draft-ietf-msgtrk-mtqp-03.txt   draft-ietf-msgtrk-mtqp-04.txt 
Internet Draft T. Hansen Internet Draft T. Hansen
draft-ietf-msgtrk-mtqp-03.txt AT&T Laboratories draft-ietf-msgtrk-mtqp-04.txt AT&T Laboratories
Valid for six months July 1, 2001 Valid for six months November 20, 2001
Message Tracking Query Protocol Message Tracking Query Protocol
<draft-ietf-msgtrk-mtqp-03.txt> <draft-ietf-msgtrk-mtqp-04.txt>
Authors' version: 1.7 Authors' version: 1.10
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that other Task Force (IETF), its areas, and its working groups. Note that other
groups may also distribute working documents as Internet-Drafts. groups may also distribute working documents as Internet-Drafts.
skipping to change at page 2, line 21 skipping to change at page 2, line 21
The Message Tracking Models and Requirements document [DRAFT- The Message Tracking Models and Requirements document [DRAFT-
TRACK-MODEL] discusses the models that message tracking solutions could TRACK-MODEL] discusses the models that message tracking solutions could
follow, along with requirements for a message tracking solution that can follow, along with requirements for a message tracking solution that can
be used with the Internet-wide message infrastructure. This memo and be used with the Internet-wide message infrastructure. This memo and
its companions, [DRAFT-TRACK-ESMTP] and [DRAFT-TRACK-TSN], describe a its companions, [DRAFT-TRACK-ESMTP] and [DRAFT-TRACK-TSN], describe a
complete message tracking solution that satisfies those requirements. complete message tracking solution that satisfies those requirements.
The memo [DRAFT-TRACK-ESMTP] defines an extension to the SMTP service The memo [DRAFT-TRACK-ESMTP] defines an extension to the SMTP service
that provides the information necessary to track messages. This memo that provides the information necessary to track messages. This memo
defines a protocol that can be used to query the status of messages that defines a protocol that can be used to query the status of messages that
have been transmitted on the Internet via SMTP. The memo [DRAFT-TRACK- have been transmitted on the Internet via SMTP. The memo [DRAFT-TRACK-
TSN] describes the message/tracking-status MIME media type that is used TSN] describes the message/tracking-status [RFC-MIME] media type that is
to report tracking status information. Using the model document's ter- used to report tracking status information. Using the model document's
minology, this solution uses active enabling and active requests with terminology, this solution uses active enabling and active requests with
both request and chaining referrals. both request and chaining referrals.
1.1. Terminology 1.1. Terminology
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC-KEYWORDS]. document are to be interpreted as described in [RFC-KEYWORDS].
All syntax descriptions use the ABNF specified by [RFC-ABNF]. Ter- All syntax descriptions use the ABNF specified by [RFC-ABNF]. Ter-
minal nodes not defined elsewhere in this document are defined in [RFC- minal nodes not defined elsewhere in this document are defined in [RFC-
ABNF], [RFC-URI], [DRAFT-TRACK-ESMTP] or [RFC-SMTPEXT]. ABNF], [RFC-URI], [DRAFT-TRACK-ESMTP] or [RFC-SMTPEXT].
1.2. Changes Made for -02 1.2. Changes Made for -04
Reworked the SRV lookup description.
Other comments from the list.
Changes to the ABNF.
Changed "must" to "MUST" in section 4.
Changed "may" to "MAY" in section 4.
More examples.
Eliminated the registry of vnd. options.
Eliminated lots of unused references.
1.3. Changes Made for -03
Changed references.
Worked on error codes.
Made examples more real with secrets and hashes.
Fixes to examples.
Added dot-stuffed example.
Additional TLS info.
Better Security Considerations section.
1.4. Changes Made for -02
This section will be removed before publication. This section will be removed before publication.
Provided information on lookup for an MTQP server: SRV MTQP, then Provided information on lookup for an MTQP server: SRV MTQP, then
MX, then A. MX, then A.
Provided a section on firewall considerations Provided a section on firewall considerations
Provided a section on service DNS considerations Provided a section on service DNS considerations
skipping to change at page 3, line 15 skipping to change at page 3, line 48
Fleshed out the tracking examples. Fleshed out the tracking examples.
2. Basic Operation 2. Basic Operation
The Message Tracking Query Protocol (MTQP) is similar to many other The Message Tracking Query Protocol (MTQP) is similar to many other
line-oriented Internet protocols, such as [POP3] and [NNTP]. Initially, line-oriented Internet protocols, such as [POP3] and [NNTP]. Initially,
the server host starts the MTQP service by listening on TCP port XXXX the server host starts the MTQP service by listening on TCP port XXXX
(TBD by IANA). (TBD by IANA).
When an MTQP client wishes to make use of the message tracking ser- When an MTQP client wishes to make use of the message tracking ser-
vice, it establishes a TCP connection with the server host. To find the vice, it establishes a TCP connection with the server host, as recorded
server host, the MTQP client first does an SRV lookup for the server from the initial message submission or as returned by a previous track-
host using DNS SRV records, with a service name of "mtqp". (See the ing request. To find the server host, the MTQP client first does an SRV
"Usage rules" section in [RFC-SRV] for details.) If the host is not lookup for the server host using DNS SRV records, with a service name of
found, the MTQP client then does an MX lookup for the server host using "mtqp" and a protocol name of "tcp", as in _mtqp._tcp.smtp3.example.com.
DNS MX records, as specified in [RFC-DNS] and revised by [RFC-HOSTS].
If the host is still not found, the MTQP client then does an A record (See the "Usage rules" section in [RFC-SRV] for details.) If the SRV
lookup for the server host. records do not exist, the MTQP client then does an address record lookup
for the server host.
