headers
Murray S. Kucherawy | 9 Jan 23:44

draft-kucherawy-received-state

Hi all,

 

Over on ietf-smtp, https://datatracker.ietf.org/doc/draft-kucherawy-received-state/ was developed late last year.  This is an optional tweak to Received fields allowing annotation of entry into special states of mail handling, such as quarantines or hold-for-moderation MLM actions that would help to explain large gaps in timestamp sequences.

 

I’m looking for a wider audience of reviewers and (hopefully supporters).  If this sort of thing seems like a good (or terrible) idea, please do follow up and comment.

 

How much and what kind of support is evident will guide the choice of what its next steps are (if any).

 

Thanks,

-MSK

Permalink | Reply | 0 comments |
headers
Rolf E. Sonneveld | 28 Dec 16:27
Picon

Do S/MIME and OpenPGP protect message headers?

Hi,

just to check: S/MIME (http://tools.ietf.org/html/rfc5751) does not  does include/cover the 5322.From and the 5322.To fields as part of the cryptographic payload. Protection of headers can be achieved by wrapping up a the complete message into a message/rfc822 bodypart and sign/encrypt that (par. 3.1 of that RFC). How is that with OpenPGP (http://tools.ietf.org/html/rfc4880)? OpenPGP does not protect 5322.From and 5322.To either, does it?

Par. 5.11 of RFC4880:

A User ID packet consists of UTF-8 text that is intended to represent the name and email address of the key holder. By convention, it includes an RFC 2822 [RFC2822] mail name-addr, but there are no restrictions on its content. The packet length in the header specifies the length of the User ID.
The recipient address is not mentioned anywhere. So is the following statement correct?:

Neither S/MIME nor OpenPGP protects the '5322.headers' of a message, unless that message itself is wrapped up and used as body of an enclosing S/MIME or PGP message

/rolf
Permalink | Reply | 1 comment |
headers
Alessandro Vesely | 9 Dec 13:18
Picon
Favicon

Privicons and redaction


In abuse reporting, an established albeit discouraged practice
consists of redacting reported messages.  In a nutshell, users may
have the ability to signal some received messages as being abusive.
Their mailbox providers should then wrap those messages according to
abuse reporting format (ARF, RFC 5965) and send them back to the
senders if they had subscribed to the relevant feedback loop.  See
http://en.wikipedia.org/wiki/Feedback_loop_%28email%29

Redaction conceals the recipient, rather than the sender.  In this
case, authors should markup the parts of the messages that contain
sensible data, in case the recipients report those messages as spam,
possibly inadvertently.  A document describing how to carry out
redaction is now in LC, so it can hardly mention privicons.  However,
privicons could consider this possible use.  The redaction doc is at
http://datatracker.ietf.org/doc/draft-ietf-marf-redaction/

For casual readers, privicons are defined here:
http://tools.ietf.org/html/draft-koenig-privicons
Permalink | Reply | 0 comments |
headers
Bill McQuillan | 5 Dec 21:54
Picon
Favicon

draft-koenig-privicons-03.txt


My comments on "Privacy Preferences for E-Mail Messages"

> 1.  Introduction
> 
> 1.1.  Overview
   .
   .
   .
>    This document proposes a syntax (Section 2) and semantics (Section 3)
>    allowing a Sending User of an e-mail message to express his or her
>    preference for how the e-mail message content should be handled by
>    the Receiving Users.  For this purpose, semantics of sets of
>    different character combinations ("Privicons") are described.  These
>    can syntactically be integrated either in the first-line of the body,
>    in the subject line and/or in a dedicated header of any e-mail
>    message.  The Privicons icon set has six different icons.  They will
>    be machine-readable.

It would be more correct to use the term "header field" rather 
than "header" here and in the rest of the document.
   .
   .
   .

> 1.3.  Terminology and Conventions
   .
   .
   .
>    o  The terms "Sending User" and "Receiving User" are related to a
>       user using the User Agent either sending or receiving an e-mail
>       message.  A Sending User is a user that sends an e-mail message to
>       a Receiving User.  A Receiving User is a user that receives an
>       e-mail message from a Sending User.

