsolescence of Existing Downgraded-* Header Fields  . . . 15
     7.2.  Registration of New Downgraded-* Header Fields . . . . . . 15
   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 16
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 16



Fujiwara                 Expires April 25, 2013                 [Page 2]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 16
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 18
   Appendix A.  Examples  . . . . . . . . . . . . . . . . . . . . . . 18
     A.1.  Downgrading Example  . . . . . . . . . . . . . . . . . . . 18
   Appendix B.  Change History  . . . . . . . . . . . . . . . . . . . 20
     B.1.  Version 00 . . . . . . . . . . . . . . . . . . . . . . . . 20
     B.2.  Version 01 . . . . . . . . . . . . . . . . . . . . . . . . 20
     B.3.  Version 02 . . . . . . . . . . . . . . . . . . . . . . . . 20
     B.4.  Version 03 . . . . . . . . . . . . . . . . . . . . . . . . 21
     B.5.  Version 04 . . . . . . . . . . . . . . . . . . . . . . . . 21
     B.6.  Version 05 . . . . . . . . . . . . . . . . . . . . . . . . 21
     B.7.  Version 06 . . . . . . . . . . . . . . . . . . . . . . . . 21
     B.8.  Version 07 . . . . . . . . . . . . . . . . . . . . . . . . 22
     B.9.  Version 08 . . . . . . . . . . . . . . . . . . . . . . . . 22





































Fujiwara                 Expires April 25, 2013                 [Page 3]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


1.  Introduction

1.1.  Problem statement

   Traditional (legacy) mail systems, which are defined by [RFC5322] and
   other specifications, allow only ASCII characters in mail header
   field values.  The SMTPUTF8 extension ([RFC6530], [RFC6531] and
   [RFC6532]) allow raw UTF-8 in those mail header fields.

   If a header field contains non-ASCII strings, POP/IMAP servers cannot
   deliver Internationalized Email Headers to legacy clients which does
   not send UTF8 command or UTF8 capability, and because they have no
   obvious or standardized way to explain what is going on to those
   clients, cannot even safely discard the message.

1.2.  Possible solutions

   There are four plausible approaches to the problem, with the
   preferred one depending on the particular circumstances and
   relationship among the delivery SMTP server, the mail store, the POP
   or IMAP server, and the users and their MUA clients:

   1.  If the delivery MTA has sufficient knowledge about the POP and/or
       IMAP servers and clients being used, the message may be rejected
       as undeliverable.

   2.  The message may be downgraded by the POP or IMAP server, in a way
       that preserves maximum information at the expense of some
       complexity, and does not create security or operational problems
       in the mail system.

   3.  Some intermediate downgrading may be applied that balances more
       information loss against lower complexity and greater ease of
       implementation.

   4.  The POP or IMAP server may fabricate a message whose intent is to
       notify the client that an internationalized message is waiting
       but cannot be delivered until an upgraded client is available.

1.3.  Approach taken in this specification

   This specification describes the second of those options.  It is
   worth noticing that, at least in the general case, none of these
   options preserve sufficient information to guarantee that it is
   possible to reply to an incoming message without loss of information,
   so the choice may be considered to be among "least bad" options.
   While this document specifies a well designed mechanism, it is only
   an interim solution while clients are being upgraded



Fujiwara                 Expires April 25, 2013                 [Page 4]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   [I-D.ietf-eai-rfc5721bis] [I-D.ietf-eai-5738bis].

   This message downgrading mechanism converts mail header fields to an
   all-ASCII representation.  The POP/IMAP servers can use the
   downgrading mechanism and deliver the Internationalized Email message
   as a traditional form.  Receivers can know they received some
   internationalized messages or some unknown or broken messages.

   [RFC6532] allows UTF-8 characters to be used in mail header fields
   and MIME header fields.  [RFC6531] allows UTF-8 characters to be used
   in some trace header fields.  The message downgrading mechanism
   specified here describes the conversion method from the
   internationalized messages that are defined in [RFC6530], and
   [RFC6532] to the traditional email messages defined in [RFC5322].

   This document provides a precise definition of the minimum-
   information-loss message downgrading process.