When the connection is established, the MTQP server sends a greet- When the connection is established, the MTQP server sends a greet-
ing. The MTQP client and MTQP server then exchange commands and ing. The MTQP client and MTQP server then exchange commands and
responses (respectively) until the connection is closed or aborted. responses (respectively) until the connection is closed or aborted.
2.1. Tracking Service DNS Considerations 2.1. Tracking Service DNS Considerations
Because of the ways server host lookups are performed, many dif- Because of the ways server host lookups are performed, many dif-
ferent tracking server host configurations are supported. ferent tracking server host configurations are supported.
A mail system that uses a single mail server host and has the MTQP A mail system that uses a single mail server host and has the MTQP
server host on the same server host will most likely have a single MX server host on the same server host will most likely have a single MX
record pointing at the server host, and if not, will have an A record. record pointing at the server host, and if not, will have an A record.
Both mail and MTQP clients will access that host directly. Both mail and MTQP clients will access that host directly.
A mail system that uses a single mail server host, but wants track- A mail system that uses a single mail server host, but wants track-
ing queries to be performed on a different machine, MUST have an SRV ing queries to be performed on a different machine, MUST have an SRV
MTQP record pointing at that different machine. MTQP record pointing at that different machine.
A mail system that uses multiple mail servers has two choices for A mail system that uses multihomed mail servers has two choices for
providing tracking services: either all mail servers must be running providing tracking services: either all mail servers must be running
tracking servers that are able to retrieve information on all messages, tracking servers that are able to retrieve information on all messages,
or the tracking service must be performed on one (or more) machine(s) or the tracking service must be performed on one (or more) machine(s)
that are able to retrieve information on all messages. In the former that are able to retrieve information on all messages. In the former
case, no additional DNS records are needed beyond the MX records already case, no additional DNS records are needed beyond the MX records already
in place for the mail system. In the latter case, SRV MTQP records are in place for the mail system. In the latter case, SRV MTQP records are
needed that point at the machine(s) that are running the tracking ser- needed that point at the machine(s) that are running the tracking ser-
vice. In both cases, note that the tracking service for a given mail vice. In both cases, note that the tracking service MUST be able to
domain MUST be able to handle the queries for all messages destined for handle the queries for all messages accepted by that mail system.
that mail domain.
2.2. Commands 2.2. Commands
Commands in MTQP consist of a case-insensitive keyword, possibly Commands in MTQP consist of a case-insensitive keyword, possibly
followed by one or more parameters. All commands are terminated by a followed by one or more parameters. All commands are terminated by a
CRLF pair. Keywords and parameters consist of printable ASCII charac- CRLF pair. Keywords and parameters consist of printable ASCII charac-
ters. Keywords and parameters are separated by whitespace (one or more ters. Keywords and parameters are separated by whitespace (one or more
space or tab characters). A command line is limited to 998 characters space or tab characters). A command line is limited to 998 characters
before the CRLF. before the CRLF.
skipping to change at page 4, line 20 skipping to change at page 5, line 4
ters. Keywords and parameters are separated by whitespace (one or more ters. Keywords and parameters are separated by whitespace (one or more
space or tab characters). A command line is limited to 998 characters space or tab characters). A command line is limited to 998 characters
before the CRLF. before the CRLF.
2.3. Responses 2.3. Responses
Responses in MTQP consist of a status indicator that indicates suc- Responses in MTQP consist of a status indicator that indicates suc-
cess or failure. Successful commands may also be followed by additional cess or failure. Successful commands may also be followed by additional
lines of data. All response lines are terminated by a CRLF pair and are lines of data. All response lines are terminated by a CRLF pair and are
limited to 998 characters before the CRLF. There are several status limited to 998 characters before the CRLF. There are several status
indicators: "+OK" indicates success; "+OK+" indicates a success fol- indicators: "+OK" indicates success; "+OK+" indicates a success fol-
lowed by additional lines of data, a multi-line success response; "- lowed by additional lines of data, a multi-line success response; "-
TEMP" indicates a temporary failure; "-ERR" indicates a permanent TEMP" indicates a temporary failure; "-ERR" indicates a permanent
failure; and "-BAD" indicates a protocol error (such as for unrecognized failure; and "-BAD" indicates a protocol error (such as for unrecognized
commands). commands).
A status indicator MAY be followed by a series of machine- A status indicator MAY be followed by a series of machine-parsable,
parseable, case-insensitive response information giving more data about case-insensitive response information giving more data about the errors.
the errors. These are separated from the status indicator and each These are separated from the status indicator and each other by a single
other by a single slash character ("/", decimal code 47). Following slash character ("/", decimal code 47). Following that, there MAY be
that, there MAY be white space and a human-readable text message. The white space and a human-readable text message. The human-readable text
human-readable text message is not intended to be presented to the end message is not intended to be presented to the end user, but should be
user, but should be appropriate for putting in a log for use in debug- appropriate for putting in a log for use in debugging problems.
ging problems.
In a multi-line success response, each subsequent line is ter- In a multi-line success response, each subsequent line is ter-
minated by a CRLF pair and limited to 998 characters before the CRLF. minated by a CRLF pair and limited to 998 characters before the CRLF.
When all lines of the response have been sent, a final line is sent con- When all lines of the response have been sent, a final line is sent con-
sisting of a single period (".", decimal code 046) and a CRLF pair. If sisting of a single period (".", decimal code 046) and a CRLF pair. If
any line of the multi-line response begins with a period, the line is any line of the multi-line response begins with a period, the line is
"dot-stuffed" by prepending the period with a second period. When exa- "dot-stuffed" by prepending the period with a second period. When exa-
mining a multi-line response, the client checks to see if the line mining a multi-line response, the client checks to see if the line
begins with a period. If so, and octets other than CRLF follow, the begins with a period. If so, and octets other than CRLF follow, the
first octet of the line (the period) is stripped away. If so, and if first octet of the line (the period) is stripped away. If so, and if
skipping to change at page 5, line 10 skipping to change at page 5, line 43
syntactically invalid command by responding with a negative -BAD status syntactically invalid command by responding with a negative -BAD status
indicator. A server MUST respond to a command issued when the session indicator. A server MUST respond to a command issued when the session
is in an incorrect state by responding with a negative -ERR status indi- is in an incorrect state by responding with a negative -ERR status indi-
cator. cator.
