[Docs] [txt|pdf|xml|html] [Tracker] [Email] [Diff1] [Diff2] [Nits]

Versions: 00 01 02 03 04 05 RFC 5248

Network Working Group                                          T. Hansen
Internet-Draft                                         AT&T Laboratories
Updates: 3463,4468                                            J. Klensin
(if approved)                                               July 8, 2007
Intended status: Standards Track
Expires: January 9, 2008


         A Registry for SMTP Enhanced Mail System Status Codes
                draft-hansen-4468upd-mailesc-registry-02

Status of this Memo

   By submitting this Internet-Draft, each author represents that any
   applicable patent or other IPR claims of which he or she is aware
   have been or will be disclosed, and any of which he or she becomes
   aware will be disclosed, in accordance with Section 6 of BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt.

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html.

   This Internet-Draft will expire on January 9, 2008.

Copyright Notice

   Copyright (C) The IETF Trust (2007).












Hansen & Klensin         Expires January 9, 2008                [Page 1]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


Abstract

   This document establishes an IANA registry for SMTP Enhanced Status
   Codes.


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . .  4
   3.  Security Considerations  . . . . . . . . . . . . . . . . . . .  7
   4.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . .  8
   5.  References . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     5.1.  Normative References . . . . . . . . . . . . . . . . . . .  9
     5.2.  Informative References . . . . . . . . . . . . . . . . . .  9
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
   Intellectual Property and Copyright Statements . . . . . . . . . . 12


































Hansen & Klensin         Expires January 9, 2008                [Page 2]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


1.  Introduction

   Enhanced Status Codes for SMTP were first defined in [RFC1893],
   subsequently replaced by [RFC3463].  Since that time, various RFCs
   have been published and internet drafts proposed that define further
   status codes.  However, no IANA registry was defined for the status
   codes and conflicts in definitions have begun to appear.  This RFC
   defines such an IANA registry and was written to help prevent further
   conflicts from appearing in the future.

   This document is being discussed on the SMTP mailing list,
   ietf-smtp@imc.org [1].







































Hansen & Klensin         Expires January 9, 2008                [Page 3]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


2.  IANA Considerations

   IANA is directed to create the registry Mail Enhanced Status Codes.
   In the terms of [RFC2434], values of Enhanced Status Codes must be
   registered with IANA under the IETF Review (formerly known as the
   IETF Consensus) method.  (Specifically, new values are assigned only
   through RFCs that have been shepherded through the IESG as IETF (AD-
   Sponsored or WG) documents.)

   The Mail Enhanced Status Codes registry will have three tables:

   o  class sub-code,

   o  subject sub-code, and

   o  enumerated status codes, which include both a subject sub-code and
      a detail sub-code.

   Each entry in the tables will include:

   1.  The sub-code or enumerated status code, which will be a numeric
       code consisting of three components, as specified in RFC 3463.

   2.  Text expected to be associated with the code.

   3.  A short description of the code, including the basic reply code
       of RFC 2821 [RFC2821] with which it is associated.

   4.  A reference to the document in which the code is defined.  This
       reference should note whether the relevant specification is
       standards-track or not.

   5.  The identity of the submitter or registrant ("IESG" in the case
       of IETF-produced documents).

   An example of an entry in the enumerated status code table would be:

   X.0.0 Other undefined Status
      Other undefined status is the only undefined error code.
      X.0.0 should be used for all errors for which only the class of
      the error is known.

      Defined in RFC 3463.

      Registered by IESG.

   The initial values for the class and subject sub-code tables is to be
   populated from section 2 of [RFC3463].  Specifically, these are the



Hansen & Klensin         Expires January 9, 2008                [Page 4]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


   values for 2.XXX.XXX, 4.XXX.XXX and 5.XXX.XXX for the class sub-code
   table, and the values X.0.XXX, X.1.XXX, X.2.XXX, X.3.XXX, X.4.XXX,
   X.5.XXX, X.6.XXX and X.7.XXX for the subject sub-code table.  Each
   entry is to be designated as defined in RFC 3463 and registered by
   IESG.