   Downgrading consists of the following three parts:


   o  New header field definitions

   o  Email header field downgrading

   o  MIME header field downgrading

   Email header field downgrading is described in Section 3.  It
   generates ASCII-only header fields.

   In Section 3.1.10 of this document, header fields starting with
   "Downgraded-" are introduced.  They preserve the information that
   appeared in the original header fields.

   The definition of MIME header fields in Internationalized Email
   Messages is described in [RFC6532].  MIME header field downgrading is
   described in Section 4.1.  It generates ASCII-only MIME header
   fields.

   Displaying downgraded messages that originally contained
   internationalized header fields is out of scope of this document.  A
   POP/IMAP client which does not support UTF8 extensions as defined for
   POP3 [UTF8 command] and IMAP ["ENABLE UTF8=ACCEPT" command] does not
   know internationalized message format described in [RFC6532].







Fujiwara                 Expires April 25, 2013                 [Page 5]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


2.  Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in RFC 2119 [RFC2119].

   All specialized terms used in this specification are defined in the
   Overview and Framework for Internationalized Email [RFC6530], in the
   mail message specifications [RFC5322], or in the MIME documents
   [RFC2045] [RFC2047] [RFC2183] [RFC2231].  The terms "U-label",
   "A-label" and "IDNA" are used with the definitions from [RFC5890].
   The terms "ASCII address", "non-ASCII address", "SMTPUTF8",
   "message", "internationalized message" are used with the definitions
   from [RFC6530].  The term "non-ASCII string" is used with the
   definitions from [RFC6532].

3.  Email Header Fields Downgrading

   This section defines the conversion method to ASCII for each header
   field that may contain non-ASCII strings.  Section 3.1 describes
   rewriting methods for each ABNF element.  Section 3.2 describes
   rewriting methods for each header field.

3.1.  Downgrading Method for Each ABNF Element

   Header field downgrading is defined below for each ABNF element.
   Converting the header field terminates when no non-ASCII strings
   remain in the header field.

   [RFC5322] describes ABNF elements <group>, <mailbox>, <unstructured>,
   <word>, <comment>, <display-name>.  [RFC2045] describes ABNF element
   <value>. <domain> is updated to allow non-ASCII characters in Section
   3.3 of [RFC6531] and Section 3.2 of [RFC6532].

3.1.1.  UNSTRUCTURED Downgrading

   If the header field has an <unstructured> field that contains non-
   ASCII strings, apply [RFC2047] encoding with charset UTF-8.

3.1.2.  WORD Downgrading

   If the header field has any <word> fields that contain non-ASCII
   strings, apply [RFC2047] encoding with charset UTF-8.

3.1.3.  COMMENT Downgrading

   If the header field has any <comment> fields that contain non-ASCII
   strings, apply [RFC2047] encoding with charset UTF-8.



Fujiwara                 Expires April 25, 2013                 [Page 6]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


3.1.4.  MIME-VALUE Downgrading

   If the header field has any <value> elements defined by [RFC2045] and
   the elements contain non-ASCII strings, encode the <value> elements
   according to [RFC2231] with charset UTF-8 and leave the language
   information empty.  If the <value> element is <quoted-string> and it
   contains <CFWS> outside the DQUOTE, remove the <CFWS> before this
   conversion.

3.1.5.  DISPLAY-NAME Downgrading

   If the header field has any <address> (<mailbox> or <group>) elements
   and they have <display-name> elements that contain non-ASCII strings,
   encode the <display-name> elements according to [RFC2047] with
   charset UTF-8.  DISPLAY-NAME downgrading is the same algorithm as
   WORD downgrading.

3.1.6.  DOMAIN Downgrading

   If the header field has any <domain> elements that contain U-labels,
   rewrite the non-ASCII domain name into ASCII domain name using
   A-labels as specified in IDNA [RFC5891].

3.1.7.  GROUP Downgrading

   <group> is defined in Section 3.4 of [RFC5322].  The <group> elements
   may contain <mailbox>es which contain non-ASCII addresses.

   If a <group> element contains <mailbox> elements and one of
   <mailbox>es contains a non-ASCII <local-part>, rewrite the <group>
   element as


   display-name " " ENCODED_WORD " :;"


   where the <ENCODED_WORD> is the original <group-list> encoded
   according to [RFC2047].

