REPUTE Working Group                                       N. Borenstein
Internet-Draft                                                  Mimecast
Intended status: Standards Track                            M. Kucherawy
Expires: March 11, 19, 2014                               September 7, 15, 2013

                A Media Type for Reputation Interchange


   This document defines the format of reputation response data
   ("reputons"), the media-type for packaging it, and definition of a
   registry for the names of reputation applications and response sets.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on March 11, 19, 2014.

Copyright Notice

   Copyright (c) 2013 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   ( in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Terminology and Definitions  . . . . . . . . . . . . . . . . .  3
     2.1.  Reputon  . . . . . . . . . . . . . . . . . . . . . . . . .  3
     2.2.  Key Words  . . . . . . . . . . . . . . . . . . . . . . . .  3
     2.3.  Other Definitions  . . . . . . . . . . . . . . . . . . . .  3
   3.  Description  . . . . . . . . . . . . . . . . . . . . . . . . .  3
     3.1.  Reputon Attributes . . . . . . . . . . . . . . . . . . . .  4
   4.  Ratings  . . . . . . . . . . . . . . . . . . . . . . . . . . .  5
   5.  Caching  . . . . . . . . . . . . . . . . . . . . . . . . . . .  5
   6.  Reputon Structure  Reputons . . . . . . . . . . . . . . . . . . . . . . . . . . .  6
     6.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . .  6
     6.2.  Formal Definition  . . . . . . . . . . . . . . . . . . . .  6
       6.2.1.  Imported JSON Terms  . . . . . . . . . . . . . . . . .  7
       6.2.2.  Reputon Structure  . . . . . . . . . . . . . . . . . .  7
     6.3.  Examples . . . . . . . . . . . . . . . . . . . . . . . . .  8
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 10 11
     7.1.  application/reputon+json  application/reputons+json Media Type Registration  . . . . . 10 11
     7.2.  Reputation Applications Registry . . . . . . . . . . . . . 11 12
   8.  Security Considerations  . . . . . . . . . . . . . . . . . . . 13 14
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 13 15
     9.1.  Normative References . . . . . . . . . . . . . . . . . . . 13 15
     9.2.  Informative References . . . . . . . . . . . . . . . . . . 14 15
   Appendix A.  Acknowledgments . . . . . . . . . . . . . . . . . . . 14 16
   Appendix B.  Public Discussion . . . . . . . . . . . . . . . . . . 14 16
   Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 16

1.  Introduction

   This document defines a media type data object for use when answering a
   reputation query via query.  It also defines a media type to carry the response
   set data when using a transport method that follows the media type
   framework, such as the HyperText Transfer Protocol (HTTP) based query
   method described defined in
   [I-D.REPUTE-QUERY-HTTP], which uses [HTTP]. [I-D.REPUTE-QUERY-HTTP].  Any future query methods
   that might be developed are expected to use the same data object.

   Also included is the specification for an IANA registry to contain
   definitions and symbolic names for known reputation applications and
   corresponding response sets.

2.  Terminology and Definitions

   This section defines terms used in the rest of the document.

2.1.  Reputon

   A "reputon" is a single independent object containing reputation
   information.  A particular query about a subject of interest will
   receive one or more reputons in response, depending on the nature of
   the data collected and reported by the server.

2.2.  Key Words

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   document are to be interpreted as described in [KEYWORDS].

2.3.  Other Definitions

   Other terms of importance in this document are defined in
   [I-D.REPUTE-MODEL], the base document in this document series.

3.  Description

   The meta-format selected for the representation of a reputon is
   JavaScript Object Notation (JSON), defined in [JSON].  Accordingly, a
   new media type, "application/reputon+json", "application/reputons+json", is defined for the JSON
   representation of reputational data, typically in response to a
   client making a request for such data about some subject.  This media
   type has one optional parameter, "context", which names the semantic
   context (i.e., the specific sphere of reputation evaluation, or
   application) in which the query is made and the response returned.
   If the parameter is absent, a generic reputation query (i.e., one not
   associated with a specific reputation application) is assumed for
   which only a simple reply is allowed. takes no parameters.