2.4. Optional Timers 2.4. Optional Timers
An MTQP server MAY have an inactivity autologout timer. Such a An MTQP server MAY have an inactivity autologout timer. Such a
timer MUST be of at least 10 minutes in duration. The receipt of any timer MUST be of at least 10 minutes in duration. The receipt of any
command from the client during that interval should suffice to reset the command from the client during that interval should suffice to reset the
autologout timer. An MTQP server MAY limit the number of commands or autologout timer. An MTQP server MAY limit the number of commands,
total connection time to prevent denial of service attacks. unrecognized commands, or total connection time, or MAY use other cri-
teria, to prevent denial of service attacks.
2.5. Firewall Considerations 2.5. Firewall Considerations
A firewall mail gateway has two choices when receiving a tracking A firewall mail gateway has two choices when receiving a tracking
query for a host within its domain: it may return a response to the query for a host within its domain: it may return a response to the
query that says the message has been passed on, but no further informa- query that says the message has been passed on, but no further informa-
tion is available; or it may perform a chaining operation itself, gath- tion is available; or it may perform a chaining operation itself,
ering information on the message from the mail hosts behind the
gathering information on the message from the mail hosts behind the
firewall, and returning to the MTQP client the information for each firewall, and returning to the MTQP client the information for each
behind-the-firewall hop, or possibly just the final hop information, behind-the-firewall hop, or possibly just the final hop information,
possibly also disguising the names of any hosts behind the firewall. possibly also disguising the names of any hosts behind the firewall.
Which option is picked is an adminstrative decision and is not further Which option is picked is an adminstrative decision and is not further
mandated by this document. mandated by this document.
3. Initialization and Option Response 3. Initialization and Option Response
Once the TCP connection has been opened by an MTQP client, the MTQP Once the TCP connection has been opened by an MTQP client, the MTQP
server issues an initial status response that indicates its readiness. server issues an initial status response that indicates its readiness.
skipping to change at page 5, line 41 skipping to change at page 6, line 27
with other commands. with other commands.
The initial status response MUST include the response information The initial status response MUST include the response information
"/MTQP". Negative responses MUST include a reason code as response "/MTQP". Negative responses MUST include a reason code as response
information. The following reason codes are defined here; unrecognized information. The following reason codes are defined here; unrecognized
reason codes added in the future may be treated as equivalent to "una- reason codes added in the future may be treated as equivalent to "una-
vailable". vailable".
"/" "unavailable" "/" "unavailable"
"/" "admin" "/" "admin"
The reason code "/admin" may be used when the service is unavail- The reason code "/admin" SHOULD be used when the service is una-
able for administrative reasons. The reason code "/unavailable" may be vailable for administrative reasons. The reason code "/unavailable"
used when the service is unavailable for other reasons. SHOULD be used when the service is unavailable for other reasons.
If the server has any options enabled, they are listed as the If the server has any options enabled, they are listed as the
multi-line response of the initial status response, one per line. An multi-line response of the initial status response, one per line. An
option specification consists of an identifier, optionally followed by option specification consists of an identifier, optionally followed by
option-specific parameters. An option specification may be continued option-specific parameters. An option specification may be continued
onto additional lines by starting the continuation lines with white onto additional lines by starting the continuation lines with white
space. The option identifier is case insensitive. Option identifiers space. The option identifier is case insensitive. Option identifiers
beginning with the characters "vnd." are reserved for vendor use. beginning with the characters "vnd." are reserved for vendor use. (See
below.)
One option specification is defined here: One option specification is defined here:
STARTTLS STARTTLS
This capability MUST be listed if the optional STARTTLS command is sup- This capability MUST be listed if the optional STARTTLS command is sup-
ported by the MTQP server. It has no parameters. ported by the MTQP server. It has no parameters.
Example #1 (no options): Example #1 (no options):
S: +OK/MTQP MTQP server ready S: +OK/MTQP MTQP server ready
skipping to change at page 6, line 28 skipping to change at page 7, line 14
Example #3 (service permanently unavailable): Example #3 (service permanently unavailable):
S: -ERR/MTQP/unavailable Service down S: -ERR/MTQP/unavailable Service down
Example #4 (alternative for no options): Example #4 (alternative for no options):
S: +OK+/MTQP MTQP server ready S: +OK+/MTQP MTQP server ready
S: . S: .
Example #5 (options available): Example #5 (options available):
S: +OK+/MTQP MTQP server ready S: +OK+/MTQP MTQP server ready
S: starttls S: starttls
S: Option2 with parameters S: vnd.com.example.option2 with parameters private to example.com
S: Option3 with a very long S: vnd.com.example.option3 with a very long
S: list of parameters S: list of parameters
S: . S: .
4. TRACK Command 4. TRACK Command
Syntax: Syntax:
"TRACK" 1*WSP envid 1*WSP mtrk-secret CRLF "TRACK" 1*WSP envid 1*WSP mtrk-secret CRLF
mtrk-secret = base64 mtrk-secret = base64
Envid is defined in [DRAFT-TRACK-ESMTP]. Mtrk-secret is the secret Envid is defined in [DRAFT-TRACK-ESMTP]. Mtrk-secret is the secret
A described in [DRAFT-TRACK-ESMTP], encoded using base64. A described in [DRAFT-TRACK-ESMTP], encoded using base64.