   The initial values for the enumerated status code table is to be
   populated from sections 3.1 through 3.8 of [RFC3463], (X.0.0, X.1.0
   through X.1.8, X.2.0 through X.2.4, X.3.0 through X.3.5, X.4.0
   through X.4.7, X.5.0 through X.5.5, X.6.0 through X.6.5, and X.7.0
   through X.7.7) section 3.3.4 of [RFC3886] (X.1.9), and the definition
   of X.6.6 found in section 5 of [RFC4468].  Each entry is to be
   designated as defined in the corresponding RFC and registered by
   IESG.

   The following additional definitions are to be registered in the
   enumerated status code table.

   X.5.6 Authentication Exchange line is too long
      This enhanced status code SHOULD be returned when the server fails
      the AUTH command due to the client sending a response which is
      longer than the maximum buffer size available for the currently
      selected SASL mechanism.
      Defined by RFC XXXX.  Registered by IESG.

   X.7.8 Trust relationship required or Authentication credentials
   invalid
      Because of conflicting definitions in different documents, this
      value should no longer be used.
      Defined by RFC XXXX.  Registered by IESG.

   X.7.9 Authentication mechanism is too weak
      This response to the AUTH command indicates that the selected
      authentication mechanism is weaker than server policy permits for
      that user.  The client SHOULD retry with a new authentication
      mechanism.
      Defined by RFC XXXX.  Registered by IESG.

   X.7.10 Encryption Needed
      This indicates that external strong privacy layer is needed in
      order to use the requested authentication mechanism.  This is
      primarily intended for use with clear text authentication
      mechanisms.  A client which receives this may activate a security
      layer such as TLS prior to authenticating, or attempt to use a
      stronger mechanism.
      Defined by RFC XXXX.  Registered by IESG.





Hansen & Klensin         Expires January 9, 2008                [Page 5]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


   X.7.11 Encryption required for requested authentication mechanism
      This indicates the user's passphrase or passphrase has expired and
      needs to be changed.  Many sites have a policy which forbids a
      passphrase or passphrase from being used too long.  These sites
      will set a time period after which passphrases must be changed.
      Some sites also pre-expire passphrases set by a system
      administrator, such that a user must change their passphrase prior
      to using their account.  A client which receives this error code
      can treat it as a user request to change her passphrase.
      Defined by RFC XXXX.  Registered by IESG.

   X.7.12 A password transition is needed
      This response to the AUTH command indicates that the user needs to
      transition to the selected authentication mechanism.  This is
      typically done by authenticating once using the [PLAIN]
      authentication mechanism.  The selected mechanism SHOULD then work
      for authentications in subsequent sessions.
      Defined by RFC XXXX.  Registered by IESG.

   X.7.13 User Account Disabled
      Sometimes a system administrator will have to disable a user's
      account (e.g., due to lack of payment, abuse, evidence of a
      break-in attempt, etc).  This error code occurs after a successful
      authentication to a disabled account.  This informs the client
      that the failure is permanent until the user contacts their system
      administrator to get the account re- enabled.  It differs from a
      generic authentication failure where the client's best option is
      to present the passphrase entry dialog in case the user simply
      mistyped their passphrase.
      Defined by RFC XXXX.  Registered by IESG.

   X.7.14 Trust relationship required
      The submission server requires a configured trust relationship
      with a third-party server in order to access the message content.
      This value replaces the prior use of X.7.8 for this error
      condition.
      Defined by RFC XXXX.  Registered by IESG.

   X.7.15 Authentication credentials invalid
      Authentication failed due to invalid or insufficient
      authentication credentials.  This value replaces the prior use of
      X.7.8 for this error condition, thereby updating [RFC4468].
      Defined by RFC XXXX.  Registered by IESG.