   The body of the media type consists of a JSON document that contains
   the reputation information requested.  A detailed description of the
   expected structure of the reply is provided below.

   The media type comprises a single member indicating the name of the
   application context (see Section 5.1 of [I-D.REPUTE-MODEL] in which
   the reputational data are being returned.  The application name
   refers to a registration as described in Section 7.2, which defines
   the valid assertions and any extensions that might also be valid
   (i.e., the response set) for that application.

3.1.  Reputon Attributes

   The key pieces of data found in a reputon for all reputation
   applications are defined as follows:

   rater:  The identity of the entity aggregating, computing, and
      providing the reputation information, typically expressed as a DNS
      domain name.

   assertion:  A keyword indicating the specific assertion or claim
      being rated.  In the absence of a "context" parameter on the media
      type, the reputon can only indicate generic goodness, with the
      default assertion "is-good", but each application is expected to
      define additional assertions.

   rated:  The identity of the entity being rated.  The nature of this
      field is application-specific; it could be domain names, email
      addresses, driver's license numbers, or anything that uniquely
      identifies the entity being rated.  Documents that define specific
      reputation applications are required to define syntax and
      semantics for this field.

   rating:  The overall rating score for that entity, expressed as a
      floating-point number between 0.0 and 1.0 inclusive.  See
      Section 4 for discussion.

   The following are OPTIONAL for all applications, to be used in
   contexts where they are appropriate:

   confidence:  the level of certainty the reputation provider has that
      the value presented is appropriate, expressed as a floating-point
      number between 0.0 and 1.0 inclusive.

   normal-rating:  An indication of what the reputation provider would
      normally expect as a rating for the subject.  This allows the
      client to note that the current rating is or is not in line with

   sample-size:  The number of data points used to compute the rating,
      possibly an approximation.  Expressed as an unsigned 64-bit
      integer.  Consumers can assume that the count refers to distinct
      data points rather than a count of aggregations (for example,
      individual votes rather than aggregated vote counts) unless it is
      specified out-of-band that some other interpretation is more
      appropriate.  The units are deliberately not normatively
      specified, since not all reputation service providers will collect
      data the same way.

   generated:  A timestamp indicating when this value was generated.
      Expressed as the number of seconds since January 1, 1970 00:00

   expires:  A timestamp indicating a time beyond which the score
      reported is likely not to be valid.  Expressed as the number of
      seconds since January 1, 1970 00:00 UTC.  See Section 5 for

   A particular application that registers itself with IANA (per
   Section 7.2, below) can define additional application-specific
   attribute/value pairs beyond these standard ones.

   An application service provider might operate with an enhanced form
   of common services, which might in turn prompt development and
   reporting of specialized reputation information.  The details of the
   enhancements and specialized information are beyond the scope of this
   document, except that the underlying JSON syntax is extensible for
   encoding such provider-specific information.

4.  Ratings

   The score presented as the value in the rating attribute appears as a
   floating point value between 0.0 and 1.0 inclusive.  The intent is
   that the definition of an assertion within an application will
   declare what the anchor values 0.0 and 1.0 specifically mean.
   Generally speaking, 1.0 implies full agreement with the assertion,
   while 0.0 indicates no support for the assertion.

   The definition will also specify the type of scale in use when
   generating scores, to which all reputation service providers for that
   application space must adhere.  This will allow a client to change
   which reputation service provider is being queried without having to
   learn through some out-of-band method what the new provider's ratings
   mean.  For example, a registration might state that ratings are
   linear, which would mean a score of "x" is twice as strong as a value
   of "x/2".  It also allows easier aggregation of ratings collected
   from multiple reputation service providers.

5.  Caching

   A reputon can contain an "expires" field indicating  Further discussion can be found in

5.  Caching

   A reputon can contain an "expires" field indicating a timestamp after
   which the client SHOULD NOT use the rating it contains, and SHOULD
   issue a new query.

   This specification does not mandate any caching of ratings on the
   part of the client, but there are obvious operational benefits to
   doing so.  In the context of reputation, a cached (and hence, stale)
   rating can cause desirable traffic to be identified as undesirable,
   or vice-versa.