When the client issues the TRACK command, and the user is vali- When the client issues the TRACK command, and the user is vali-
dated, the MTQP server retrieves tracking information about an email dated, the MTQP server retrieves tracking information about an email
message. To validate the user, the value of mtrk-secret is hashed using message. To validate the user, the value of mtrk-secret is hashed using
SHA1, as described in [NIST-SHA1]. The hash value is then compared with SHA1, as described in [RFC-SHA1]. The hash value is then compared with
the value passed with the message when it was originally sent. If the the value passed with the message when it was originally sent. If the
hash values match, the user is validated. hash values match, the user is validated.
A successful response MUST be multi-line, consisting of a [MIME] A successful response MUST be multi-line, consisting of a [RFC-
body part. The MIME body part must be of type multipart/related, with MIME] body part. The MIME body part MUST be of type multipart/related,
subparts of message/tracking-status, as defined in [DRAFT-TRACK-TSN]. with subparts of message/tracking-status, as defined in [DRAFT-TRACK-
TSN]. The response contains the tracking information about the email
The response contains the tracking information about the email message message that used the given tracking-id.
that used the given tracking-id.
In each of the examples below, the envid is "<12345- In each of the examples below, the envid is "<12345-
20010101@example.com>", the secret A is "abcdefgh", and the SHA1 hash B 20010101@example.com>", the secret A is "abcdefgh", and the SHA1 hash B
is (in hex) "734ba8b31975d0dbae4d6e249f4e8da270796c94". The message is (in hex) "734ba8b31975d0dbae4d6e249f4e8da270796c94". The message
came from example.com and the MTQP server is example2.com. came from example.com and the MTQP server is example2.com.
Example #6 Message Delivered: Example #6 Message Delivered:
C: TRACK <12345-20010101@example.com> YWJjZGVmZ2gK C: TRACK <12345-20010101@example.com> YWJjZGVmZ2gK
S: +OK+ Tracking information follows S: +OK+ Tracking information follows
S: Content-Type: multipart/related; boundary=%%%%; type=tracking-status S: Content-Type: multipart/related; boundary=%%%%; type=tracking-status
skipping to change at page 9, line 12 skipping to change at page 9, line 47
S: Original-Recipient: rfc822; user2@example1.com S: Original-Recipient: rfc822; user2@example1.com
S: Final-Recipient: rfc822; user2@example1.com S: Final-Recipient: rfc822; user2@example1.com
S: Action: failed S: Action: failed
S: Status 5.2.2 (Mailbox full) S: Status 5.2.2 (Mailbox full)
S: Remote-MTA: dns; example3.com S: Remote-MTA: dns; example3.com
S: Last-Attempt-Date: Mon, 1 Jan 2001 19:15:03 -0500 S: Last-Attempt-Date: Mon, 1 Jan 2001 19:15:03 -0500
S: S:
S: --%%%%-- S: --%%%%--
S: . S: .
Example #10 Firewall, Hiding System Names Behind the Firewall: Example #10 Firewall:
C: TRACK <12345-20010101@example.com> YWJjZGVmZ2gK
S: +OK+ Tracking information follows
S: Content-Type: multipart/related; boundary=%%%%; type=tracking-status
S:
S: --%%%%
S: Content-Type: message/tracking-status
S:
S: Original-Envelope-Id: 12345-20010101@example.com
S: Reporting-MTA: dns; example2.com
S: Arrival-Date: Mon, 1 Jan 2001 15:15:15 -0500
S:
S: Original-Recipient: rfc822; user1@example1.com
S: Final-Recipient: rfc822; user1@example1.com
S: Action: relayed
S: Status: 2.1.9
S: Remote-MTA: dns; example2.com
S: Last-Attempt-Date: Mon, 1 Jan 2001 19:15:03 -0500
S:
S: --%%%%
S: Content-Type: message/tracking-status
S:
S: Original-Envelope-Id: 12345-20010101@example.com
S: Reporting-MTA: dns; smtp.example3.com
S: Arrival-Date: Mon, 1 Jan 2001 15:15:15 -0500
S:
S: Original-Recipient: rfc822; user2@example1.com
S: Final-Recipient: rfc822; user4@example3.com
S: Action: delivered
S: Status: 2.5.0
S:
S: --%%%%--
S: .
Example #11 Firewall, Combining Per-Recipient Blocks:
C: TRACK <12345-20010101@example.com> YWJjZGVmZ2gK C: TRACK <12345-20010101@example.com> YWJjZGVmZ2gK
S: +OK+ Tracking information follows S: +OK+ Tracking information follows
S: Content-Type: multipart/related; boundary=%%%%; type=tracking-status S: Content-Type: multipart/related; boundary=%%%%; type=tracking-status
S: S:
S: --%%%% S: --%%%%
S: Content-Type: message/tracking-status S: Content-Type: message/tracking-status
S: S:
S: Original-Envelope-Id: 12345-20010101@example.com S: Original-Envelope-Id: 12345-20010101@example.com
S: Reporting-MTA: dns; example2.com S: Reporting-MTA: dns; example2.com
S: Arrival-Date: Mon, 1 Jan 2001 15:15:15 -0500 S: Arrival-Date: Mon, 1 Jan 2001 15:15:15 -0500
S: S:
S: Original-Recipient: rfc822; user1@example1.com S: Original-Recipient: rfc822; user1@example1.com
S: Final-Recipient: rfc822; user1@example1.com S: Final-Recipient: rfc822; user1@example1.com
S: Action: relayed S: Action: relayed
S: Status: 2.1.9 S: Status: 2.1.9
S: Remote-MTA: dns; example2.com S: Remote-MTA: dns; example2.com
S: Last-Attempt-Date: Mon, 1 Jan 2001 19:15:03 -0500 S: Last-Attempt-Date: Mon, 1 Jan 2001 19:15:03 -0500
S: S:
S: Original-Recipient: rfc822; user2@example1.com
S: Final-Recipient: rfc822; user4@example3.com
S: Action: delivered
S: Status: 2.5.0
S:
S: --%%%%--
S: .
