Network Working Group C. Newman Internet-Draft Sun Microsystems Expires: August 10, 2004 February 10, 2004 Message Submission with Composition draft-newman-lemonade-compose-01.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on August 10, 2004. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract The submission profile of Simple Mail Transfer Protocol (SMTP) provides a standard way for an email client to submit a complete message for delivery. The chunking extension provides a way for a client to compose a message for submission from a series of client provided pieces. This specification further extends the chunking facility so that a client can compose a message from additional sources. For example, a client could use this facility to forward a message from an IMAP server or forward a web page as an attachment to a new message. Newman Expires August 10, 2004 [Page 1] Internet-Draft Message Submission with Composition February 2004 Table of Contents 1. Conventions Used in this Document . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. BURL Submission Extension . . . . . . . . . . . . . . . . . . 3 3.1 SMTP Submission Extension Registration . . . . . . . . . . . . 3 3.2 Composition Transaction . . . . . . . . . . . . . . . . . . . 4 3.3 Supported URIs . . . . . . . . . . . . . . . . . . . . . . . . 4 3.4 Transfer Encoding Conversion . . . . . . . . . . . . . . . . . 5 3.5 Example . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 3.6 Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Message Submission with Composition for Small Devices . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Changes from -00 . . . . . . . . . . . . . . . . . . . . . . . 7 Normative References . . . . . . . . . . . . . . . . . . . . . 8 Informative References . . . . . . . . . . . . . . . . . . . . 9 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . . 10 Newman Expires August 10, 2004 [Page 2] Internet-Draft Message Submission with Composition February 2004 1. Conventions Used in this Document The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" in this document are to be interpreted as defined in "Key words for use in RFCs to Indicate Requirement Levels" [5]. The formal syntax use the Augmented Backus-Naur Form (ABNF) [6] notation including the core rules defined in Appendix A of RFC 2234. In examples, "C:" and "S:" indicate lines sent by the client and server respectively. If a single "C:" or "S:" label applies to multiple lines, then the line breaks between those lines are for editorial clarity only and are not part of the actual protocol exchange. 2. Introduction This specification defines an extension to the standard Message Submission [8] protocol to permit composition of messages from multiple sources on the Internet. This extends the CHUNKING [12] mechanism so that chunks of the message can come from external sources. This provides the ability to forward a web page or email message without first downloading it to the client. 3. BURL Submission Extension This section defines the BURL submission extension. 3.1 SMTP Submission Extension Registration 1. The name of this submission extension is "BURL". This extends the Message Submission protocol on port 587 and MUST NOT be advertised by a regular SMTP [11] server on port 25. Compliant submission clients MUST attempt to use port 587 prior to falling back to port 25, unless explicitly configured to do otherwise by the user. 2. The EHLO keyword value associated with the extension is "BURL". 3. The BURL EHLO keyword will have zero or more arguments. Each argument is either an absoluteURI [7], a prefix of an absoluteURI including the component or a URI scheme name. The arguments which appear after BURL may change subsequent to the use of SMTP AUTH [9]. 4. This extension adds the BURL SMTP verb. This verb is only permitted between the first BDAT [12] SMTP verb in a message transaction and a subsequent BDAT in the same transaction which Newman Expires August 10, 2004 [Page 3] Internet-Draft Message Submission with Composition February 2004 includes an end marker. Out of sequence use of the BURL SMTP verb will result in a "503 5.5.1 Bad Sequence of commands" error. A server which advertises both BURL and PIPELINING [22] MUST accept an entire transaction including MAIL FROM, one or more RCPT TO and a combination of BDAT and BURL commands in one round trip. If no valid recipients are present, the BDAT commands all fail and the data is consumed, and the BURL commands also fail without triggering a fetch of the URL. 5. This extension adds no new parameters to the MAIL or RCPT verbs. 6. The BURL verb is used during a CHUNKING SMTP transaction. If the argument is a valid URL which the submit server can resolve to a data object, the submit server will resolve the URL and optionally apply a content-transfer-encoding. 