   Otherwise, the <group> element does not contain non-ASCII <local-
   part>.  If the <group> element contain non-ASCII <mailbox>es, they
   contains non-ASCII domain names.  Rewrite the non-ASCII domain names
   into ASCII domain names using A-labels as specified in IDNA
   [RFC5891].  Generated <mailbox>es contain ASCII addresses only.







Fujiwara                 Expires April 25, 2013                 [Page 7]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


3.1.8.  MAILBOX Downgrading

   If the <local-part> of the <mailbox> element does not contain non-
   ASCII characters, the <domain> element contains non-ASCII characters.
   Rewrite the non-ASCII domain name into ASCII domain name using
   A-labels as specified in IDNA [RFC5891].

   Otherwise, the <local-part> contains non-ASCII characters.  The non-
   ASCII <local-part> has no equivalent format for ASCII addresses.  The
   <addr-spec> element that contains non-ASCII strings may appear in two
   forms as:


   "<" addr-spec ">"
   addr-spec


   Rewrite both as:


   ENCODED-WORD " :;"


   where the <ENCODED-WORD> is the original <addr-spec> encoded
   according to [RFC2047].

3.1.9.  TYPED-ADDRESS Downgrading

   If the header field contains <utf-8-type-addr> and the <utf-8-type-
   addr> contains raw non-ASCII strings, it is in utf-8-address form.
   Convert it to utf-8-addr-xtext form.  Those forms are described in
   [RFC6533].  COMMENT downgrading is also performed in this case.  If
   the address type is unrecognized and the header field contains non-
   ASCII strings, then fall back to using ENCAPSULATION on the entire
   header field specified in Section 3.1.10.

3.1.10.  ENCAPSULATION: A Last Resort

   As a last resort when header fields cannot be converted as discussed
   in the previous section, the fields are deleted and replaced by
   specialized new header fields.  Those fields are defined to preserve,
   in encoded form, as much information as possible from the header
   field values of the incoming message.  The syntax of these new header
   fields is:







Fujiwara                 Expires April 25, 2013                 [Page 8]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   fields                   =/ downgraded

   downgraded =  "Downgraded-Message-Id:"         unstructured CRLF /
                 "Downgraded-Resent-Message-Id:"  unstructured CRLF /
                 "Downgraded-In-Reply-To:"        unstructured CRLF /
                 "Downgraded-References:"         unstructured CRLF /
                 "Downgraded-Original-Recipient:" unstructured CRLF /
                 "Downgraded-Final-Recipient:"    unstructured CRLF


   Applying this procedure to "Received:" header field is prohibited.
   ENCAPSULATION Downgrading is allowed for "Message-ID",
   "In-Reply-To:", "References:", "Original-Recipient" and "Final-
   Recipient" header fields.

   To preserve a header field in a "Downgraded-" header field:

   1.  Generate a new header field.

       *  The field name is a concatenation of "Downgraded-" and the
          original field name.

       *  The initial new field value is the original header field
          value.

   2.  Treat the initial new header field value as if it were
       unstructured, and then apply [RFC2047] encoding with charset
       UTF-8 as necessary so that the resulting new header field value
       is completely in ASCII.

   3.  Remove the original header field.




















Fujiwara                 Expires April 25, 2013                 [Page 9]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


3.2.  Downgrading Method for Each Header Field

   [RFC4021] establishes a registry of header fields.  This section
   describes the downgrading method for each header field.

   If the whole mail header field does not contain non-ASCII strings,
   email header field downgrading is not required.  Each header field's
   downgrading method is described below.

3.2.1.  Address Header Fields That Contain <address>s


   From:
   Sender:
   To:
   Cc:
   Bcc:
   Reply-To:
   Resent-From:
   Resent-Sender:
   Resent-To:
   Resent-Cc:
   Resent-Bcc:
   Resent-Reply-To:
   Return-Path:
   Disposition-Notification-To:

   If the header field contains non-ASCII characters, first perform
   COMMENT downgrading and DISPLAY-NAME downgrading as described in the
   corresponding subsections of Section 3.1.  If the header field still
   contains non-ASCII characters after that, do the following two steps:

   1.  If the header field contains <group> elements that contain non-
       ASCII addresses, perform GROUP downgrading on those elements.