The definition of Sending User needs to be clarified: is it the 
email-address from the Sender: header field? Or one or more of 
the email-address from the From: header field?
   .
   .
   .
> 2.  Syntax
   .
   .
   .
>    o  MUST contain a header (Section 2.4) with Privacy Preferences,

This "MUST" seems to conflict with the MAY later in this spec.
   .
   .
   .
> 2.1.  Definitions
> 
>    element1 | element2  Elements separated by a bar ("|") are
>       alternatives, e.g., "yes | no" will accept yes or no.
> 
>    "literal"  Quotation marks surround literal text.  Unless stated
>       otherwise, the text is case-insensitive.
> 
>    whitespace  " "
> 
>    whatever  Some arbitrary text.
> 
>    date  Will be substituted by a "full-date", [RFC3339].
> 
>    privicon  =
>       ("[X]"|"[/]"|"[=]"|"[=0]"|"[=I]"|"[=date]"|"[-]"|"[o]"|"[>]") -
>       the Privicon token.  It contains all valid Privicons, the Privicon
>       icon set.
> 
>    I  I will be substituted by an integer number >= 0.
> 
>    description  Contains the description of the Privicon as defined in
>       Semantics (Section 3).
> 
>    subject  Is the e-mail message subject field, see [RFC5322].
> 
>    CRLF  Is the carriage return/line feed pair written in this document
>       as "CRLF".  A line is a series of characters that is delimited
>       with the two characters carriage-return and line-feed; that is,
>       the carriage return (CR) character (ASCII value 13) followed
>       immediately by the line feed (LF) character (ASCII value 10), as
>       described in section2.1 in [RFC5322]

These definitions need to be formatted to more clearly 
distinguish the term from its definition. Perhaps like the 
"privicon" definition.

> 2.2.  First-Line(s) of Message body
> 
>    An indication of the Privacy Preference can be given in the first
>    line of the body of an e-mail message.

The definition of "first line" is not at all clear except for a 
TEXT/PLAIN body.

In the case of a TEXT/HTML body, the intent seems to be that the 
first line is the topmost "line" visible to the Receiving User. 
However, since the "first line" privicon is the determining 
specification in the case of disagreements and the MUA is 
expected to "enforce" this, the MUA must be able to *find* the 
privicon. This could be difficult for the MUA with sophisticated 
HTML code.

For bodies such as IMAGE/*, AUDIO/*, VIDEO/*, MODEL/*, or 
APPLICATION/* how is the "first line" to be found?

In the case of a MESSAGE/* the first line would be part of the 
embedded message's header and would probably cause a parse error.

In the case of MULTIPART/MIXED the first line would presumably be 
the "first line" of whatever the first embedded part is. And in 
the case of MULTIPART/ALTERNATIVE the first line would have to be 
the "first line" of each embedded version with a method of 
resolving conflicts there, too.

The remaining MULTIPART/* type bodies would have similar issues.

> 
>    The expression MUST be followed by a text giving a short explanation
>    the meaning of the expressions.  It is RECOMMENDED to use the
>    following text, although localization into other languages is also
>    encouraged, albeit not lined out in this document.

The use of MUST here without specifying the required text is 
unenforceable and is better expressed with a SHOULD.
   .
   .
   .
> 2.4.  Header
> 
>    An indication of the Privacy Preference MAY be given in the header of
>    an e-mail message, for this purpose the following field is defined,
>    extending in section 3.6 in [RFC5322] the field definition, thereof.

As mentioned above this MAY conflicts with the MUST earlier in the spec.

> 
>    priviconfield  = "Privicon:" whitespace privicon CRLF

I find the requirement of a single space character following the 
colon to be objectionable, this is not Usenet! There should also 
be provision for a comment or explanatory text following the 
privicon.
   .
   .
   .
> 2.5.  Footer
> 
>    Separated by --
> 
>    The Footer MAY be located within the signature as described in
>    section 4.3 in [RFC3676] .  It contains a paragraph that describes
>    what the Sending User of the e-mail message intended when she chooses
>    the selected Privicon.
> 
>    A clarification MAY be added that a conflict between header and
>    first-line would lead to the first-line to be authoritative.