Example #12 Firewall, Hiding System Names Behind the Firewall:
C: TRACK <12345-20010101@example.com> YWJjZGVmZ2gK
S: +OK+ Tracking information follows
S: Content-Type: multipart/related; boundary=%%%%; type=tracking-status
S:
S: --%%%% S: --%%%%
S: Content-Type: message/tracking-status S: Content-Type: message/tracking-status
S: S:
S: Original-Envelope-Id: 12345-20010101@example.com S: Original-Envelope-Id: 12345-20010101@example.com
S: Reporting-MTA: dns; example2.com S: Reporting-MTA: dns; example2.com
S: Arrival-Date: Mon, 1 Jan 2001 15:15:15 -0500 S: Arrival-Date: Mon, 1 Jan 2001 15:15:15 -0500
S: S:
S: Original-Recipient: rfc822; user1@example1.com S: Original-Recipient: rfc822; user1@example1.com
S: Final-Recipient: rfc822; user1@example1.com S: Final-Recipient: rfc822; user1@example1.com
S: Action: relayed
S: Status: 2.1.9
S: Remote-MTA: dns; example2.com
S: Last-Attempt-Date: Mon, 1 Jan 2001 19:15:03 -0500
S:
S: --%%%%
S: Content-Type: message/tracking-status
S:
S: Original-Envelope-Id: 12345-20010101@example.com
S: Reporting-MTA: dns; example2.com
S: Arrival-Date: Mon, 1 Jan 2001 15:15:15 -0500
S:
S: Original-Recipient: rfc822; user2@example1.com
S: Final-Recipient: rfc822; user4@example1.com
S: Action: delivered S: Action: delivered
S: Status: 2.5.0 S: Status: 2.5.0
S: S:
S: --%%%%-- S: --%%%%--
S: . S: .
5. COMMENT Command 5. COMMENT Command
Syntax: Syntax:
"COMMENT" opt-text CRLF "COMMENT" opt-text CRLF
skipping to change at page 10, line 22 skipping to change at page 12, line 22
TLS [TLS], more commonly known as SSL, is a popular mechanism for TLS [TLS], more commonly known as SSL, is a popular mechanism for
enhancing TCP communications with privacy and authentication. An MTQP enhancing TCP communications with privacy and authentication. An MTQP
server MAY support TLS. If an MTQP server supports TLS, it MUST include server MAY support TLS. If an MTQP server supports TLS, it MUST include
"STARTTLS" in the option specifications list on protocol startup. "STARTTLS" in the option specifications list on protocol startup.
If the server returns a negative response, it MAY use one of the If the server returns a negative response, it MAY use one of the
following response codes: following response codes:
"/" "unsupported" "/" "unsupported"
"/" "unavailable" "/" "unavailable"
"/" "tlsinprogress"
If a TLS session is already in progress, then it is a protocol If TLS is not suported, then a response code of "/unsupported"
error and "-BAD" MUST be returned with a response code of "/tlsinpro- SHOULD be used. If TLS is not available for some other reason, then a
gress". reponse code of "/unavailable" SHOULD be used. If a TLS session is
already in progress, then it is a protocol error and "-BAD" MUST be
returned with a response code of "/tlsinprogress".
After receiving a positive response to a STARTTLS command, the After receiving a positive response to a STARTTLS command, the
client MUST start the TLS negotiation before giving any other MTQP com- client MUST start the TLS negotiation before giving any other MTQP com-
mands. mands.
If the MTQP client is using pipelining, the STARTTLS command must If the MTQP client is using pipelining (see below), the STARTTLS
be the last command in a group. command must be the last command in a group.
6.1. Processing After the STARTTLS Command 6.1. Processing After the STARTTLS Command
If the TLS handshake fails, the server SHOULD abort the connection. If the TLS handshake fails, the server SHOULD abort the connection.
After the TLS handshake has been completed, both parties MUST After the TLS handshake has been completed, both parties MUST
immediately decide whether or not to continue based on the authentica- immediately decide whether or not to continue based on the authentica-
tion and privacy achieved. The MTQP client and server may decide to move tion and privacy achieved. The MTQP client and server may decide to move
ahead even if the TLS negotiation ended with no authentication and/or no ahead even if the TLS negotiation ended with no authentication and/or no
privacy because most MTQP services are performed with no authentication privacy because most MTQP services are performed with no authentication
skipping to change at page 11, line 36 skipping to change at page 13, line 39
active. A client MUST NOT attempt to start a TLS session if a TLS ses- active. A client MUST NOT attempt to start a TLS session if a TLS ses-
sion is already active. sion is already active.
7. QUIT Command 7. QUIT Command
Syntax: Syntax:
"QUIT" CRLF "QUIT" CRLF
When the client issues the QUIT command, the MTQP session ter- When the client issues the QUIT command, the MTQP session ter-
minates. The QUIT command has no parameters. The server MUST respond minates. The QUIT command has no parameters. The server MUST respond
with a successful response. The client may close the session from its with a successful response. The client MAY close the session from its
end immediately after issuing this command. end immediately after issuing this command (if the client is on an
operating system where this does not cause problems).