   2.  If the header field contains <mailbox> elements that contain non-
       ASCII addresses, perform MAILBOX downgrading on those elements.

   This procedure may generate empty <group> elements in "From:",
   "Sender:" and "Reply-To:" header fields.
   [I-D.leiba-5322upd-from-group] updates [RFC5322] to allow (empty)
   <group> elements in "From:", "Sender:" and "Reply-To:" header fields.









Fujiwara                 Expires April 25, 2013                [Page 10]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


3.2.2.  Downgrading Non-ASCII in Comments


   Date:
   Resent-Date:
   MIME-Version:
   Content-ID:
   Content-Transfer-Encoding:
   Content-Language:
   Accept-Language:
   Auto-Submitted:

   These header fields do not contain non-ASCII strings except in
   comments.  If the header field contains UTF-8 characters in comments,
   perform COMMENT downgrading.

3.2.3.  Message-ID Header Fields


   Message-ID:
   Resent-Message-ID:
   In-Reply-To:
   References:

   Perform ENCAPSULATION as specified in Section 3.1.10.

3.2.4.  Received Header Field


   Received:

   If <domain> elements or <mailbox> elements contains U-labels, perform
   DOMAIN downgrading specified in Section 3.1.6.  Comments may contain
   non-ASCII strings, perform COMMENT downgrading.

   After the DOMAIN downgrading and the COMMENT downgrading, if the FOR
   clause contains a non-ASCII <local-part>, remove the "FOR" clause.
   If the ID clause contains a non-ASCII values, remove the "ID" clause.













Fujiwara                 Expires April 25, 2013                [Page 11]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


3.2.5.  MIME Content Header Fields


   Content-Type:
   Content-Disposition:

   Perform MIME-VALUE downgrading and COMMENT downgrading.

3.2.6.  Non-ASCII in <unstructured>


   Subject:
   Comments:
   Content-Description:

   Perform UNSTRUCTURED downgrading.

3.2.7.  Non-ASCII in <phrase>

   Keywords:

   Perform WORD downgrading.

3.2.8.  Other Header Fields

   There are other header fields that contain non-ASCII strings.  They
   are user-defined and missing from this document, or future defined
   header fields.  They are treated as "Optional Fields" and their field
   values are treated as unstructured described in Section 3.6.8 of
   [RFC5322].

   Perform UNSTRUCTURED downgrading.

   If the software understands the header field's structure and a
   downgrading algorithm other than UNSTRUCTURED is applicable, that
   software SHOULD use that algorithm; UNSTRUCTURED downgrading is used
   as a last resort.

   Mailing list header fields (those that start in "List-") are part of
   this category.

4.  MIME Downgrading

   Both MIME Body-Part header fields and contents of a delivery status
   notification may contain non-ASCII characters.






Fujiwara                 Expires April 25, 2013                [Page 12]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


4.1.  MIME Body-Part Header Field Downgrading

   MIME body-part header fields may contain non-ASCII strings [RFC6532].
   This section defines the conversion method to ASCII-only header
   fields for each MIME header field that contains non-ASCII strings.
   Parse the message body's MIME structure at all levels and check each
   MIME header field to see whether it contains non-ASCII strings.  If
   the header field contains non-ASCII strings in the header field
   value, the header field is a target of the MIME body-part header
   field's downgrading.  Each MIME header field's downgrading method is
   described below.  COMMENT downgrading, MIME-VALUE downgrading, and
   UNSTRUCTURED downgrading are described in Section 3.

   Content-ID:
      The "Content-ID:" header field does not contain non-ASCII strings
      except in comments.  If the header field contains UTF-8 characters
      in comments, perform COMMENT downgrading.

   Content-Type:
   Content-Disposition:
      Perform MIME-VALUE downgrading and COMMENT downgrading.

   Content-Description:
      Perform UNSTRUCTURED downgrading.

