draft-ietf-calsify-rfc2447bis-01.txt   draft-ietf-calsify-rfc2447bis-02.txt 
Document: draft-ietf-calsify-rfc2447bis-01.txt A. Melnikov Document: draft-ietf-calsify-rfc2447bis-02.txt A. Melnikov
Intended category: Standard Track Editor Intended category: Standard Track Editor
iCalendar Message-Based Interoperability Protocol iCalendar Message-Based Interoperability Protocol
(iMIP) (iMIP)
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
skipping to change at page 1, line 43 skipping to change at page 1, line 43
and suggestions for improvement are requested, and should be sent to and suggestions for improvement are requested, and should be sent to
the CALSIFY Mailing list <ietf-calsify@osafoundation.org>. the CALSIFY Mailing list <ietf-calsify@osafoundation.org>.
Distribution of this document is unlimited. Distribution of this document is unlimited.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
This document, [iMIP], specifies a binding from the iCalendar This document, iCalendar Message-Based Interoperability Protocol
Transport-independent Interoperability Protocol (iTIP) to Internet (iMIP), specifies a binding from the iCalendar Transport-independent
email-based transports. Calendaring entries defined by the iCalendar Interoperability Protocol (iTIP) to Internet email-based transports.
Object Model [iCAL] are composed using constructs from [RFC-2822], Calendaring entries defined by the iCalendar Object Model (iCAL) are
[RFC-2045], [RFC-2046], [RFC-2047], [RFC-2048] and [RFC-2049]. composed using constructs from RFC 2822, RFC 2045, RFC 2046,
RFC 2047, RFC 2048 and RFC 2049.
This document is a product of Calendaring and Scheduling Standards This document is a product of Calendaring and Scheduling Standards
Simplification (calsify) working group. More information about the Simplification (calsify) working group. More information about the
IETF CALSIFY working group activities can be found on the IETF web IETF CALSIFY working group activities can be found on the IETF web
site at <http://www.ietf.org/html.charters/calsify-charter.html>. site at <http://www.ietf.org/html.charters/calsify-charter.html>.
Table of Contents Table of Contents
1 INTRODUCTION........................................................2 1 INTRODUCTION........................................................2
1.1 RELATED MEMOS ...................................................2 1.1 RELATED MEMOS ...................................................2
skipping to change at page 4, line 20 skipping to change at page 4, line 20
concepts or definitions. concepts or definitions.
1.2 Formatting Conventions 1.2 Formatting Conventions
The mechanisms defined in this memo are defined in prose. In order to The mechanisms defined in this memo are defined in prose. In order to
refer to elements of the calendaring and scheduling model, core refer to elements of the calendaring and scheduling model, core
object or interoperability protocol defined in [iCAL] and [iTIP] some object or interoperability protocol defined in [iCAL] and [iTIP] some
formatting conventions have been used. formatting conventions have been used.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY" and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC-2119]. document are to be interpreted as described in RFC 2119 [RFC-2119].
Calendaring and scheduling roles are referred to in quoted-strings of Calendaring and scheduling roles are referred to in quoted-strings of
text with the first character of each word in upper case. For text with the first character of each word in upper case. For
example, "Organizer" refers to a role of a "Calendar User" within the example, "Organizer" refers to a role of a "Calendar User" within the
scheduling protocol defined by [iTIP]. scheduling protocol defined by [iTIP].
Calendar components defined by [iCAL] are referred to with Calendar components defined by [iCAL] are referred to with
capitalized, quoted-strings of text. All calendar components start capitalized, quoted-strings of text. All calendar components start
with the letter "V". For example, "VEVENT" refers to the event with the letter "V". For example, "VEVENT" refers to the event
calendar component, "VTODO" refers to the to-do calendar component calendar component, "VTODO" refers to the to-do calendar component
skipping to change at page 6, line 27 skipping to change at page 6, line 27
2.2.2 Authentication 2.2.2 Authentication
Authentication can be performed using an implementation of [RFC-1847] Authentication can be performed using an implementation of [RFC-1847]
"multipart/signed" that supports public/private key certificates. "multipart/signed" that supports public/private key certificates.