Hansen & Klensin         Expires January 9, 2008                [Page 6]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


3.  Security Considerations

   As stated in [RFC1893], use of enhanced status codes may disclose
   additional information about how an internal mail system is
   implemented beyond that available through the SMTP status codes.

   Many proposed additions to the response code list are security
   related.  Having these registered in one place to prevent collisions
   will improve their value.  Security error responses can leak
   information to active attackers (e.g., the distinction between "user
   not found" and "bad password" during authentication).  Documents
   defining security error codes should make it clear when this is the
   case so SMTP server software subject to such threats can provide
   appropriate controls to restrict exposure.





































Hansen & Klensin         Expires January 9, 2008                [Page 7]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


4.  Acknowledgements

   Thanks go to the members of the ietf-smtp@imc.org [1] mailing list.
















































Hansen & Klensin         Expires January 9, 2008                [Page 8]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


5.  References

5.1.  Normative References

   [RFC3463]  Vaudreuil, G., "Enhanced Mail System Status Codes",
              RFC 3463, January 2003.

   [RFC2821]  Klensin, J., "Simple Mail Transfer Protocol", RFC 2821,
              April 2001.

   [RFC3886]  Allman, E., "An Extensible Message Format for Message
              Tracking Responses", RFC 3886, September 2004.

   [RFC4468]  Newman, C., "Message Submission BURL Extension", RFC 4468,
              May 2006.

5.2.  Informative References

   [RFC1893]  Vaudreuil, G., "Enhanced Mail System Status Codes",
              RFC 1893, January 1996.

   [RFC2434]  Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", BCP 26, RFC 2434,
              October 1998.



























Hansen & Klensin         Expires January 9, 2008                [Page 9]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


URIs

   [1]  <mailto:ietf-smtp@imc.org>
















































Hansen & Klensin         Expires January 9, 2008               [Page 10]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


Authors' Addresses

   Tony Hansen
   AT&T Laboratories
   200 Laurel Ave.
   Middletown, NJ  07748
   USA

   Email: tony+mailesc@maillennium.att.com


   John C Klensin
   1770 Massachusetts Ave, Ste 322
   Cambridge, MA  02140
   USA

   Phone: +1 617 245 1457
   Email: john+ietf@jck.com

































Hansen & Klensin         Expires January 9, 2008               [Page 11]


Internet-Draft     SMTP Enhanced Status Code Registry          July 2007


Full Copyright Statement

   Copyright (C) The IETF Trust (2007).

   This document is subject to the rights, licenses and restrictions
   contained in BCP 78, and except as set forth therein, the authors
   retain all their rights.

   This document and the information contained herein are provided on an
   "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
   OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
   THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
   OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
   THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
   WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.


Intellectual Property

   The IETF takes no position regarding the validity or scope of any
   Intellectual Property Rights or other rights that might be claimed to
   pertain to the implementation or use of the technology described in
   this document or the extent to which any license under such rights
   might or might not be available; nor does it represent that it has
   made any independent effort to identify any such rights.  Information
   on the procedures with respect to rights in RFC documents can be
   found in BCP 78 and BCP 79.

   Copies of IPR disclosures made to the IETF Secretariat and any
   assurances of licenses to be made available, or the result of an
   attempt made to obtain a general license or permission for the use of
   such proprietary rights by implementers or users of this
   specification can be obtained from the IETF on-line IPR repository at
   http://www.ietf.org/ipr.

   The IETF invites any interested party to bring to its attention any
   copyrights, patents or patent applications, or other proprietary
   rights that may cover technology that may be required to implement
   this standard.  Please address the information to the IETF at
   ietf-ipr@ietf.org.


Acknowledgment

   Funding for the RFC Editor function is provided by the IETF
   Administrative Support Activity (IASA).





Hansen & Klensin         Expires January 9, 2008               [Page 12]


Html markup produced by rfcmarkup 1.129b, available from https://tools.ietf.org/tools/rfcmarkup/