The preceding paragraph seems out of place.

> 
>    footer  = CRLF "-- " CRLF footertext
> 
>    footertext  = firstLine CRLF description
> 
>    For example:
> 
>       --
> 
>       [X] - Keep private
> 
>       The "Keep secret" Privicon asks the Receiving User to keep the
>       received e-mail message secret.

This example seems to imply that the "firstLine" is the first 
non-blank line, does this also apply to the body "first line"?

> 
>    Note: Footnote may violates [RFC1855] Page4 - do not use more than 4
>    lines signature.
> 
>    The Footnote is just informative not authoritative

By "Footnote" here do you mean "Footer"?
   .
   .
   .
> 3.  Semantics
   .
   .
   .
> 3.1.2.  [/] Don't print
> 
>    The "Don't print" Privicon asks the Receiving User to not print the
>    received e-mail message.

It is not clear what privacy issue is being addressed with the 
"Don't print" privicon. If the Receiving User can more easily 
keep a message private by printing it, locking it in a safe, and 
deleting the electonic copy, why would the Sending User object?

What danger does the Sending User prevent with this option?
   .
   .
   .
> 3.2.  Multiple Privicons
> 
>    Possible:  Y
> 
>    Impossible:  N
> 
>    Does not apply:  X
> 
>    As secondary option, potentially, and if first preference is
>    overruled:

The preceding paragraph is not clear. Do the privicons "OR" 
together or replace the first with the second under some 
conditions?

> 
>                 +-----+-----+-----+-----+-----+-----+-----+
>                 |     | [X] | [/] | [=] | [-] | [o] | [>] |
>                 +-----+-----+-----+-----+-----+-----+-----+
>                 | [X] |  X  |  Y  |  Y  |  N  |  N  |  N  |
>                 | [/] |  Y  |  X  |  Y  |  Y  |  Y  |  Y  |
>                 | [=] |  Y  |  Y  |  X  |  Y  |  Y  |  N  |
>                 | [-] |  N  |  Y  |  Y  |  X  |  Y  |  Y  |
>                 | [o] |  N  |  N  |  Y  |  Y  |  X  |  N  |
>                 | [>] |  N  |  Y  |  N  |  Y  |  N  |  X  |
>                 +-----+-----+-----+-----+-----+-----+-----+
> 
>              Table 1: Matrix of all combinations of Privicons.

This table is not symmetrical, so which is the first privicon and 
which is the second? Otherwise, explain why [/] and [o] cannot be in 
either order.
   .
   .
   .
> 4.  IANA Considerations
> 
>    This document introduces a new field in the e-mail header, as
>    described in the header (Section 2.4) section.

The first use of the word "header" in the preceding paragraph is 
correct, but the second is not!
   .
   .
   .
> Appendix A.  Example e-mail message
> 
>    This is an example Privicon e-mail message (Figure 1).
> 
>      Message-ID: <4C3203D3.60109 <at> ulikoenig.com>
>      Date: Mon, 05 Jul 2010 23:59:00 +0200
>      From: Ulrich Koenig <rfc <at> ulikoenig.com>
>      To: Jan Schallaboeck <uld62 <at> datenschutzzentrum.de>
>      Subject: [>] last update for Privicons RFC
>      Privicon: [>]
>      Content-Type: text/plain; charset=ISO-8859-15
>      Content-Transfer-Encoding: quoted-printable
>      [>] Please share
> 
>      Hey Jan,
> 
>      please check the IETF Website for our Privicons RFC! ;)
> 
>      best Ulrich
> 
>      --=20
>      [>] Please share
>      The "Please share" Privicon asks the Receiving User to share this
>      e-mail message with everyone she likes.
> 
>           Figure 1: Example of an e-mail message using a Privicon

This example places the (presumably first body line) privicon as 
part of the message header and thus will cause a syntax error and 
likely make the privicon invisible to the Receiving User.
   .
   .
   .
> B.1.  User agent behaviour
> 
>    This section gives developers of e-mail message user agents (MUA) or
>    plug-ins for MUAs instructions how to integrate the Privicons in the
>    client.
> 
>    An MUA implementing this RFC MUST enable the user at any time to
>    overrule the received Privicon.  The user SHOULD also be able to set
>    a default for always overruling in her client.  The rest of the
>    instructions in this section are OPTIONAL.