8. Pipelining 8. Pipelining
The MTQP client may elect to transmit groups of MTQP commands in The MTQP client may elect to transmit groups of MTQP commands in
batches without waiting for a response to each individual command. The batches without waiting for a response to each individual command. The
MTQP server MUST process the commands in the order received. MTQP server MUST process the commands in the order received.
Specific commands may place further constraints on pipelining. For Specific commands may place further constraints on pipelining. For
example, STARTTLS must be the last command in a batch of MTQP commands. example, STARTTLS must be the last command in a batch of MTQP commands.
The following two examples are identical: The following two examples are identical:
Example #11 : Example #13 :
C: TRACK <tracking-id> YWJjZGVmZ2gK C: TRACK <tracking-id> YWJjZGVmZ2gK
S: +OK+ Tracking information follows S: +OK+ Tracking information follows
S: S:
S: ... tracking details #1 go here ... S: ... tracking details #1 go here ...
S: . S: .
C: TRACK <tracking-id-2> QUJDREVGR0gK C: TRACK <tracking-id-2> QUJDREVGR0gK
S: +OK+ Tracking information follows S: +OK+ Tracking information follows
S: S:
S: ... tracking details #2 go here ... S: ... tracking details #2 go here ...
S: . S: .
Example #12 : Example #14 :
C: TRACK <tracking-id> YWJjZGVmZ2gK C: TRACK <tracking-id> YWJjZGVmZ2gK
C: TRACK <tracking-id-2> QUJDREVGR0gK C: TRACK <tracking-id-2> QUJDREVGR0gK
S: +OK+ Tracking information follows S: +OK+ Tracking information follows
S: S:
S: ... tracking details #1 go here ... S: ... tracking details #1 go here ...
S: . S: .
S: +OK+ Tracking information follows S: +OK+ Tracking information follows
S: S:
S: ... tracking details #2 go here ... S: ... tracking details #2 go here ...
S: . S: .
skipping to change at page 12, line 37 skipping to change at page 14, line 41
The MTQP URL scheme is used to designate MTQP servers on Internet The MTQP URL scheme is used to designate MTQP servers on Internet
hosts accessible using the MTQP protocol. An MTQP URL takes one of the hosts accessible using the MTQP protocol. An MTQP URL takes one of the
following forms: following forms:
mtqp://<mserver>/track/<envid>/<mtrk-secret> mtqp://<mserver>/track/<envid>/<mtrk-secret>
mtqp://<mserver>:<port>/track/<envid>/<mtrk-secret> mtqp://<mserver>:<port>/track/<envid>/<mtrk-secret>
The first form is used to refer to an MTQP server on the standard The first form is used to refer to an MTQP server on the standard
port, while the second form specifies a non-standard port. Both of port, while the second form specifies a non-standard port. Both of
these forms specify that the TRACK command is to be issued using the these forms specify that the TRACK command is to be issued using the
given tracking id and authorization cookie. The path element "/track/" given tracking id (envid) and authorization secret (mtrk-secret). The
is case insensitive, but the envid and mtrk-secret may not be. path element "/track/" is case insensitive, but the envid and mtrk-
secret may not be.
9.1. MTQP URL Syntax 9.1. MTQP URL Syntax
This is an ABNF description of the MTQP URL. This is an ABNF description of the MTQP URL.
mtqp-url = "mtqp://" net_loc "/track/" envid ":" mtrk-secret mtqp-url = "mtqp://" net_loc "/track/" envid "/" mtrk-secret
10. IANA Considerations 10. IANA Considerations
System port number XXXX - TBA by IANA System port number XXXX - TBD by IANA
The service name to be registered with the Internet Assigned Number The service name to be registered with the Internet Assigned Number
Authority (IANA) is "MTQP". Authority (IANA) is "MTQP".
This document requests that IANA maintain one new registry: MTQP This document requests that IANA maintain one new registry: MTQP
options. The registry's purpose is to register options to this proto- options. The registry's purpose is to register options to this proto-
col. Options whose names do not begin with "vnd." MUST be defined in a col. Options whose names do not begin with "vnd." MUST be defined in a
standards track or IESG approved experimental RFC. New MTQP options standards track or IESG approved experimental RFC. New MTQP options
MUST include the following information as part of their definition: MUST include the following information as part of their definition:
option identifier option identifier
option parameters option parameters
added commands added commands
standard commands affected standard commands affected
specification reference specification reference
discussion discussion
Additional vendor-specific options for this protocol whose names One MTQP option is defined in this document:
begin with "vnd." MUST be registered with IANA on a Firt Come First option identifier: STARTTLS option parameters: none added commands:
Served basis. It is expected that after the "vnd." would appear an STARTTLS standard commands affected: none specification reference:
abbreviated form of the vendor's name that is registering the option, RFC TBD discussion: see RFC TBD
followed by a second dot "." and a name for the option itself. For
example, "vnd.example.extinfo" might represent a vendor-specific exten- Additional vendor-specific options for this protocol have names
sion providing extended information being registered by the "Example, that begin with "vnd.". After the "vnd." would appear the reversed
Inc." company. domain name of the vendor, another dot ".", and a name for the option
itself. For example, "vnd.com.example.extinfo" might represent a
vendor-specific extension providing extended information by the owner of
the "example.com" domain. These names MAY be registered with IANA.
11. Security Considerations 11. Security Considerations
If the originator of a message were to delegate his or her tracking If the originator of a message were to delegate his or her tracking
request to a third party, this would be vulnerable to snooping over request to a third party, this would be vulnerable to snooping over
unencrypted sessions. The user can decide on a message-by-message basis unencrypted sessions. The user can decide on a message-by-message basis
if this risk is acceptable. if this risk is acceptable.