4.2.  Delivery Status Notification downgrading

   If the message contains a delivery status notification defined at
   Section 6 of [RFC3461], perform the following tests and conversions.

   If there are "Original-Recipient:" and "Final-Recipient:" header
   fields, and the header fields contain non-ASCII strings, perform
   TYPED-ADDRESS downgrading.

5.  Security Considerations

   The purpose of post-delivery message downgrading is to allow POP/IMAP
   servers to deliver internationalized messages to traditional POP/IMAP
   clients and permit the clients to display those messages.  Users who
   receive such messages can know that they were internationalized.  It
   does not permit receivers to read the messages in their original form
   and, in general, will not permit generating replies, at least without
   significant user intervention.

   A downgraded message's header fields contain ASCII characters only.
   But they still contain MIME-encapsulated header fields that contain
   non-ASCII strings.  Furthermore, the body part may contain UTF-8
   characters.  Implementations parsing Internet messages need to accept



Fujiwara                 Expires April 25, 2013                [Page 13]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   UTF-8 body parts and UTF-8 header fields that are MIME-encoded.
   Thus, this document inherits the security considerations of MIME-
   encoded header fields ([RFC2047] and [RFC3629]).

   Rewriting header fields increases the opportunities for undetected
   spoofing by malicious senders.  However, the rewritten header field
   values are preserved in equivalent MIME form or in newly defined
   header fields for which traditional MUAs have no special processing
   procedures.

   The techniques described here invalidate methods that depend on
   digital signatures over any part of the message, which includes the
   top-level header fields and body-part header fields.  Depending on
   the specific message being downgraded, at least the following
   techniques are likely to break: DomainKeys Identified Mail (DKIM),
   and possibly S/MIME and Pretty Good Privacy (PGP).  The downgrade
   mechanism SHOULD NOT remove signatures even if the signatures will
   fail validation after downgrading.  As much of the information as
   possible from the original message SHOULD be preserved.

   While information in any email header field should usually be treated
   with some suspicion, current email systems commonly employ various
   mechanisms and protocols to make the information more trustworthy.
   Information in the new Downgraded-* header fields is not inspected by
   traditional MUAs, and may be even less trustworthy than the
   traditional header fields.  Note that the Downgraded-* header fields
   could have been inserted with malicious intent (and with content
   unrelated to the traditional header fields), however traditional MUAs
   do not parse Downgraded-* header fields.

   In addition, if an Authentication-Results header field [RFC5451] is
   present, traditional MUAs may treat that the digital signatures are
   valid.

   See the "Security Considerations" section in
   [I-D.leiba-5322upd-from-group] and [RFC6530] for more discussion.

6.  Implementation Notes

6.1.  RFC 2047 Encoding

   While [RFC2047] has a specific algorithm to deal with whitespace in
   adjacent encoded words, there are a number of deployed
   implementations that fail to implement the algorithm correctly.  As a
   result, whitespace behavior is somewhat unpredictable in practice
   when multiple encoded words are used.  While RFC 5322 states that
   implementations SHOULD limit lines to not more than 78 characters,
   implementations MAY choose to allow overly long encoded words in



Fujiwara                 Expires April 25, 2013                [Page 14]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   order to work around faulty [RFC2047] implementations.
   Implementations that choose to do so SHOULD have an optional
   mechanism to limit line length to 78 characters.

7.  IANA Considerations

   [[RFC Editor: Please change "is asked to" to "has" (and change the
   verb correspondingly) when the IESG approval and IANA actions are
   complete.]]

   [RFC5504] specified that no new header fields be registered that
   begin with "Downgraded-".  That restriction is now lifted, and this
   document makes a new set of registrations, replacing the experimental
   fields with standard ones.

7.1.  Obsolescence of Existing Downgraded-* Header Fields

   The "Downgraded-*" header fields that were registered as experimental
   fields in [RFC5504] are no longer in use.  IANA is asked to change
   the status from "experimental" to "obsoleted" for every name in the
   Permanent Message Header Field registry that begins with
   "Downgraded-".

7.2.  Registration of New Downgraded-* Header Fields

   [[RFC Editor: Please change "should be" to "have been" when the IANA
   actions are complete.]]