Authentication is possible only on messages that have been signed. Authentication is possible only on messages that have been signed.
Authenticating an unsigned message may not be reliable. Authenticating an unsigned message may not be reliable.
2.2.3 Confidentiality 2.2.3 Confidentiality
To ensure confidentiality using iMIP implementations should utilize To ensure confidentiality using iMIP implementations should utilize
[RFC-1847]-compliant encryption. The protocol does not restrict a encryption compliant with [RFC-1847]. The protocol does not restrict
"Calendar User Agent" (CUA) from forwarding iCalendar objects to a "Calendar User Agent" (CUA) from forwarding iCalendar objects to
other users or agents. other users or agents.
2.3 [RFC-2822] Addresses 2.3 [RFC-2822] Addresses
The calendar address specified within the "ATTENDEE" property in an The calendar address specified within the "ATTENDEE" property in an
iCalendar object MUST be a fully qualified, [RFC-2822] address iCalendar object MUST be a fully qualified, [RFC-2822] address
specification for the corresponding "Organizer" or "Attendee" of the specification for the corresponding "Organizer" or "Attendee" of the
"VEVENT" or "VTODO". "VEVENT" or "VTODO".
Because [iTIP] does not preclude "Attendees" from forwarding Because [iTIP] does not preclude "Attendees" from forwarding
skipping to change at page 7, line 11 skipping to change at page 7, line 11
"text/calendar". The [RFC-2045] "Content-Type" header field MUST also "text/calendar". The [RFC-2045] "Content-Type" header field MUST also
include the type parameter "method". The value MUST be the same as include the type parameter "method". The value MUST be the same as
the value of the "METHOD" calendar property within the iCalendar the value of the "METHOD" calendar property within the iCalendar
object. This means that a MIME message containing multiple iCalendar object. This means that a MIME message containing multiple iCalendar
objects with different method values must be further encapsulated objects with different method values must be further encapsulated
with a "multipart/mixed" MIME entity. This will allow each of the with a "multipart/mixed" MIME entity. This will allow each of the
iCalendar objects to be encapsulated within their own "text/calendar" iCalendar objects to be encapsulated within their own "text/calendar"
MIME entity. MIME entity.
Note that according to [iCAL] the default character set for iCalendar Note that according to [iCAL] the default character set for iCalendar
objects is UTF-8 [UTF-8]. However the default character set for an objects is UTF-8 [UTF-8]. However the default character set for a
RFC 2822 message is US-ASCII. Thus a "charset" parameter MUST be "text/*" MIME entity [RFC-2046] is US-ASCII. Thus a "charset"
present if the iCalendar object contains characters that are not part parameter MUST be present if the iCalendar object contains characters
of the US-ASCII character set. [RFC-2046] discusses the selection of that are not part of the US-ASCII character set. [RFC-2046] discusses
an appropriate "charset" value. the selection of an appropriate "charset" value.
The optional "component" parameter defines the iCalendar component The optional "component" parameter defines the iCalendar component
type contained within the iCalendar object. type contained within the iCalendar object.
The following is an example of this header field with a value that The following is an example of this header field with a value that
indicates an event message. indicates an event message.
Content-Type: text/calendar; method=request; charset=UTF-8; Content-Type: text/calendar; method=request; charset=UTF-8;
component=vevent component=vevent
skipping to change at page 7, line 41 skipping to change at page 7, line 41
In order to permit the information in the scheduling message to be In order to permit the information in the scheduling message to be
understood by MIME user agents (UA) that do not support the understood by MIME user agents (UA) that do not support the
"text/calendar" content type, scheduling messages SHOULD be sent with "text/calendar" content type, scheduling messages SHOULD be sent with
an alternative, human-readable form of the information. an alternative, human-readable form of the information.
Note that "multiple/alternative" MUST NOT be used to represent two Note that "multiple/alternative" MUST NOT be used to represent two
slightly different iCalendar objects, for example two VEVENT with slightly different iCalendar objects, for example two VEVENT with
alternative starting times. alternative starting times.