If the following instructions are OPTIONAL, the use of 12 "MUST"s 
in them is hard to justify.
   .
   .
   .
> B.1.2.  [X] Keep secret
> 
>    The "Keep private" Privicon asks the Receiving User to keep the
>    received e-mail message secret.
> 
> B.1.2.1.  EVENT: Forward/Reply to third Person
> 
>    If the Receiving User wants to forward or reply-to the e-mail message
>    to a third person, that is not the original Sending User, than the
>    Receiving User MUST be informed, that she is going to violate the
>    included Privicon and she MUST confirm that she is willing to do this
>    before the e-mail message is sent.

It seems to me that the list of *all* of the From: addresses, the 
Sender: address, and the To: addresses should be considered as 
non-third party addresses since they presumably are all aware of 
the message already.
   .
   .
   .
> B.1.4.  [=] Delete after reading, I days or on date
> 
> B.1.4.1.  EVENT: Closing Mail
> 
>    If the Receiving User closes the e-mail message, she MUST be
>    informed, that the e-mail message SHOULD be deleted after X days.
> 
>    The user MUST confirm whenever she closes the e-mail message, hat the
>    e-mail message is deleted immediately.

The preceding paragraph is not clear.
   .
   .
   .
> B.1.4.1.1.  Option a) delete after reading
> 
>    The above confirmation MUST ask the user, whether
> 
>    o  ignore, do not decide now, ask me again next time,
> 
>    o  delete or move into a "to be deleted" folder, as indicated in the
>       preferences or
> 
>    o  ask again after a specified period.

Where is the option to tell the MUA "Do NOT delete, and never 
bother me again."?

> 
> B.1.4.1.2.  Option b) delete after X days
> 
>    The above confirmation MUST ask the user, whether
> 
>    o  ignore, do not decide now, ask me again next time,
> 
>    o  delete now,
> 
>    o  delete after X days automatically or
> 
>    o  ask me in X days.

Where is the option to tell the MUA "Do NOT delete, and never 
bother me again."?

> B.1.4.1.3.  Option c) delete on date
> 
>    The above confirmation MUST ask the user, whether
> 
>    o  ignore, do not decide now, ask me again next time,
> 
>    o  delete now,
> 
>    o  delete on date automatically or
> 
>    o  ask me on date.

Where is the option to tell the MUA "Do NOT delete, and never 
bother me again."?

> 
> B.1.5.  [-] No attribution
> 
> B.1.5.1.  EVENT: reply, forward, store
> 
>    If the Receiving User wants to forward or reply to a third person or
>    store the e-mail message, she MUST be informed, that the Sending User
>    doesn't want to be mentioned and MUST confirm that she is willing to
>    overrule the Sending Users wish or remove any occurrence of the
>    Sending User in the e-mail message (Header and Body).  The removal of
>    the Sending User MAY be done by the user agent automatically.

Esactly how can the MUA determine in the *body* that the Sending 
User identity has been removed?
   .
   .
   .
> B.1.6.  [o] Keep internal
> 
>    If the Receiving User has defined what "internal" means to her, the
>    following rules in the "Keep internal" subsection only apply if at
>    least one of the Receiving Users are not part of her internal
>    definition.
> 
>    If the Receiving User wants to forward or reply the e-mail message to
>    a third person, the user MUST be informed that she SHOULD check if
>    the third person is really part of the group that the Sending User
>    intended to be internal and MUST confirm that she really to send this
>    e-mail message.