   Reputation data is typically most volatile when the subject of the
   reputation is young.  Accordingly, if a service chooses to include
   expiration timestamps as part a reply, these values SHOULD be lower
   for subjects about which little data has been collected.

6.  Reputon Structure  Reputons

6.1.  Syntax

   A reputon expressed in JSON consists of an object that itself
   contains zero or more objects whose names are "reputon".  Each
   reputon object is a set of key-value pairs, where the
   keys are the names of particular attributes that comprise a reputon
   (as listed above, or as provided with specific applications), and
   values are the content associated with those keys.  The set of keys
   that make up a reputon within a given application are known as that
   application's "response set".

   A reputon object typically contains a reply corresponding to the
   assertion for which a client made a specific request.  For example, a
   client asking for assertion "sends-spam" about domain ""
   would expect a reply consisting of a reputon making a "sends-spam"
   assertion about "" and nothing more.  If a client makes a
   request about a subject but does not specify an assertion of
   interest, the server can return reputons about any assertion for
   which it has data; in effect, the client has asked for any available
   information about the subject.  A client that receives an irrelevant
   reputon simply ignores it.

   An empty reputon is an acknowledgement by the server that the request
   has been received, and serves as a positive indication that the
   server does not have the information requested.  This is semantically
   equivalent to returning a reputon with a "sample-size" of zero.


6.2.  Formal Definition

   [JSON] defines the structure of JSON objects and arrays using a set
   of primitive elements.  Those elements will be used to describe the
   JSON structure of a reputation object.

6.2.1.  Imported JSON Terms

   OBJECT:  a JSON object, defined in Section 2.2 of [JSON]

   MEMBER:  a member of a JSON object, defined in Section 2.2 of [JSON]

   MEMBER-NAME:  the name of a MEMBER, defined as a "string" in Section
      2.2 of [JSON]

   MEMBER-VALUE:  the value of a MEMBER, defined as a "value" in Section
      2.2 of [JSON]

   ARRAY:  an array, defined in Section 2.3 of [JSON]

   ARRAY-VALUE:  an element of an ARRAY, defined in Section 2.3 of

   NUMBER:  a "number" as defined in Section 2.4 of [JSON]

   INTEGER:  an "integer" as defined in Section 2.4 of [JSON]

   STRING:  an "string" as defined in Section 2.5 of [JSON]

6.2.2.  Reputon Structure

   Using [ABNF], the above terms for the JSON structures, the syntax of a
   reputation object is defined as follows:

   reputation-object:  an OBJECT containing a MEMBER reputation-context
      and a MEMBER reputon-list

   reputation-context:  a MEMBER with MEMBER-NAME "application" and
      MEMBER-VALUE a STRING (see Section 3)

   reputon-list:  a MEMBER with MEMBER-NAME "reputons" and MEMBER-VALUE
      a reputon-array

   reputon-array:  an ARRAY, where each ARRAY-VALUE is a reputon is:

     reputon = "{" [ reputon-object
         *(value-separator reputon-object) ] "}"

     reputon-object = "reputon" name-separator response-set

     response-set = "{"

   reputon:  an OBJECT, where each MEMBER is a reputon-element
         *(value-separator reputon-element) "}

   reputon-element:  one of the following, defined below: rater-value,
      assertion-value, rated-value, rating-value, conf-value, normal-
      value, sample-value, gen-value, expire-value, ext-value; note the

      *  The order of reputon-element members is not significant.

      *  A specific reputon-element = rater-value / assertion-value / rated-value
                       / rating-value / conf-value / normal-value
                       / sample-value / gen-value / expire-value
                       / ext-value
         ; these can appear in any order, but MUST NOT appear at most
         ; once each

     rater-value = %x22 more than once.

