This is a purely informative rendering of an RFC that includes verified errata. This rendering may not be used as a reference.
The following 'Verified' errata have been incorporated in this document:
EID 3153
Internet Engineering Task Force (IETF) A. Yang
Request for Comments: 6532 TWNIC
Obsoletes: 5335 S. Steele
Updates: 2045 Microsoft
Category: Standards Track N. Freed
ISSN: 2070-1721 Oracle
February 2012
Internationalized Email Headers
Abstract
Internet mail was originally limited to 7-bit ASCII. MIME added
support for the use of 8-bit character sets in body parts, and also
defined an encoded-word construct so other character sets could be
used in certain header field values. However, full
internationalization of electronic mail requires additional
enhancements to allow the use of Unicode, including characters
outside the ASCII repertoire, in mail addresses as well as direct use
of Unicode in header fields like "From:", "To:", and "Subject:",
without requiring the use of complex encoded-word constructs. This
document specifies an enhancement to the Internet Message Format and
to MIME that allows use of Unicode in mail addresses and most header
field content.
This specification updates Section 6.4 of RFC 2045 to eliminate the
restriction prohibiting the use of non-identity content-transfer-
encodings on subtypes of "message/".
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Further information on
Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
http://www.rfc-editor.org/info/rfc6532.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Terminology Used in This Specification . . . . . . . . . . . . 3
3. Changes to Message Header Fields . . . . . . . . . . . . . . . 4
3.1. UTF-8 Syntax and Normalization . . . . . . . . . . . . . . 4
3.2. Syntax Extensions to RFC 5322 . . . . . . . . . . . . . . 5
3.3. Use of 8-bit UTF-8 in Message-IDs . . . . . . . . . . . . 5
3.4. Effects on Line Length Limits . . . . . . . . . . . . . . 5
3.5. Changes to MIME Message Type Encoding Restrictions . . . . 6
3.6. Use of MIME Encoded-Words . . . . . . . . . . . . . . . . 6
3.7. The message/global Media Type . . . . . . . . . . . . . . 7
4. Security Considerations . . . . . . . . . . . . . . . . . . . 8
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 9
7. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
7.1. Normative References . . . . . . . . . . . . . . . . . . . 10
7.2. Informative References . . . . . . . . . . . . . . . . . . 10
1. Introduction
Internet mail distinguishes a message from its transport and further
divides a message between a header and a body [RFC5322]. Internet
mail header field values contain a variety of strings that are
intended to be user-visible. The range of supported characters for
these strings was originally limited to [ASCII] in 7-bit form. MIME
[RFC2045] [RFC2046] [RFC2047] provides the ability to use additional
character sets, but this support is limited to body part data and to
special encoded-word constructs that were only allowed in a limited
number of places in header field values.
Globalization of the Internet requires support of the much larger set
of characters provided by Unicode [RFC5198] in both mail addresses
and most header field values. Additionally, complex encoding schemes
like encoded-words introduce inefficiencies as well as significant
opportunities for processing errors. And finally, native support for
the UTF-8 charset is now available on most systems. Hence, it is
strongly desirable for Internet mail to support UTF-8 [RFC3629]
directly.
This document specifies an enhancement to the Internet Message Format
[RFC5322] and to MIME that permits the direct use of UTF-8, rather
than only ASCII, in header field values, including mail addresses. A
new media type, message/global, is defined for messages that use this
extended format. This specification also lifts the MIME restriction
on having non-identity content-transfer-encodings on any subtype of
the message top-level type so that message/global parts can be safely
transmitted across existing mail infrastructure.
This specification is based on a model of native, end-to-end support
for UTF-8, which depends on having an "8-bit-clean" environment
assured by the transport system. Support for carriage across legacy,
7-bit infrastructure and for processing by 7-bit receivers requires
additional mechanisms that are not provided by these specifications.
This specification is a revision of and replacement for [RFC5335].
Section 6 of [RFC6530] describes the change in approach between this
specification and the previous version.