Should the Sending User and all Receiving Users be considered as 
added to "internal" automatically for the purposed of this reply 
of forward?
   .
   .
   .
> B.3.  Transparency (OPTIONAL)
> 
>    If a Receiving User forwards or replies an e-mail message containing
>    a Privicon to a third person, the original Sending User OPTIONAL get
>    a copy via carbon copy or a blind carbon copy by default.  The
>    Receiving User MUST be able overrule this.  She also SHOULD be able
>    to disable the default sending of a copy in the user preferences.

It may be appropriate to forward the privicons of the original 
message, optionally.

--

-- 
Bill McQuillan <McQuilWP <at> pobox.com>
Permalink | Reply | 0 comments |
headers
Alexey Melnikov | 20 Apr 23:45
Favicon

[Fwd: [apps-discuss] Call for adoption of draft-kucherawy-mta-malformed-00.txt as an APPSAWG document]

FYI.
Favicon
From: Alexey Melnikov <alexey.melnikov <at> isode.com>
Subject: [apps-discuss] Call for adoption of draft-kucherawy-mta-malformed-00.txt as an APPSAWG document
Date: 2011-04-20 21:38:30 GMT
Dear APPSAWG participants,
There has been an active discussion about the document this week. Given 
that, I would like to ask the following questions:

1). Who is willing to review and post comments on the document if the WG 
accepts this document as a WG document?

2). Are there any objections to accepting this document as a WG document?

If you have an objection, please be explicit about the nature of the 
objection (for example, if you think the document is harmful and 
shouldn't be worked on). Note that just saying that you don't like the 
document is not a good enough reason without further explanation.

Explicit statements in favor of accepting are welcomed as well. But 
please also respond if you find objections by others to be objectionable 
;-).

You can send both objections and your statements of support directly to 
me (if you wish) or to the mailing list.

Please send your responses by the end of April 29th.

Alexey,
as an APPSAWG co-chair

--

-- 
Internet Messaging Team Lead, <http://www.isode.com>
JID: same as my email address
twitter: aamelnikov

_______________________________________________
apps-discuss mailing list
apps-discuss <at> ietf.org
https://www.ietf.org/mailman/listinfo/apps-discuss
Permalink | Reply | 0 comments |
headers
Murray S. Kucherawy | 14 Apr 21:07

FW: Comments on Malformed Message BCP draft

This is some work starting up in the APPS area.  Please comment on the apps-discuss list if you’re interested in participating.

 

From: apps-discuss-bounces <at> ietf.org [mailto:apps-discuss-bounces <at> ietf.org] On Behalf Of Simon Tyler
Sent: Thursday, April 14, 2011 2:59 AM
To: apps-discuss <at> ietf.org
Subject: [apps-discuss] Comments on Malformed Message BCP draft

 

Hi,
 
Having read the Malformed Message BCP draft I am interested in getting some discussion going on its content and to find the best way forward.
 
For those who missed it, the draft is at:

https://www1.tools.ietf.org/html/draft-kucherawy-mta-malformed-00

I have a few comments on it.

One thing that concerns me is the proposal that processing should stop when certain malformations are identified.

For example it is proposed that should a badly wrapped header field be found (quite how we define this is left open, I presume a line that does not start with a valid header field name followed by a colon) then the processing agent should treat this as the end of the header. My feeling is that this opens up a greater potential hole than the one closed and that can be exploited.

An example of the type of issue this could is cause is that should such a malformation occur before the MIME header fields in the header then this would cause the rest of the header and the message body to be treated as plain text. This could cause content analysis system to fail as they would not interpret the MIME content in the way that was presumably intended.

Given that these recommendations are unlikely to be followed by all clients and servers, I feel that this suggestion will allow content through an agent without suitable processing. My preference on this particular malformation would be to continue processing the header fields, this is based on the assumption that what follows the malformed header field is more likely to be further header fields and not body content. What we do with the malformed header field I am less certain about. We could just ignore it or we could treat it as part of the previous header field - both will be right as often as they wrong. I would welcome some additional thoughts on this.

I have similar feelings about some of the other suggestions including the lack of a MIME-Version header. We cannot ignore intended meaning just because a non-compliant application made a small error in the header fields. Everyone will be best served if we subject such messages to more analysis, not less.