The security of tracking information is dependent on the randomness The security of tracking information is dependent on the randomness
of the secret chosen for each message and the level of exposure of that of the secret chosen for each message and the level of exposure of that
skipping to change at page 13, line 43 skipping to change at page 16, line 4
The security of tracking information is dependent on the randomness The security of tracking information is dependent on the randomness
of the secret chosen for each message and the level of exposure of that of the secret chosen for each message and the level of exposure of that
secret. If different secrets are used for each message, then the max- secret. If different secrets are used for each message, then the max-
imum exposure from tracking any message will be that single message for imum exposure from tracking any message will be that single message for
the time that the tracking information is kept on any MTQP server. If the time that the tracking information is kept on any MTQP server. If
this level of exposure is too much, TLS may be used to reduce the expo- this level of exposure is too much, TLS may be used to reduce the expo-
sure further. sure further.
It should be noted that message tracking is not an end-to-end It should be noted that message tracking is not an end-to-end
mechanism. Thus, if an MTQP client/server pair decide to use TLS mechanism. Thus, if an MTQP client/server pair decide to use TLS
privacy, they are not securing tracking queries with any prior or suc- privacy, they are not securing tracking queries with any prior or suc-
cessive MTQP servers. cessive MTQP servers.
Both the STMP client and server must check the result of the TLS Both the MTQP client and server must check the result of the TLS
negotiation to see whether acceptable authentication or privacy was negotiation to see whether acceptable authentication or privacy was
achieved. Ignoring this step completely invalidates using TLS for secu- achieved. Ignoring this step completely invalidates using TLS for secu-
rity. The decision about whether acceptable authentication or privacy rity. The decision about whether acceptable authentication or privacy
was achieved is made locally, is implementation-dependant, and is beyond was achieved is made locally, is implementation-dependent, and is beyond
the scope of this document. the scope of this document.
The SMTP client and server should note carefully the result of the The MTQP client and server should note carefully the result of the
TLS negotiation. If the negotiation results in no privacy, or if it TLS negotiation. If the negotiation results in no privacy, or if it
results in privacy using algorithms or key lengths that are deemed not results in privacy using algorithms or key lengths that are deemed not
strong enough, or if the authentication is not good enough for either strong enough, or if the authentication is not good enough for either
party, the client may choose to end the MTQP session with an immediate party, the client may choose to end the MTQP session with an immediate
QUIT command, or the server may choose to not accept any more MTQP com- QUIT command, or the server may choose to not accept any more MTQP com-
mands. mands.
A man-in-the-middle attack can be launched by deleting the A man-in-the-middle attack can be launched by deleting the
"STARTTLS" option response from the server. This would cause the client "STARTTLS" option response from the server. This would cause the client
not to try to start a TLS session. An MTQP client can protect against not to try to start a TLS session. An MTQP client can protect against
skipping to change at page 15, line 31 skipping to change at page 17, line 43
single-line-success = "+OK" response-info opt-text CRLF single-line-success = "+OK" response-info opt-text CRLF
multi-line-success = "+OK+" response-info opt-text CRLF *dataline dotcrlf multi-line-success = "+OK+" response-info opt-text CRLF *dataline dotcrlf
dataline = *998OCTET CRLF dataline = *998OCTET CRLF
dotcrlf = "." CRLF dotcrlf = "." CRLF
option-list = *option-line option-list = *option-line
option-line = identifier opt-text *[CRLF WSP opt-text] CRLF option-line = identifier opt-text *(CRLF WSP opt-text) CRLF
identifier = (ALPHA / "_") *(ALPHA / DIGIT / "-" / "_") NAMECHAR = ALPHA / DIGIT / "-" / "_"
response-info = *( "/" 1*(ALPHA / DIGIT / "-" / "_") identifier = (ALPHA / "_") *NAMECHAR)
response-info = *( "/" ( "admin" / "unavailable" / "unsupported" /
"tlsinprogress" / "insecure" / 1*NAMECHAR ) )
13. Acknowledgements 13. Acknowledgements
The description of STARTTLS is based on [RFC-SMTP-TLS]. The description of STARTTLS is based on [RFC-SMTP-TLS].
14. References 14. References
[NIST-SHA1] NIST FIPS PUB 180-1, "Secure Hash Standard", [RFC-SHA1] RFC TBD, D. Eastlake & P. Jones, "US Secure Hash Stan-
National Institute of Standards and Technology, U.S. Department of Com- dard 1 (SHA1)", TBD 2001.
merce, May 1994.
[MIME] RFC 2045, N. Freed & N. Borenstein, "Multipurpose Internet [RFC-MIME] RFC 2045, N. Freed & N. Borenstein, "Multipurpose Inter-
Mail Extensions (MIME) Part One: Format of Internet Message Bodies", net Mail Extensions (MIME) Part One: Format of Internet Message Bodies",
Innosoft, First Virtual, November 1996. Innosoft, First Virtual, November 1996.
[RFC-821] STD 10, RFC 821, J. Postel, "Simple Mail Transfer Proto-
col", University of Southern California / Information Sciences Insti-
tute, August 1982.
[RFC-822] STD 11, RFC 822, D. Crocker, "Standard for the Format of
ARPA Internet Text Messages", University of Delaware, August 1982.
[RFC-ABNF] RFC 2234, D. Crocker, Editor, and P. Overell, "Augmented [RFC-ABNF] RFC 2234, D. Crocker, Editor, and P. Overell, "Augmented
BNF for Syntax Specifications: ABNF", Internet Mail Consortium, Demon BNF for Syntax Specifications: ABNF", Internet Mail Consortium, Demon
Internet Ltd., November 1997. Internet Ltd., November 1997.
[RFC-DNS] RFC 974, "Mail routing and the domain system", C. Par-
tridge, January 1986.