   The following header fields should be registered in the Permanent
   Message Header Field registry, in accordance with the procedures set
   out in [RFC3864].


   Header field name:  Downgraded-Message-Id
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 3.1.10)

   Header field name:  Downgraded-In-Reply-To
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 3.1.10)







Fujiwara                 Expires April 25, 2013                [Page 15]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   Header field name:  Downgraded-References
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 3.1.10)

   Header field name:  Downgraded-Original-Recipient
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 3.1.10)

   Header field name:  Downgraded-Final-Recipient
   Applicable protocol:  mail
   Status:  standard
   Author/change controller:  IETF
   Specification document(s):  This document (Section 3.1.10)

8.  Acknowledgements

   This document draws heavily from the experimental in-transit message
   downgrading procedure described in RFC 5504 [RFC5504].  The
   contribution of the co-author of that earlier document, Y. Yoneya,
   are gratefully acknowledged.  Significant comments and suggestions
   were received from John Klensin, Barry Leiba, Randall Gellens, Pete
   Resnick, Martin J. Durst, and other WG participants.

9.  References

9.1.  Normative References

   [RFC2045]                       Freed, N. and N. Borenstein,
                                   "Multipurpose Internet Mail
                                   Extensions (MIME) Part One: Format of
                                   Internet Message Bodies", RFC 2045,
                                   November 1996.

   [RFC2047]                       Moore, K., "MIME (Multipurpose
                                   Internet Mail Extensions) Part Three:
                                   Message Header Extensions for Non-
                                   ASCII Text", RFC 2047, November 1996.

   [RFC2119]                       Bradner, S., "Key words for use in
                                   RFCs to Indicate Requirement Levels",
                                   BCP 14, RFC 2119, March 1997.

   [RFC2183]                       Troost, R., Dorner, S., and K. Moore,
                                   "Communicating Presentation



Fujiwara                 Expires April 25, 2013                [Page 16]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


                                   Information in Internet Messages: The
                                   Content-Disposition Header Field",
                                   RFC 2183, August 1997.

   [RFC2231]                       Freed, N. and K. Moore, "MIME
                                   Parameter Value and Encoded Word
                                   Extensions: Character Sets, Languages
                                   , and Continuations", RFC 2231,
                                   November 1997.

   [RFC3461]                       Moore, K., "Simple Mail Transfer
                                   Protocol (SMTP) Service Extension for
                                   Delivery Status Notifications
                                   (DSNs)", RFC 3461, January 2003.

   [RFC3629]                       Yergeau, F., "UTF-8, a transformation
                                   format of ISO 10646", STD 63,
                                   RFC 3629, November 2003.

   [RFC3864]                       Klyne, G., Nottingham, M., and J.
                                   Mogul, "Registration Procedures for
                                   Message Header Fields", BCP 90,
                                   RFC 3864, September 2004.

   [RFC4021]                       Klyne, G. and J. Palme, "Registration
                                   of Mail and MIME Header Fields",
                                   RFC 4021, March 2005.

   [RFC5322]                       Resnick, P., Ed., "Internet Message
                                   Format", RFC 5322, October 2008.

   [RFC5890]                       Klensin, J., "Internationalized
                                   Domain Names for Applications (IDNA):
                                   Definitions and Document Framework",
                                   RFC 5890, August 2010.

   [RFC5891]                       Klensin, J., "Internationalized
                                   Domain Names in Applications (IDNA):
                                   Protocol", RFC 5891, August 2010.

   [RFC6530]                       Klensin, J. and Y. Ko, "Overview and
                                   Framework for Internationalized
                                   Email", RFC 6530, February 2012.

   [RFC6531]                       Yao, J. and W. Mao, "SMTP Extension
                                   for Internationalized Email",
                                   RFC 6531, February 2012.




Fujiwara                 Expires April 25, 2013                [Page 17]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   [RFC6532]                       Yang, A., Steele, S., and N. Freed,
                                   "Internationalized Email Headers",
                                   RFC 6532, February 2012.

   [RFC6533]                       Hansen, T., Newman, C., and A.
                                   Melnikov, "Internationalized Delivery
                                   Status and Disposition
                                   Notifications", RFC 6533,
                                   February 2012.