On the whole I think a set of guidelines in this area is good but it will be hard to reach consensus without agreement on some basic underlying principles.  I would suggest that one such principle is to try to do what the intended recipient would most likely prefer, which is generally to fix and deliver non-spam messages.

I would also propose some additions to the draft. At Mimecast we see a lot of messages generated by all sorts of systems and amongst these we see a lot of different kinds of message malformations.

I'll suggest more as I think of them but for starters here are a few:

1. Excessively long lines in both headers and body. I commonly see lines that are several hundred Kbs in length. These are often valid messages in the sense that the content is desired by the receiver and in all respects other than line length are well formed. Obviously a limit has to be enforced and I would like to find a consensus on what sort of limit is reasonable. Initially I felt 8K was a good limit - it is after all 8 times the limit in RFC 5321. But it appears that this is too small a limit in real situations. When the limit is exceeded, what is the best option – a rejection or  forced line wrap. I am open to both.

2. Invalid characters in headers. I often see headers with un-encoded 8bit characters. These are often displayed correctly to the recipient where the client happens upon the correct character set by virtue of chance.
 
3. 8bit characters in MIME sections with a content-transfer-encoding of 7bit.

If you have read this far then I think you will agree with me that Murray has made a good start on a much needed set of guidelines. Now let's see if we can support him to expand on the work he has done and reach a consensus on the best approaches.

Simon 

_______________________________________________
apps-discuss mailing list
apps-discuss <at> ietf.org
https://www.ietf.org/mailman/listinfo/apps-discuss
Permalink | Reply | 55 comments |
headers
Murray S. Kucherawy | 8 Nov 06:40

FW: New Version Notification for draft-kucherawy-rfc3462bis-00

Another effort that was mentioned here previously.  This one is just a re-posting of RFC3462
(multipart/report) removing the must-be-outermost-MIME-type restriction.

Comments welcome.

-MSK
Picon Favicon
From: IETF I-D Submission Tool <idsubmission <at> ietf.org>
Subject: New Version Notification for draft-kucherawy-rfc3462bis-00
Date: 2010-11-08 05:19:58 GMT

A new version of I-D, draft-kucherawy-rfc3462bis-00.txt has been successfully submitted by Murray
Kucherawy and posted to the IETF repository.

Filename:	 draft-kucherawy-rfc3462bis
Revision:	 00
Title:		 The Multipart/Report Media Type for the Reporting of Mail System Administrative Messages
Creation_date:	 2010-11-07
WG ID:		 Independent Submission
Number_of_pages: 14

Abstract:
The multipart/report Multipurpose Internet Mail Extensions (MIME)
media type is a general "family" or "container" type for electronic
mail reports of any kind.  Although this memo defines only the use of
the multipart/report media type with respect to delivery status
reports, mail processing programs will benefit if a single media type
is used to for all kinds of reports.
                                                                                  


The IETF Secretariat.
Permalink | Reply | 4 comments |
headers
Murray S. Kucherawy | 8 Nov 06:28

FW: New Version Notification for draft-kucherawy-mta-malformed-00

Some time ago I started looking into what the consensus is for various MTAs' handling of common
malformations of email messages and MIME structures.  The collected wisdom thus obtained so far appears
in the draft I've introduced, which is only meant as a starting point for such a collection of other cases.

There was some consensus that this would be a useful effort to start, so here I am starting it.  :-)

Please do feel free to review what's there and comment, and also submit suggestions for other cases that
might be of interest to record for future implementers.

-MSK
Picon Favicon
From: IETF I-D Submission Tool <idsubmission <at> ietf.org>
Subject: New Version Notification for draft-kucherawy-mta-malformed-00
Date: 2010-11-08 05:20:24 GMT

A new version of I-D, draft-kucherawy-mta-malformed-00.txt has been successfully submitted by Murray
Kucherawy and posted to the IETF repository.