2. Terminology Used in This Specification
A plain ASCII string is fully compatible with [RFC5321] and
[RFC5322]. In this document, non-ASCII strings are UTF-8 strings if
they are in header field values that contain at least one
<UTF8-non-ascii> (see Section 3.1).
Unless otherwise noted, all terms used here are defined in [RFC5321],
[RFC5322], [RFC6530], or [RFC6531].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [RFC2119].
The term "8-bit" means octets are present in the data with values
above 0x7F.
3. Changes to Message Header Fields
To permit non-ASCII Unicode characters in field values, the header
definition in [RFC5322] is extended to support the new format. The
following sections specify the necessary changes to RFC 5322's ABNF.
The syntax rules not mentioned below remain defined as in [RFC5322].
Note that this protocol does not change rules in RFC 5322 for
defining header field names. The bodies of header fields are allowed
to contain Unicode characters, but the header field names themselves
must consist of ASCII characters only.
Also note that messages in this format require the use of the
SMTPUTF8 extension [RFC6531] to be transferred via SMTP.
3.1. UTF-8 Syntax and Normalization
UTF-8 characters can be defined in terms of octets using the
following ABNF [RFC5234], taken from [RFC3629]:
UTF8-non-ascii = UTF8-2 / UTF8-3 / UTF8-4
UTF8-2 = <Defined in Section 4 of RFC3629>
UTF8-3 = <Defined in Section 4 of RFC3629>
UTF8-4 = <Defined in Section 4 of RFC3629>
See [RFC5198] for a discussion of Unicode normalization;
normalization form NFC [UNF] SHOULD be used. Actually, if one is
going to do internationalization properly, one of the most often
cited goals is to permit people to spell their names correctly.
Since many mailbox local parts reflect personal names, that principle
applies to mailboxes as well. The NFKC normalization form [UNF]
SHOULD NOT be used because it may lose information that is needed to
correctly spell some names in some unusual circumstances.
3.2. Syntax Extensions to RFC 5322
The following rules extend the ABNF syntax defined in [RFC5322] and
[RFC5234] in order to allow UTF-8 content.
VCHAR =/ UTF8-non-ascii
ctext =/ UTF8-non-ascii
atext =/ UTF8-non-ascii
qtext =/ UTF8-non-ascii
text =/ UTF8-non-ascii
; note that this upgrades the body to UTF-8
dtext =/ UTF8-non-ascii
The preceding changes mean that the following constructs now allow
UTF-8:
1. Unstructured text, used in header fields like "Subject:" or
"Content-description:".
2. Any construct that uses atoms, including but not limited to the
local parts of addresses and Message-IDs. This includes
addresses in the "for" clauses of "Received:" header fields.
3. Quoted strings.
4. Domains.
Note that header field names are not on this list; these are still
restricted to ASCII.
3.3. Use of 8-bit UTF-8 in Message-IDs
Implementers of Message-ID generation algorithms MAY prefer to
restrain their output to ASCII since that has some advantages, such
as when constructing "In-reply-to:" and "References:" header fields
in mailing-list threads where some senders use internationalized
addresses and others do not.
3.4. Effects on Line Length Limits
Section 2.1.1 of [RFC5322] limits lines to 998 characters and
recommends that the lines be restricted to only 78 characters. This
specification changes the former limit to 998 octets. (Note that, in
ASCII, octets and characters are effectively the same, but this is
not true in UTF-8.) The 78-character limit remains defined in terms
of characters, not octets, since it is intended to address display
width issues, not line-length issues.
3.5. Changes to MIME Message Type Encoding Restrictions
This specification updates Section 6.4 of [RFC2045]. [RFC2045]
prohibits applying a content-transfer-encoding to any subtypes of
"message/". This specification relaxes that rule -- it allows newly
defined MIME types to permit content-transfer-encoding, and it allows
content-transfer-encoding for message/global (see Section 3.7).
Background: Normally, transfer of message/global will be done in
8-bit-clean channels, and body parts will have "identity" encodings,
that is, no decoding is necessary.
But in the case where a message containing a message/global is
downgraded from 8-bit to 7-bit as described in [RFC6152], an encoding
might have to be applied to the message. If the message travels
multiple times between a 7-bit environment and an environment
implementing these extensions, multiple levels of encoding may occur.