      *  rater-value, assertion-value, rated-value, and rating-value are

   rater-value:  a MEMBER with MEMBER-NAME "rater" and MEMBER-VALUE a
      STRING (see "rater" %x22 name-separator string

     assertion-value = %x22 in Section 3.1)

   assertion-value:  a MEMBER with MEMBER-NAME "assertion" %x22 name-separator string

     rated-value = %x22 and MEMBER-
      VALUE a STRING (see "assertion" in Section 3.1)

   rated-value:  a MEMBER with MEMBER-NAME "rated" %x22 name-separator string

     rating-value = %x22 and MEMBER-VALUE a
      STRING (see "rated" in Section 3.1)

   rating-value:  a MEMBER with MEMBER-NAME "rating" %x22 name-separator number
         ; "number" MUST be and MEMBER-VALUE a
      NUMBER between 0.0 and 1.0 inclusive

     conf-value = %x22 "confidence" %x22 name-separator (see "rating" in
      Section 3.1); the number
         ; "number" MUST be SHOULD NOT not have more than three
      decimal places of precision

   conf-value:  a MEMBER with MEMBER-NAME "confidence" and MEMBER-VALUE
      a NUMBER between 0.0 and 1.0 inclusive

     normal-value = %x22 "normal-rating" %x22 name-separator (see "confidence" in
      Section 3.1); the number
         ; "number" MUST be SHOULD NOT not have more than three
      decimal places of precision

   normal-value:  a MEMBER with MEMBER-NAME "normal-rating" and MEMBER-
      VALUE a NUMBER between 0.0 and 1.0 inclusive

     sample-value = %x22 "sample-size" %x22 name-separator int
         ; "int" MUST (see "normal" in
      Section 3.1); the number SHOULD NOT be negative

     gen-value = %x22 not have more than three
      decimal places of precision

   sample-value:  a MEMBER with MEMBER-NAME "sample-size" and MEMBER-
      VALUE a non-negative INTEGER (see "sample-size" in "normal" in
      Section 3.1)

   gen-value:  a MEMBER with MEMBER-NAME "generated" %x22 name-separator int
         ; "int" MUST NOT be negative

     expire-value = %x22 and MEMBER-VALUE a
      non-negative INTEGER (see "generated" in Section 3.1)

   expire-value:  a MEMBER with MEMBER-NAME "expires" %x22 name-separator int
         ; "int" MUST NOT and MEMBER-VALUE a
      non-negative INTEGER (see "expires" in Section 3.1)

   ext-value:  a MEMBER, for extension purposes; MEMBER-NAME and MEMBER-
      VALUE will be negative

     ext-value = member
         ; specific syntax is defined in separate application
         ; registrations

   The tokens "value-separator", "name-separator", "string", "int", and
   "member" are defined in [JSON].


6.3.  Examples

   The following simple example:

     Content-type: application/reputon+json

     Content-Type: application/reputons+json

       "application": "baseball",
       "reputons": [
           "rater": "",
           "assertion": "is-good",
           "rated": "Alex Rodriguez",
           "rating": 0.99,
           "sample-size": 50000

   ...indicates to the client that "" consolidated
   50000 data points (perhaps from everyone in Yankee Stadium) and
   concluded that Alex Rodriguez is very very good (0.99) at something.
   It doesn't tell us what he's good at, and while it might be playing
   baseball, it could just as well be paying his taxes on time.

   A more sophisticated usage would define a baseball application with a
   response set of specific assertions, so that this example:

     Content-type: application/reputon+json; context="baseball"

     Content-Type: application/reputons+json

       "application": "baseball",
       "reputons:" [
           "rater": "",
           "assertion": "hits-for-power",
           "rated": "Alex Rodriguez",
           "rating": 0.99,
           "sample-size": 50000

   ...would indicate that 50000 fans polled by the entity baseball- rate Alex Rodriguez very highly in hitting for
   power, whereas this example:

     Content-type: application/reputon+json; context="baseball"

     Content-Type: application/reputons+json

       "application": "baseball",
       "reputons": [
           "rater": "",
           "assertion": "clutch-hitter", "strong-hitter",
           "rated": "Alex Rodriguez",
           "rating": 0.4,
           "confidence": 0.2,
           "sample-size": 50000

   ...would indicate that a similar poll indicated a somewhat weak
   consensus that Alex Rodriguez tends to choke fail in critical batting
   situations during baseball

   In practice, it is expected that most reputons will have an "context"
   parameter to target an application-specific set of assertions. games.