Filename:	 draft-kucherawy-mta-malformed
Revision:	 00
Title:		 Best Current Practices for Handling Malformed Messages
Creation_date:	 2010-11-07
WG ID:		 Independent Submission
Number_of_pages: 8

Abstract:
The email ecosystem has long had a very permissive set of common
processing rules in place despite increasingly rigid standards
governing its components, ostensibly to improve the user experience.
These come at some cost, and various components are faced with
decisions about whether or not to permit non-conforming messages to
continue toward their destinations unaltered, adjust them to conform
(possibly at the cost of losing some of the original message), or
outright rejecting them.

This memo includes a collection of the best current practices in a
variety of such situations, to be used as implementation guidance.
                                                                                  


The IETF Secretariat.
Permalink | Reply | 5 comments |
headers
SM | 29 Sep 06:06

Re: Exception handling


Hi Murray,
At 15:48 28-09-10, Murray S. Kucherawy wrote:
>In some R&D I'm doing I'm comparing numerous MTAs about how they 
>handle things like a non-header line before CRLF between the header 
>and body.  I'm trying to figure out if there's a rough consensus 
>among them about how to handle such exceptions.

Documenting the exception handling is useful.

>Would a compilation of the results of that investigation be a useful 
>candidate for publication as a BCP or Informational?

I suggest Informational.  If you are aiming for consensus on how to 
handle the exceptions, it can end up being more work that it is worth.

Regards,
-sm
Permalink | Reply | 8 comments |
headers
Murray S. Kucherawy | 29 Sep 00:48

Exception handling

In some R&D I’m doing I’m comparing numerous MTAs about how they handle things like a non-header line before CRLF between the header and body.  I’m trying to figure out if there’s a rough consensus among them about how to handle such exceptions.

 

Would a compilation of the results of that investigation be a useful candidate for publication as a BCP or Informational?

 

-MSK

 

Permalink | Reply | 1 comment |
headers
Murray S. Kucherawy | 22 Sep 07:52

multipart/report

I’m doing some work with the OMA in the area of spam reporting.  They have developed an XML message format for reporting spam from a mobile handset.  Because SMS and MMS (and even IM) have different structure than email, they went with something more extensible than what we currently do with DSNs.  I’m helping that group try to converge with what we do in the email world, especially with what the MARF working group is producing (e.g., ARF, specified by recently-published RFC5965).  The first thing is to register the MIME type they’ve created, and so I’ve crafted a template for that.

 

The next thing we’d like to achieve is to be able to specify multiple spam reports in a single message, regardless of transport (they currently use HTTP POST, but there’s no reason SMTP couldn’t be used).  The most obvious thing to do would be to use a multipart/mixed MIME message, and then include their MIME type in each of “n” parts.  However, this is different than what was done with ARF, which used multipart/report.  The advantage to using multipart/report, which stipulates that it must be the outermost MIME type, is that you know right away that you’re processing a report rather than having to parse part way into the MIME tree to figure that out.  (According to Tony Hansen, that’s why this rule was put in place.)  But although multipart/report is the most obvious construct for doing this, it doesn’t lend itself to multi-report messages.  So to get these to converge, we have to be a little creative or be very creative (in the “create a lot of documents” sense).

 

We could do a message/digest, each sub-part of which is message/rfc822 and the MIME type within that is multipart/report.  One could argue that this approach conforms to the multipart/report rules by having that be the outermost MIME part of each constituent message in the aggregate message, but that might be hard to defend given the spirit of that rule.

 

There’s also a stipulation that the MIME subtype of the second part in a multipart/report message must be equal to the report-type of the outermost part, with no other constraints.  Thus to keep multipart/report at the outermost MIME but allow multi-message reports, we could comply by using “multipart/report; report-type=mixed” as the outermost MIME type and then use “multipart/mixed” inside.  But this also sure feels hack-ish.

 

So what would be more palatable to this community?  Could multipart/report be updated to accommodate this use case?  Should we register multipart/multi-report that relaxes some of the existing restrictions without changing the existing media type?

 

Feedback/guidance is welcome.

 

-MSK

Permalink | Reply | 2 comments |

Gmane