This is expected to be rarely seen in practice, and the potential
complexity of other ways of dealing with the issue is thought to be
larger than the complexity of allowing nested encodings where
necessary.
3.6. Use of MIME Encoded-Words
The MIME encoded-words facility [RFC2047] provides the ability to
place non-ASCII text, but only in a subset of the places allowed by
this extension. Additionally, encoded-words are substantially more
complex since they allow the use of arbitrary charsets. Accordingly,
encoded-words SHOULD NOT be used when generating header fields for
messages employing this extension. Agents MAY, when incorporating
material from another message, convert encoded-word use to direct use
of UTF-8.
Note that care must be taken when decoding encoded-words because the
results after replacing an encoded-word with its decoded equivalent
in UTF-8 may be syntactically invalid. Processors that elect to
decode encoded-words MUST NOT generate syntactically invalid fields.
3.7. The message/global Media Type
Internationalized messages in this format MUST only be transmitted as
authorized by [RFC6531] or within a non-SMTP environment that
supports these messages. A message is a "message/global message" if:
o it contains 8-bit UTF-8 header values as specified in this
document, or
o it contains 8-bit UTF-8 values in the header fields of body parts.
The content of a message/global part is otherwise identical to that
of a message/rfc822 part.
If an object of this type is sent to a 7-bit-only system, it MUST
have an appropriate content-transfer-encoding applied. (Note that a
system compliant with MIME that doesn't recognize message/global is
supposed to treat it as "application/octet-stream" as described in
Section 5.2.4 of [RFC2046].)
The registration is as follows:
Type name: message
Subtype name: global
Required parameters: none
Optional parameters: none
Encoding considerations: Any content-transfer-encoding is permitted.
The 8-bit or binary content-transfer-encodings are recommended
where permitted.
Security considerations: See Section 4.
Interoperability considerations: This media type provides
functionality similar to the message/rfc822 content type for email
messages with internationalized email headers. When there is a
need to embed or return such content in another message, there is
generally an option to use this media type and leave the content
unchanged or down-convert the content to message/rfc822. Each of
these choices will interoperate with the installed base, but with
different properties. Systems unaware of internationalized
headers will typically treat a message/global body part as an
unknown attachment, while they will understand the structure of a
message/rfc822. However, systems that understand message/global
will provide functionality superior to the result of a down-
conversion to message/rfc822. The most interoperable choice
depends on the deployed software.
Published specification: RFC 6532
Applications that use this media type: SMTP servers and email
clients that support multipart/report generation or parsing.
Email clients that forward messages with internationalized headers
as attachments.
Additional information:
Magic number(s): none
File extension(s): The extension ".u8msg" is suggested.
Macintosh file type code(s): A uniform type identifier (UTI) of
"public.utf8-email-message" is suggested. This conforms to
"public.message" and "public.composite-content", but does not
necessarily conform to "public.utf8-plain-text".
Person & email address to contact for further information: See the
Authors' Addresses section of this document.
Intended usage: COMMON
Restrictions on usage: This is a structured media type that embeds
other MIME media types. An 8-bit or binary content-transfer-
encoding SHOULD be used unless this media type is sent over a
7-bit-only transport.
Author: See the Authors' Addresses section of this document.
Change controller: IETF Standards Process
4. Security Considerations
Because UTF-8 often requires several octets to encode a single
character, internationalization may cause header field values (in
general) and mail addresses (in particular) to become longer. As
specified in [RFC5322], each line of characters MUST be no more than
998 octets, excluding the CRLF. On the other hand, MDA (Mail
Delivery Agent) processes that parse, store, or handle email
addresses or local parts must take extra care not to overflow
buffers, truncate addresses, or exceed storage allotments. Also,
they must take care, when comparing, to use the entire lengths of the
addresses.
There are lots of ways to use UTF-8 to represent something equivalent
or similar to a particular displayed character or group of
characters; see the security considerations in [RFC3629] for details
on the problems this can cause. The normalization process described
in Section 3.1 is recommended to minimize these issues.