   [I-D.leiba-5322upd-from-group]  Leiba, B., "Update to Internet
                                   Message Format to Allow Group Syntax
                                   in the "From:" and "Sender:" Header
                                   Fields",
                                   draft-leiba-5322upd-from-group-06
                                   (work in progress), October 2012.

   [I-D.ietf-eai-rfc5721bis]       Gellens, R., Newman, C., Yao, J., and
                                   K. Fujiwara, "POP3 Support for
                                   UTF-8", draft-ietf-eai-rfc5721bis-08
                                   (work in progress), October 2012.

   [I-D.ietf-eai-5738bis]          Resnick, P., Newman, C., and S. Shen,
                                   "IMAP Support for UTF-8",
                                   draft-ietf-eai-5738bis-09 (work in
                                   progress), August 2012.

9.2.  Informative References

   [RFC5451]                       Kucherawy, M., "Message Header Field
                                   for Indicating Message Authentication
                                   Status", RFC 5451, April 2009.

   [RFC5504]                       Fujiwara, K. and Y. Yoneya,
                                   "Downgrading Mechanism for Email
                                   Address Internationalization",
                                   RFC 5504, March 2009.

Appendix A.  Examples

A.1.  Downgrading Example

   This appendix shows an message downgrading example.  Consider a
   received mail message where:

   o  The sender address is a non-ASCII address,
      "NON-ASCII-LOCAL@example.com".  Its display-name is "DISPLAY-
      LOCAL".



Fujiwara                 Expires April 25, 2013                [Page 18]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   o  The "To:" header field contains two non-ASCII addresses,
      "NON-ASCII-REMOTE1@example.net" and
      "NON-ASCII-REMOTE2@example.com" Its display-names are "DISPLAY-
      REMOTE1" and "DISPLAY-REMOTE2".

   o  The "Cc:" header field contains a non-ASCII address,
      "NON-ASCII-REMOTE3@example.org".  Its display-name is "DISPLAY-
      REMOTE3".

   o  Four display names contain non-ASCII characters.

   o  The Subject header field is "NON-ASCII-SUBJECT", which contains
      non-ASCII strings.

   o  The "Message-Id:" header field contains "NON-ASCII-MESSAGE_ID",
      which contains non-ASCII strings.

   o  There is an unknown header field "X-Unknown-Header" which contains
      non-ASCII strings.



   Return-Path: <NON-ASCII-LOCAL@example.com>
   Received: from ... by ... for <NON-ASCII-REMOTE1@example.net>
   Received: from ... by ... for <NON-ASCII-REMOTE1@example.net>
   From: DISPLAY-LOCAL <NON-ASCII-LOCAL@example.com>
   To: DISPLAY-REMOTE1 <NON-ASCII-REMOTE1@example.net>,
       DISPLAY-REMOTE2 <NON-ASCII-REMOTE2@example.com>
   Cc: DISPLAY-REMOTE3 <NON-ASCII-REMOTE3@example.org>
   Subject: NON-ASCII-SUBJECT
   Date: Mon, 30 Jul 2012 01:23:45 -0000
   Message-Id: NON-ASCII-MESSAGE_ID
   Mime-Version: 1.0
   Content-Type: text/plain; charset="UTF-8"
   Content-Transfer-Encoding: 8bit
   X-Unknown-Header: NON-ASCII-CHARACTERS

   MAIL_BODY


                 Figure 1: Received message in a mail drop

   The downgraded message is shown in Figure 2.  "Return-Path:",
   "From:", "To:" and "Cc:" header fields are rewritten.  "Subject:" and
   "X-Unknown-Header:" header fields are encoded using [RFC2047].
   "Message-Id:" header field is encapsulated as
   "Downgraded-Message-Id:" header field.