<<CUA can use language and other parameters to pick a "text/calendar"
part if a "multipart/alternative" MIME message contains more than one
"text/calendar" part.>>
Any receiving UA compliant with this specification MUST be able to Any receiving UA compliant with this specification MUST be able to
process "text/calendar" body parts enclosed within "multipart/*". process "text/calendar" body parts enclosed within "multipart/*".
Note that a "multipart/mixed" MIME message can include multiple Note that a "multipart/mixed" MIME message can include multiple
"text/calendar" components. The receiving UA MUST be able to process "text/calendar" components. The receiving UA MUST be able to process
all of them. <<Should infinite multipart/mixed nesting be allowed?>> all of them.
2.5 Content-Transfer-Encoding 2.5 Content-Transfer-Encoding
Unless iMIP message is transported over 8-bit clean transport (such Unless iMIP message is transported over 8-bit clean transport (such
as SMTP [8BITMIME]), a transfer encoding such as quoted-printable or as SMTP [8BITMIME]), a transfer encoding such as quoted-printable or
base64 [RFC 2045] MUST be used for iCalendar objects containing any base64 [RFC-2045] MUST be used for iCalendar objects containing any
characters that are not part of the US-ASCII character set. characters that are not part of the US-ASCII character set.
<<Add examples of 8bit and quoted-printable>> <<Add examples of 8bit and quoted-printable>>
2.6 Content-Disposition 2.6 Content-Disposition
Implementations MAY include a "Content-Disposition" header field to Implementations MAY include a "Content-Disposition" header field to
define a file name for an iCalendar object. However, the handling of define a file name for an iCalendar object. However, the handling of
a MIME part MUST be based on its [RFC-2045] "Content-Type" and not on a MIME part MUST be based on its [RFC-2045] "Content-Type" and not on
the extension specified in the "Content-Disposition", as different the extension specified in the "Content-Disposition", as different
skipping to change at page 9, line 23 skipping to change at page 9, line 23
the requested operation. Compliant applications MUST support signing the requested operation. Compliant applications MUST support signing
and encrypting text/calendar attachments using a mechanism based on and encrypting text/calendar attachments using a mechanism based on
Security Multiparts for MIME [RFC-1847] to facilitate the Security Multiparts for MIME [RFC-1847] to facilitate the
authentication the originator of the iCalendar object. authentication the originator of the iCalendar object.
Implementations MAY provide a means for users to disable signing and Implementations MAY provide a means for users to disable signing and
encrypting. The steps are described below: encrypting. The steps are described below:
1. The iCalendar object MUST be signed by the "Organizer" sending an 1. The iCalendar object MUST be signed by the "Organizer" sending an
update or the "Attendee" sending a reply. update or the "Attendee" sending a reply.
2. Using the [RFC-1847]-compliant security mechanism, determine who 2. Using the compliant security mechanism with [RFC-1847], determine
signed the iCalendar object. This is the "signer". Note that the who signed the iCalendar object. This is the "signer". Note that the
signer is not necessarily the person sending an e-mail message since signer is not necessarily the person sending an e-mail message since
an e-mail message can be forwarded. an e-mail message can be forwarded.
3. Correlate the signer to an "ATTENDEE" property in the iCalendar 3. Correlate the signer to an "ATTENDEE" property in the iCalendar
object. If the signer cannot be correlated to an "ATTENDEE" property, object. If the signer cannot be correlated to an "ATTENDEE" property,
ignore the message. ignore the message.
4. Determine whether or not the "ATTENDEE" is authorized to perform 4. Determine whether or not the "ATTENDEE" is authorized to perform
the operation as defined by [iTIP]. If the conditions are not met, the operation as defined by [iTIP]. If the conditions are not met,
ignore the message. ignore the message.
skipping to change at page 9, line 47 skipping to change at page 9, line 47
To address the confidentiality security threats, signed iMIP messages To address the confidentiality security threats, signed iMIP messages
SHOULD be encrypted by a mechanism based on Security Multiparts for SHOULD be encrypted by a mechanism based on Security Multiparts for
MIME [RFC-1847]. MIME [RFC-1847].