   The following is an example reputon generated using this schema,
   including the media type definition line that identifies a specific
   reputation application context.  Here, reputation agent
   "" is asserting within the context of the "email-id"
   application (see [I-D.REPUTE-EMAIL-IDENTIFIERS]) that ""
   appears to be associated with spam 1.2% of the time, based on just
   short of 17 million messages analyzed or reported to date.  The
   "email-id" application has declared the extension key "identity" "email-id-
   identity" to indicate how the subject identifier was used in the
   observed data, establishing some more specific semantics for the
   "rating" value.  In this case, the extension is used to show the
   identity "", the subject of the query, is extracted from
   the analyzed messages using the DomainKeys Identified Mail [DKIM]
   "d=" parameter for messages where signatures validate.  The
   reputation agent is 95% confident of this result.  A second reputon
   is also present indicating similar information for the same domain as
   it is used in the context of Sender Policy Framework [SPF]
   evaluations.  (See [I-D.REPUTE-EMAIL-IDENTIFIERS] for details about
   the registered email identifiers application.)
     Content-Type: application/reputon+json; context="email-id" application/reputons+json

       "application": "email-id",
       "reputons": [
           "rater": "",
           "assertion": "spam",
           "identity": "dkim",
           "rated": "",
           "confidence": 0.95,
           "rating": 0.012,
           "sample-size": 16938213,
           "updated": 1317795852
           "rater": "",
           "assertion": "spam",
           "identity": "spf",
           "rated": "",
           "confidence": 0.98,
           "rating": 0.023,
           "sample-size": 16938213,
           "updated": 1317795852

7.  IANA Considerations

   This document presents two actions for IANA, namely the creation of
   the new media type "application/reputon+json" "application/reputons+json" and the creation of a
   registry for reputation application types.  Another document in this
   series creates an initial registry entry for the latter.

7.1.  application/reputon+json  application/reputons+json Media Type Registration

   This section provides the media type registration application from
   [MIME-REG] for processing by IANA:


   Subject:  Registration of media type application/reputon+json application/reputons+json
   Type name:  application

   Subtype name:  reputon+json

   Required parameters:  none

   Optional parameters:

      context:  Names the reputation application in use within the
         reputon, which defines the valid assertions and any extensions
         that may also be valid (i.e., the response set) for that
         application.  These are registered with IANA in the Reputation
         Application Registry as described in Section 7.2.  none

   Encoding considerations:  "7bit" encoding is sufficient and is used
      to maintain readability when viewed by non-MIME mail readers.

   Security considerations:  See Section 8 of [this document].

   Interoperability considerations:  Implementers may encounter "app"
      values, attribute/value pairs, or response set items that they do
      not support, which are to be ignored.

   Published specification:  [this document]

   Applications that use this media type:  Any application that wishes
      to query a service that provides reputation data using the "long
      form" form
      defined in [I-D.REPUTE-QUERY-HTTP].  The example application is
      one that provides reputation expressions data about DNS domain names and other
      identifiers found in email messages.

   Additional information:  The value of the "app" parameter is
      registered with IANA.

   Person and email address to contact for further information:

         Nathaniel Borenstein <>

         Murray S. Kucherawy <> <>

   Intended usage:  COMMON


         Nathaniel Borenstein

         Murray S. Kucherawy

   Change controller:  IESG

7.2.  Reputation Applications Registry

   IANA is requested to create the "Reputation Applications" registry.
   This registry will contain names of applications used with the
   application/reputons+json media type (and other media types that
   carry reputons), as defined by this document.

   New registrations or updates are published in accordance with either
   the "IETF Review" or "Specification Required" guidelines as described

   New registrations and updates are to contain the following

   1.  Name of the application being registered or updated updated.  Valid names
       conform to the ABNF construction "token" as defined in
       Multipurpose Internet Mail Extensions (MIME) Part One [MIME].