3.2 Composition Transaction When a composition client connects to a composition server, it will first authenticate (using SMTP AUTH and perhaps STARTTLS), and then can compose and submit any number of messages with full interoperability with important SMTP extensions such as delivery status notifications [14]. Each message which is composed and submitted is called a message composition transaction. A message composition transaction will typically consist of a MAIL FROM, one or more RCPT TO headers, an initial BDAT, an optional series of BURL or BDAT commands, and a BURL or BDAT command with the "LAST" tag. The client is permitted to pipeline [22] the entire transaction in one round-trip. However, it MUST wait for the results of the "LAST" BDAT or BURL command prior to initiating a new transaction. The BURL command directs the server to fetch the data object to which the URL refers, perform any necessary content transfer encoding conversions on that object and include it in the message. If the URL fetch or conversion fails, the server will either fail the entire transaction (including consuming any subsequent BDAT or BURL commands in the pipeline) or retry the composition later based on the value of the "failhow" argument to BURL. 3.3 Supported URIs The BURL EHLO keyword arguments list the types of URIs the composition server can resolve. If it lists just the scheme name, that indicates the server supports all forms of that URI which refer Newman Expires August 10, 2004 [Page 4] Internet-Draft Message Submission with Composition February 2004 to a single data object. In the case of IMAP URLs [20], advertising the bare scheme name indicates the server also supports the URLAUTH [23] extended form. The composition server can indicate a pre-arranged trust relationship with another server by including a URL qualified by the server name. For example, if user "joe" authenticates to the composition server and subsequent to authentication the server advertises "imap:// joe@example.com", that indicates the composition server has a trust relationship with example.com that permits access to all messages that joe can access. If the EHLO keyword has an absoluteURI argument, that indicates the server has authorized access to all URIs with that absoluteURI as a prefix. Implementations are encouraged to support both IMAP and HTTP [21] URLs at a minimum. 3.4 Transfer Encoding Conversion The composition client can specify that the server should perform a transfer encoding conversion after resolving the URL. o The "base64" conversion indicates that if the data was already base64 encoded, it should be left unchanged. Otherwise, any content transfer encoding is removed and the result is base64 encoded. o The "8bit" conversion indicates that any content transfer encoding is removed, lines longer than 998 characters MUST be wrapped onto multiple lines by insertion of a CRLF, NUL octets MUST be dropped, and bare newline or bare carriage return MUST be converted to CRLF. o The "none" conversion indicates that the data is unchanged and any original content transfer encoding is left in place. If the server does not advertise BINARYMIME and if the raw data would require any changes to be labelled "8bit", then the server MUST fail the BURL command. o The "binary" conversion is only permitted if the BINARYMIME EHLO keyword was advertised, and indicates any content transfer encoding is to be removed and the data is to be included otherwise unaltered. The composition server MAY fail any BURL command which results in insertion of data that would violate the MIME charset or Newman Expires August 10, 2004 [Page 5] Internet-Draft Message Submission with Composition February 2004 content-transfer-encoding label at that location in the message. The composition server MUST fail the BURL command if data with the high bit set is included prior to the first blank line in the message. 3.5 Example TBD. 3.6 Formal Syntax The following syntax specification inherits ABNF [6] and Uniform Resource Identifiers [7]. burl-param = scheme / absoluteURI / trusted-domain ; parameter to BURL EHLO keyword burl-cmd = "BURL" SP conversion SP failhow SP absoluteURI [SP end-marker] CRLF conversion = "base64" / "8bit" / "binary" / "none" failhow = "now" / "retry" end-marker = "LAST" trusted-domain = scheme "://" authority 4. Message Submission with Composition for Small Devices A Message Submission [8] server is considered to be a compliant Message Submission with Composition server if it implements the following specifications: o BURL (Section 3): Mandatory o DSN [14]: Mandatory o STARTTLS [13]: Mandatory o CHUNKING [12]: Mandatory o BINARYMIME [12]: Mandatory o PIPELINING [22]: Mandatory o Revised SMTP [11]: Mandatory, with exceptions in [8]. Newman Expires August 10, 2004 [Page 6] Internet-Draft Message Submission with Composition February 2004 o SMTP AUTH [9]: Mandatory o Submission [8]: Mandatory o Error Codes [3]: Recommended o Size [2]: Mandatory o 521 [18]: MUST NOT o Checkpoint [17]: Optional o 8BITMIME [1]: Mandatory o TURN [16]: MUST NOT Specifications which help reduce data transmissions or round-trips between a small device and the composition server are mandatory, as well as SMTP extensions proven in the installed base. A Message Composition server MUST require SMTP AUTH prior to accepting a submission. The SASL PLAIN [10] mechanism in combination with STARTTLS [13] is the mandatory-to-implement authentication mechanism. 5. IANA Considerations When this is published as an RFC, the "BURL" SMTP extension as described in Section 3 will be registered. This registration will be marked as for use by message submission [8] only in the registry. 6. Security Considerations Implementations which support the URLAUTH [23] form of IMAP URLs MUST implement both the SMTP STARTTLS [13] and the IMAP STARTTLS [15] extensions and MUST have a configuration setting which requires their use with such IMAP URLs. When a client uses the SMTP STARTTLS to send a BURL command which references non-public information, the message submission server MUST use STARTTLS or a mechanism providing equivalent data privacy when resolving that URL. 7. Changes from -00 o Added the end-marker "LAST", so this could be used without BDAT and works with a pre-composed message. o Changed "Message Composition" to "Message Submission with Composition" in several places. Newman Expires August 10, 2004 [Page 7] Internet-Draft Message Submission with Composition February 2004 o Correct Spelling Errors Normative References [1] Klensin, J., Freed, N., Rose, M., Stefferud, E. and D. Crocker, "SMTP Service Extension for 8bit-MIMEtransport", RFC 1652, July 1994. [2] Klensin, J., Freed, N. and K. Moore, "SMTP Service Extension for Message Size Declaration", STD 10, RFC 1870, November 1995. [3] Freed, N., "SMTP Service Extension for Returning Enhanced Error Codes", RFC 2034, October 1996. [4] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [5] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [6] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997. [7] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998. [8] Gellens, R. and J. Klensin, "Message Submission", RFC 2476, December 1998. [9] Myers, J., "SMTP Service Extension for Authentication", RFC 2554, March 1999. [10] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, June 1999. [11] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. [12] Vaudreuil, G., "SMTP Service Extensions for Transmission of Large and Binary MIME Messages", RFC 3030, December 2000. [13] Hoffman, P., "SMTP Service Extension for Secure SMTP over Transport Layer Security", RFC 3207, February 2002. [14] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications (DSNs)", RFC 3461, Newman Expires August 10, 2004 [Page 8] Internet-Draft Message Submission with Composition February 2004 January 2003. [15] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1", RFC 3501, March 2003. Informative References [16] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821, August 1982. [17] Crocker, D. and N. Freed, "SMTP Service Extension for Checkpoint/Restart", RFC 1845, September 1995. [18] Durand, A. and F. Dupont, "SMTP 521 Reply Code", RFC 1846, September 1995. [19] De Winter, J., "SMTP Service Extension for Remote Message Queue Starting", RFC 1985, August 1996. [20] Newman, C., "IMAP URL Scheme", RFC 2192, September 1997. [21] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., Masinter, L., Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 2616, June 1999. [22] Freed, N., "SMTP Service Extension for Command Pipelining", STD 60, RFC 2920, September 2000. [23] Crispin, M., "Internet Message Access Protocol (IMAP) - URLAUTH", draft-crispin-imap-urlauth-00 (work in progress), June 2003. Author's Address Chris Newman Sun Microsystems 1050 Lakes Drive West Covina, CA 91790 US EMail: chris.newman@sun.com Newman Expires August 10, 2004 [Page 9] Internet-Draft Message Submission with Composition February 2004 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. Full Copyright Statement Copyright (C) The Internet Society (2004). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION Newman Expires August 10, 2004 [Page 10] Internet-Draft Message Submission with Composition February 2004 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Newman Expires August 10, 2004 [Page 11]