It is possible to receive iMIP messages sent by someone working on It is possible to receive iMIP messages sent by someone working on
behalf of another "Calendar User". This is determined by examining behalf of another "Calendar User". This is determined by examining
the "sent-by" parameter in the relevant "ORGANIZER" or "ATTENDEE" the "sent-by" parameter in the relevant "ORGANIZER" or "ATTENDEE"
property. [iCAL] and [iTIP] provide no mechanism to verify that a property. [iCAL] and [iTIP] provide no mechanism to verify that a
"Calendar User" has authorized someone else to work on their behalf. "Calendar User" has authorized someone else to work on their behalf.
To address this security issue, implementations MUST provide To address this security issue, <<implementations MUST provide
mechanisms for the "Calendar Users" to make that decision before mechanisms for the "Calendar Users" to make that decision before
applying changes from someone working on behalf of a "Calendar User". applying changes from someone working on behalf of a "Calendar
User">>.
A security consideration associated with use of Content-Disposition A security consideration associated with use of Content-Disposition
header field is described in section 2.6. header field is described in section 2.6.
4 Examples 4 Examples
4.1 Single Component With An ATTACH Property 4.1 Single Component With An ATTACH Property
This minimal message shows how an iCalendar object references an This minimal message shows how an iCalendar object references an
attachment. The attachment is accessible via its URL. attachment. The attachment is accessible via its URL.
skipping to change at page 11, line 47 skipping to change at page 12, line 47
This example shows how a message containing an iCalendar object This example shows how a message containing an iCalendar object
references an attached document. The reference is made using a references an attached document. The reference is made using a
Content-id (CID). Thus, the iCalendar object and the document are Content-id (CID). Thus, the iCalendar object and the document are
packaged in a multipart/related encapsulation. packaged in a multipart/related encapsulation.
From: foo1@example.com From: foo1@example.com
To: foo2@example.com To: foo2@example.com
Subject: Phone Conference Subject: Phone Conference
Mime-Version: 1.0 Mime-Version: 1.0
Content-Type: multipart/related; boundary="boundary-example-1"; Content-Type: multipart/related; boundary="boundary-example-1"
type=text/calendar
--boundary-example-1 --boundary-example-1
Content-Type: text/calendar; method=REQUEST; charset=US-ASCII Content-Type: text/calendar; method=REQUEST; charset=US-ASCII
Content-Transfer-Encoding: 7bit Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="event.vcs" Content-Disposition: attachment; filename="event.vcs"
BEGIN:VCALENDAR BEGIN:VCALENDAR
PRODID:-//ACME/DesktopCalendar//EN PRODID:-//ACME/DesktopCalendar//EN
METHOD:REQUEST METHOD:REQUEST
VERSION:2.0 VERSION:2.0
BEGIN:VEVENT BEGIN:VEVENT
ORGANIZER:mailto:foo1@example.com ORGANIZER:mailto:foo1@example.com
skipping to change at page 17, line 5 skipping to change at page 18, line 5
are defined in [RFC-2392]. Although [RFC-2392] allows referencing are defined in [RFC-2392]. Although [RFC-2392] allows referencing
messages or MIME body parts in other MIME entities or stores, it is messages or MIME body parts in other MIME entities or stores, it is
strongly recommended that iMIP implementations include all referenced strongly recommended that iMIP implementations include all referenced
messages and body parts in a single MIME entity. Simply put, if an messages and body parts in a single MIME entity. Simply put, if an
iCalendar object contains CID or MID references to other messages or iCalendar object contains CID or MID references to other messages or
body parts, implementations should ensure that these messages and/or body parts, implementations should ensure that these messages and/or
body parts are transmitted with the iCalendar object. If they are not body parts are transmitted with the iCalendar object. If they are not
there is no guarantee that the receiving CUA will have the access or there is no guarantee that the receiving CUA will have the access or
the authorization to view those objects. the authorization to view those objects.
6 References 6 IANA Considerations
6.1 Normative References Registration of text/calendar MIME Media Type is done in [iCal].
[iCAL] Dawson, F. and D. Stenerson, "Internet Calendaring and This document doesn't require any additional actions from IANA.