Fujiwara                 Expires April 25, 2013                [Page 19]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   Return-Path: =?UTF-8?Q?NON-ASCII-LOCAL@example.com?= :;
   Received: from ... by ...
   Received: from ... by ...
   From: =?UTF-8?Q?DISPLAY-LOCAL?=
         =?UTF-8?Q?NON-ASCII-LOCAL@example.com?= :;
   To:   =?UTF-8?Q?DISPLAY-REMOTE1?=
         =?UTF-8?Q?NON-ASCII-REMOTE1@example.net?= :;,
         =?UTF-8?Q?DISPLAY-REMOTE2?=
         =?UTF-8?Q?NON-ASCII-REMOTE2@example.com?= :;,
   Cc:   =?UTF-8?Q?DISPLAY-REMOTE3?=
         =?UTF-8?Q?NON-ASCII-REMOTE3@example.org?= :;
   Subject: =?UTF-8?Q?NON-ASCII-SUBJECT?=
   Date: Mon, 30 Jul 2012 01:23:45 -0000
   Downgraded-Message-Id: =?UTF-8?Q?MESSAGE_ID?=
   Mime-Version: 1.0
   Content-Type: text/plain; charset="UTF-8"
   Content-Transfer-Encoding: 8bit
   X-Unknown-Header: =?UTF-8?Q?NON-ASCII-CHARACTERS?=

   MAIL_BODY


                       Figure 2: Downgraded message

Appendix B.  Change History

   [[RFC Editor: Please remove this section prior to publication.]]

   This section is used for tracking the update of this document.  Will
   be removed after finalize.

B.1.  Version 00

   o  Initial version

   o  Imported header field downgrading from RFC 5504

B.2.  Version 01

   o  same as Version 00

B.3.  Version 02

   o  Added updating RFC 5322 to allow <group> syntax in From: and
      Sender

   o  Added GROUP Downgrading




Fujiwara                 Expires April 25, 2013                [Page 20]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


B.4.  Version 03

   o  Replaced <utf8-addr-spec> with <addr-spec>

   o  Added updating RFC 5322 to allow <group> syntax in From: and
      Sender

   o  Added one sentence in Security considerations

   o  Updated IANA considerations

B.5.  Version 04

   o  Removed "Internationalized Address removed" from GROUP and MAILBOX
      downgrading

   o  Updated "Updating RFC 5322"

   o  Compacted new header field definition

   o  Compacted security considerations

   o  Updated IANA considerations to remove obsoleting header fields
      that are registered by RFC 5504

   o  Added a discussion of alternate downgrading models for the POP and
      IMAP cases.

   o  Incorporated a large number of editorial changes to improve
      clarity.

B.6.  Version 05

   o  Some text corrections

   o  Terminology change: only to use non-ASCII address, non-ASCII
      message, non-ASCII string and imported them from RFC 6530 and RFC
      6532

   o  Replace "non-ASCII character" with "non-ASCII string"

   o  Removed 5.1.1.  RECEIVED Downgrading

B.7.  Version 06

   o  Removed "Updating RFC 5322"





Fujiwara                 Expires April 25, 2013                [Page 21]

Internet-Draft             POP/IMAP Downgrade                   Oct 2012


   o  Added reference to draft-leiba-5322upd-from-group

B.8.  Version 07

   o  Updated by WGLC comments

   o  Fixed Received downgrading and added to refer "RFC 6531", "RFC
      5890", "RFC 5891"

   o  Added Domain downgrading for Received, Group and Mailbox

   o  Swapped section 3 and 4

B.9.  Version 08

   o  Updated by IETF Last call and IESG comments

   o  Removed "Address Header Fields with Typed Addresses" and added
      "Delivery Status Notification downgrading" in MIME downgrading

   o  Added a space between display-name and ENCODED_WORD.

   o  Moved "ENCAPSULATION: A Last Resort" from section 4 to section
      3.1.10.

   o  Updated address header fields downgrading

   o  Updated introduction, security considerations and iana
      considerations

Author's Address

   Kazunori Fujiwara
   Japan Registry Services Co., Ltd.
   Chiyoda First Bldg. East 13F, 3-8-1 Nishi-Kanda
   Chiyoda-ku, Tokyo  101-0065
   Japan

   Phone: +81 3 5215 8451
   EMail: fujiwara@jprs.co.jp











Fujiwara                 Expires April 25, 2013                [Page 22]


Html markup produced by rfcmarkup 1.107, available from http://tools.ietf.org/tools/rfcmarkup/