The security impact of UTF-8 headers on email signature systems such
as Domain Keys Identified Mail (DKIM), S/MIME, and OpenPGP is
discussed in Section 13 of [RFC6530].
EID 3153 (Verified) is as follows:Section: 4
Original Text:
The security impact of UTF-8 headers on email signature systems such
as Domain Keys Identified Mail (DKIM), S/MIME, and OpenPGP is
discussed in Section 14 of [RFC6530].
Corrected Text:
The security impact of UTF-8 headers on email signature systems such
as Domain Keys Identified Mail (DKIM), S/MIME, and OpenPGP is
discussed in Section 13 of [RFC6530].
Notes:
Incorrect section number in reference.
If a user has a non-ASCII mailbox address and an ASCII mailbox
address, a digital certificate that identifies that user might have
both addresses in the identity. Having multiple email addresses as
identities in a single certificate is already supported in PKIX
(Public Key Infrastructure using X.509) [RFC5280] and OpenPGP
[RFC3156], but there may be user-interface issues associated with the
introduction of UTF-8 into addresses in this context.
5. IANA Considerations
IANA has updated the registration of the message/global MIME type
using the registration form contained in Section 3.7.
6. Acknowledgements
This document incorporates many ideas first described in a draft
document by Paul Hoffman, although many details have changed from
that earlier work.
The authors especially thank Jeff Yeh for his efforts and
contributions on editing previous versions.
Most of the content of this document was provided by John C Klensin
and Dave Crocker. Significant comments and suggestions were received
from Martin Duerst, Julien Elie, Arnt Gulbrandsen, Kristin Hubner,
Kari Hurtta, Yangwoo Ko, Charles H. Lindsey, Alexey Melnikov, Chris
Newman, Pete Resnick, Yoshiro Yoneya, and additional members of the
Joint Engineering Team (JET) and were incorporated into the document.
The authors wish to sincerely thank them all for their contributions.
7. References
7.1. Normative References
[ASCII] "Coded Character Set -- 7-bit American Standard Code for
Information Interchange", ANSI X3.4, 1986.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, November 2003.
[RFC5198] Klensin, J. and M. Padlipsky, "Unicode Format for Network
Interchange", RFC 5198, March 2008.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
October 2008.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
October 2008.
[RFC6530] Klensin, J. and Y. Ko, "Overview and Framework for
Internationalized Email", RFC 6530, February 2012.
[RFC6531] Yao, J. and W. Mao, "SMTP Extension for Internationalized
Email", RFC 6531, February 2012.
[UNF] Davis, M. and K. Whistler, "Unicode Standard Annex #15:
Unicode Normalization Forms", September 2010,
<http://www.unicode.org/reports/tr15/>.
7.2. Informative References
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996.
[RFC2046] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part Two: Media Types", RFC 2046,
November 1996.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail Extensions)
Part Three: Message Header Extensions for Non-ASCII Text",
RFC 2047, November 1996.
[RFC3156] Elkins, M., Del Torto, D., Levien, R., and T. Roessler,
"MIME Security with OpenPGP", RFC 3156, August 2001.
[RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S.,
Housley, R., and W. Polk, "Internet X.509 Public Key
Infrastructure Certificate and Certificate Revocation List
(CRL) Profile", RFC 5280, May 2008.
[RFC5335] Yang, A., "Internationalized Email Headers", RFC 5335,
September 2008.
[RFC6152] Klensin, J., Freed, N., Rose, M., and D. Crocker, "SMTP
Service Extension for 8-bit MIME Transport", STD 71,
RFC 6152, March 2011.
Authors' Addresses
Abel Yang
TWNIC
4F-2, No. 9, Sec 2, Roosevelt Rd.
Taipei 100
Taiwan
Phone: +886 2 23411313 ext 505
EMail: abelyang@twnic.net.tw
Shawn Steele
Microsoft
EMail: Shawn.Steele@microsoft.com
Ned Freed
Oracle
800 Royal Oaks
Monrovia, CA 91016-6347
USA
EMail: ned+ietf@mrochek.com