Scheduling Core Object Specification - iCalendar", RFC 2445, November
1998. 7 References
7.1 Normative References
[iCAL] Desruisseaux, B., (Ed.), "Internet Calendaring and
Scheduling Core Object Specification (iCalendar)", work in progress,
draft-ietf-calsify-rfc2445bis-XX.txt (Updated RFC 2445)
[iTIP] Daboo, C., "iCalendar Transport-Independent [iTIP] Daboo, C., "iCalendar Transport-Independent
Interoperability Protocol (iTIP)", work in progress, draft-ietf- Interoperability Protocol (iTIP)", work in progress, draft-ietf-
calsify-2446bis-XX.txt (Updates RFC 2446) calsify-2446bis-XX.txt (Updates RFC 2446)
[RFC-2822] Resnick, P., "Internet Message Format", RFC 2822, April [RFC-2822] Resnick, P., "Internet Message Format", RFC 2822, April
2001. 2001.
[RFC-1847] Galvin, J., Murphy, S., Crocker, S. and N. Freed, [RFC-1847] Galvin, J., Murphy, S., Crocker, S. and N. Freed,
"Security Multiparts for MIME: Multipart/Signed and "Security Multiparts for MIME: Multipart/Signed and
skipping to change at page 17, line 52 skipping to change at page 19, line 9
[RFC-2392] Levinson, E., "Content-ID and Message-ID Uniform Resource [RFC-2392] Levinson, E., "Content-ID and Message-ID Uniform Resource
Locators", RFC 2392, August 1998. Locators", RFC 2392, August 1998.
[RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC-2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646", [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
STD 63, RFC 3629, November 2003. STD 63, RFC 3629, November 2003.
6.2 Informative References 7.2 Informative References
[8BITMIME] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D. [8BITMIME] Klensin, J., Freed, N., Rose, M., Stefferud, E., and D.
Crocker, "SMTP Service Extension for 8bit-MIMEtransport", RFC 1652, Crocker, "SMTP Service Extension for 8bit-MIMEtransport", RFC 1652,
July 1994. July 1994.
7 Editor's Addresses 8 Editor's Addresses
The following address information is provided in a vCard v3.0, The following address information is provided in a vCard v3.0,
Electronic Business Card, format. Electronic Business Card, format.
BEGIN:VCARD BEGIN:VCARD
VERSION:3.0 VERSION:3.0
N:Melnikov;Alexey N:Melnikov;Alexey
FN:Alexey Melnikov FN:Alexey Melnikov
ORG:Isode Ltd. ORG:Isode Ltd.
ADR;TYPE=WORK,POSTAL,PARCEL:;;5 Castle Business Village, ADR;TYPE=WORK,POSTAL,PARCEL:;;5 Castle Business Village,
36 Station Road;Hampton;Middlesex;TW12 2BX;UK 36 Station Road;Hampton;Middlesex;TW12 2BX;UK
EMAIL;TYPE=INTERNET:Alexey.Melnikov@isode.com EMAIL;TYPE=INTERNET:Alexey.Melnikov@isode.com
END:VCARD END:VCARD
8. Full Copyright Statement 9. Full Copyright Statement
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET
ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE
INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Acknowledgement Acknowledgement
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
9. Intellectual Property 10. Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
skipping to change at line 784 skipping to change at page 21, line 49
attempt made to obtain a general license or permission for the use of attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf- this standard. Please address the information to the IETF at ietf-
ipr@ietf.org. ipr@ietf.org.
Appendix A. Changes since RFC 2447.
Updated references. Split them into Normative and Informative.
Updated examples to use example.com/example.net domains.
Corrected usage of RFC 2119 language.
Clarified that charset=UTF-8 is required, unless the calendar can be
entirely represented in US-ASCII.
Clarified that 7-bit content transfer encodings should be used unless
the calendar object is known to be transferred over 8-bit clean
transport.
Clarified that file extension specified in the Content-Disposition
header field is not to be used to override the Content-Type MIME
type.
Disallow use of "multiple/alternative" for slightly different
representations of the same calendar.
<<TBD>>
 End of changes. 22 change blocks. 
33 lines changed or deleted 45 lines changed or added

This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/