[RFC-ESMTP] RFC 1651, J. Klensin, N. Freed, M. Rose, E. Stefferud,
and D. Crocker, "SMTP Service Extensions", MCI, Innosoft, Dover Beach
Consulting, Inc., network Management Associates, Inc., Silicon Graphics,
Inc., July 1994.
[RFC-HOSTS] "Requirements for Internet Hosts - Application and Sup-
port", R. Braden, Ed., October 1989.
[RFC-KEYWORDS] RFC 2119, S. Bradner, "Key words for use in RFCs to [RFC-KEYWORDS] RFC 2119, S. Bradner, "Key words for use in RFCs to
Indicate Requirement Levels", Harvard University, March 1997. Indicate Requirement Levels", Harvard University, March 1997.
[RFC-MD5] RFC 1321, R. Rivest, "The MD5 Message-Digest Algorithm",
MIT Laboratory for Computer Science and RSA Data Security, Inc., April
1992.
[RFC-SMTPEXT] RFC 2554, J. Myers, "SMTP Service Extension for [RFC-SMTPEXT] RFC 2554, J. Myers, "SMTP Service Extension for
Authentication", Netscape Communications, March 1999. Authentication", Netscape Communications, March 1999.
[RFC-SMTP-TLS] RFC2487, P. Hoffman, "SMTP Service Extension for [RFC-SMTP-TLS] RFC2487, P. Hoffman, "SMTP Service Extension for
Secure SMTP over TLS", Internet Mail Consortium, January 1999. Secure SMTP over TLS", Internet Mail Consortium, January 1999.
[RFC-SRV] RFC 2782, A. Gulbrandsen, P. Vixie, L. Esibov, "A DNS RR [RFC-SRV] RFC 2782, A. Gulbrandsen, P. Vixie, L. Esibov, "A DNS RR
for specifying the location of services (DNS SRV)" Troll Technologies, for specifying the location of services (DNS SRV)" Troll Technologies,
Internet Software Consortium, Microsoft Corp., February 2000 Internet Software Consortium, Microsoft Corp., February 2000
[DRAFT-TRACK-ESMTP] draft-ietf-msgtrk-smtpext-*.txt, E. Allman, T. [DRAFT-TRACK-ESMTP] draft-ietf-msgtrk-smtpext-*.txt, E. Allman, T.
Hansen, "SMTP Service Extension for Message Tracking", Sendmail, Inc., Hansen, "SMTP Service Extension for Message Tracking", Sendmail, Inc.,
AT&T Laboratories, TBD 2000. AT&T Laboratories, TBD 2001.
[DRAFT-TRACK-MODEL] draft-ietf-msgtrk-model-03.txt, T. Hansen, [DRAFT-TRACK-MODEL] draft-ietf-msgtrk-model-*.txt, T. Hansen, "Mes-
"Message Tracking Models and Requirements", AT&T Laboratories, November sage Tracking Models and Requirements", AT&T Laboratories, TBD 2001.
2000.
[DRAFT-TRACK-TSN] draft-ietf-msgtrk-trkstat-*.txt, E. Allman, "The [DRAFT-TRACK-TSN] draft-ietf-msgtrk-trkstat-*.txt, E. Allman, "The
Message/Tracking-Status MIME Extension", Sendmail, Inc., TBD 2001.
Message/Tracking-Status MIME Extension", Sendmail, Inc., TBD 2000.
[RFC-URI] RFC 2396, T. Berners-Lee, R. Fielding, L. Masinter, "Uni- [RFC-URI] RFC 2396, T. Berners-Lee, R. Fielding, L. Masinter, "Uni-
form Resource Identifiers (URI): Generic Syntax", MIT/LCS, U. C. Irvine, form Resource Identifiers (URI): Generic Syntax", MIT/LCS, U. C. Irvine,
Xerox Corporation, August 1998. Xerox Corporation, August 1998.
15. Author's Address 15. Author's Address
Tony Hansen Tony Hansen
AT&T Laboratories AT&T Laboratories
Lincroft, NJ 07738 Lincroft, NJ 07738
skipping to change at page 17, line 27 skipping to change at page 19, line 16
Phone: +1.732.576.3207 Phone: +1.732.576.3207
E-Mail: tony@att.com E-Mail: tony@att.com
16. Full Copyright Statement 16. Full Copyright Statement
Copyright (C) The Internet Society (1999). All Rights Reserved. Copyright (C) The Internet Society (1999). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it or others, and derivative works that comment on or otherwise explain it or
assist in its implmentation may be prepared, copied, published and dis- assist in its implementation may be prepared, copied, published and dis-
tributed, in whole or in part, without restriction of any kind, provided tributed, in whole or in part, without restriction of any kind, provided
that the above copyright notice and this paragraph are included on all that the above copyright notice and this paragraph are included on all
such copies and derivative works. However, this document itself may not such copies and derivative works. However, this document itself may not
be modified in any way, such as by removing the copyright notice or be modified in any way, such as by removing the copyright notice or
references to the Internet Society or other Internet organisations, references to the Internet Society or other Internet organizations,
except as needed for the purpose of developing Internet standards in except as needed for the purpose of developing Internet standards in
which case the procedures for copyrights defined in the Internet Stan- which case the procedures for copyrights defined in the Internet Stan-
dards process must be followed, or as required to translate it into dards process must be followed, or as required to translate it into
languages other than English. languages other than English.
The limited permissions granted above are perpetual and will not be The limited permissions granted above are perpetual and will not be
revoked by the Internet Society or its successors or assigns. revoked by the Internet Society or its successors or assigns.
This document and the information contained herein is provided on This document and the information contained herein is provided on
an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT
NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE. FITNESS FOR A PARTICULAR PURPOSE.
This document expires January 1, 2002. This document expires May 20, 2002.
 End of changes. 48 change blocks. 
108 lines changed or deleted 194 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/