   2.  Short description of the application (i.e., the class of entity
       about which it reports reputation data)

   3.  The document in which the application is defined

   4.  New or updated status, which is to be one of:

       current:  The application is in current use

       deprecated:  The application is in current use but its use is

       historic:  The application is no longer in current use


   A specification for an application space needs to be specific and
   clear enough to allow interoperability, and include at least the
   following details:

   o  The application's symbolic name, as it appears in the registration
      (see above)

   o  A description of the subject of a query within this reputation,
      and a legal syntax for the same


   o  An optional table of query parameters that are specific to this
      application; each table entry must include:

      Name:  Name of the query parameter

      Status:  (as above)

      Description:  A short description of the purpose of this parameter

      Syntax:  A reference to a description of valid syntax for the
         parameter's value

      Required:  "yes" if the parameter is mandatory, "no" otherwise


   o  A list of one or more assertions registered within this
      application; each table entry is to include:

      Name:  Name of the assertion

      Description:  A short description of the assertion, with specific
         meanings for values of 0.0 and 1.0

      Scale:  A short description of the scale used in computing the
         value (see Section 4 of this document)


   o  An optional list of one or more response set extension keys for
      use within this application; each table entry is to include:

      Name:  Name of the extension key

      Description:  A short description of the key's intended meaning

      Syntax:  A description of valid values that can appear associated
         with the key

   The names of attributes registered should be prefixed by the name of
   the application itself (e.g., the "foo" application registering a
   "bar" attribute should call it "foo-bar") to avoid namespace

   For registrations qualifying under "Specification Required" rules,
   the designated expert should confirm the document meets the minima
   described above and otherwise looks generally acceptable, and then
   approve the registration.

8.  Security Considerations

   This document is primarily an IANA action registering a media type.
   It does not describe a new protocol that might introduce security

   Discussion of the security and operational impacts of using
   reputation services in general can be found throughout

9.  References
9.1.  Normative References

   [ABNF]     Crocker, D. and P. Overell, "Augmented BNF for Syntax
              Specifications: ABNF", STD 68, RFC 5234, January 2008.

              Borenstein, N. and M. Kucherawy, "A Model for Reputation
              Interchange", draft-ietf-repute-model (work in progress),
              November 2012.

              Borenstein, N. and M. Kucherawy, "Reputation Data
              Interchange using HTTP and XML",
              draft-ietf-repute-query-http (work in progress),
              November 2012.

   [JSON]     Crockford, D., "The application/json Media Type for
              JavaScript Object Notation (JSON)", RFC 4627, July 2006.

              Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

9.2.  Informative References

   [DKIM]     Crocker, D., Ed., Hansen, T., Ed., and M. Kucherawy, Ed.,
              "DomainKeys Identified Mail (DKIM) Signatures", RFC 6376,
              September 2011.

   [HTTP]     Fielding, R., Gettys, J., Mogul, J., Frystyk, H.,
              Masinter, L., Leach, P., and T. Berners-Lee, "Hypertext
              Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999.

              Kucherawy, M., "Operational Considerations Regarding
              Reputation Services", draft-ietf-repute-considerations
              (work in progress), November 2012.

              Borenstein, N. and M. Kucherawy, "A Reputation Vocabulary
              for Email Identifiers",
              draft-ietf-repute-email-identifiers (work in progress),
              November 2012.

              Narten, T. and H. Alvestrand, "Guidelines for Writing an
              IANA Considerations Section in RFCs", RFC 5226, May 2008.

   [MIME]     Freed, N. and N. Borenstein, "Multipurpose Internet Mail
              Extensions (MIME) Part One: Format of Internet Message
              Bodies", RFC 2045, November 1996.

              Freed, N. and J. Klensin, "Media Type Specifications and
              Registration Procedures", RFC 4288, December 2005.

   [SPF]      Wong, M. and W. Schlitt, "Sender Policy Framework (SPF)
              for Authorizing Use of Domains in E-Mail, Version 1",
              RFC 4408, April 2006.

Appendix A.  Acknowledgments

   The authors wish to acknowledge the contributions of the following to
   this specification: Frank Ellermann, Tony Hansen, Jeff Hodges, Simon
   Hunt, John Levine, David F. Skoll, and Mykyta Yevstifeyev.

Appendix B.  Public Discussion

   Public discussion of this suite of documents takes place on the mailing list.  See

Authors' Addresses

   Nathaniel Borenstein
   203 Crescent St., Suite 303
   Waltham, MA  02453

   Phone: +1 781 996 5340

   Murray S. Kucherawy
   270 Upland Drive
   San Francisco, CA  94127