draft-ietf-dmarc-eaiauth-02.txt   draft-ietf-dmarc-eaiauth-03.txt 
Network Working Group J. Levine Network Working Group J. Levine
Internet-Draft Taughannock Networks Internet-Draft Taughannock Networks
Updates: 6376, 7208, 7489 (if approved) February 22, 2019 Updates: 6376, 7208, 7489 (if approved) February 27, 2019
Intended status: Standards Track Intended status: Standards Track
Expires: August 26, 2019 Expires: August 31, 2019
E-mail Authentication for Internationalized Mail E-mail Authentication for Internationalized Mail
draft-ietf-dmarc-eaiauth-02 draft-ietf-dmarc-eaiauth-03
Abstract Abstract
SPF (RFC7208), DKIM (RFC6376), and DMARC (RFC7489) enable a domain SPF (RFC7208), DKIM (RFC6376), and DMARC (RFC7489) enable a domain
owner to publish e-mail authentication and policy information in the owner to publish e-mail authentication and policy information in the
DNS. In internationalized e-mail, domain names can occur both as DNS. In internationalized e-mail, domain names can occur both as
U-labels and A-labels. The Authentication-Results header reports the U-labels and A-labels. The Authentication-Results header reports the
result of authentication checks made with SPF, DKIM, DMARC, and other result of authentication checks made with SPF, DKIM, DMARC, and other
schemes. This specification updates the SPF, DKIM, and DMARC schemes. This specification updates the SPF, DKIM, and DMARC
specifications to clarify which form of internationalized domain specifications to clarify which form of internationalized domain
skipping to change at page 1, line 39 skipping to change at page 1, line 39
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on August 26, 2019. This Internet-Draft will expire on August 31, 2019.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 17 skipping to change at page 2, line 17
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3 2. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 3
3. General principles . . . . . . . . . . . . . . . . . . . . . 3 3. General principles . . . . . . . . . . . . . . . . . . . . . 3
4. SPF and internationalized mail . . . . . . . . . . . . . . . 3 4. SPF and internationalized mail . . . . . . . . . . . . . . . 3
5. DKIM and internationalized mail . . . . . . . . . . . . . . . 4 5. DKIM and internationalized mail . . . . . . . . . . . . . . . 4
6. DMARC and internationalized mail . . . . . . . . . . . . . . 4 6. DMARC and internationalized mail . . . . . . . . . . . . . . 5
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 5
8. Security Considerations . . . . . . . . . . . . . . . . . . . 5 8. Security Considerations . . . . . . . . . . . . . . . . . . . 5
9. Normative References . . . . . . . . . . . . . . . . . . . . 5 9. Normative References . . . . . . . . . . . . . . . . . . . . 5
Appendix A. Change history . . . . . . . . . . . . . . . . . . . 6 Appendix A. Change history . . . . . . . . . . . . . . . . . . . 6
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 6 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction 1. Introduction
SPF [RFC7208], DKIM [RFC6376], and DMARC [RFC7489] enable a domain SPF [RFC7208], DKIM [RFC6376], and DMARC [RFC7489] enable a domain
owner to publish e-mail authentication and policy information in the owner to publish e-mail authentication and policy information in the
DNS. SPF primarily publishes information about what host addresses DNS. SPF primarily publishes information about what host addresses
are authorized to send mail for a domain. DKIM places cryptographic are authorized to send mail for a domain. DKIM places cryptographic
signatures on e-mail messages, with the validation keys published in signatures on e-mail messages, with the validation keys published in
the DNS. DMARC publishes policy information related to the domain in the DNS. DMARC publishes policy information related to the domain in
the From: header of e-mail messages. the From: header of e-mail messages.
skipping to change at page 3, line 49 skipping to change at page 3, line 49
be either U-labels or A-labels. be either U-labels or A-labels.
All U-labels MUST be converted to A-labels before being used for an All U-labels MUST be converted to A-labels before being used for an
SPF validation. This includes both the original DNS lookup, SPF validation. This includes both the original DNS lookup,
described in Section 3 of [RFC7208] and the macro expansion of described in Section 3 of [RFC7208] and the macro expansion of
domain-spec described in section 7. Section 4.3 of [RFC7208] states domain-spec described in section 7. Section 4.3 of [RFC7208] states
that all IDNs in an SPF DNS record MUST be A-labels; this rule is that all IDNs in an SPF DNS record MUST be A-labels; this rule is
unchanged since any SPF record can be used to authorize either EAI or unchanged since any SPF record can be used to authorize either EAI or
conventional mail. conventional mail.
SPF macros %s and %l expand the local-part of the sender's mailbox. SPF macros %{s} and %{l} expand the local-part of the sender's
If the local-part contains non-ASCII characters, terms that include mailbox. If the local-part contains non-ASCII characters, terms that
%s or %l do not match anything. (Note that unlike U-labels, there is include %{s} or %{l} do not match anything. (Note that unlike
no way to rewrite non-ASCII local parts into ASCII.) U-labels in domains, there is no way to rewrite non-ASCII local parts
into ASCII.)
5. DKIM and internationalized mail 5. DKIM and internationalized mail
DKIM [RFC6376] specifies a message header that contains a DKIM [RFC6376] specifies a message header that contains a
cryptographic message signature and a DNS record that contains the cryptographic message signature and a DNS record that contains the
validation key. validation key.
Section 2.11 of [RFC6376] defines dkim-quoted-printable. Its Section 2.11 of [RFC6376] defines dkim-quoted-printable. Its
definition is modified in internationalized messages so that non- definition is modified in internationalized messages so that non-
ASCII UTF-8 characters need not be quoted. The ABNF for dkim-safe- ASCII UTF-8 characters need not be quoted. The ABNF for dkim-safe-
char in internationalized messages is replaced by the following: char in internationalized messages is replaced by the following,
adding non-ASCII UTF-8 characters from [RFC3629]:
dkim-safe-char = %x21-3A / %x3C / %x3E-7E / %x80-FF dkim-safe-char = %x21-3A / %x3C / %x3E-7E /
; '!' - ':', '<', '>' - '~', non-ASCII UTF8-2 / UTF8-3 / UTF8-4
; '!' - ':', '<', '>' - '~', non-ASCII
UTF8-2 = <Defined in Section 4 of RFC 3629>
UTF8-3 = <Defined in Section 4 of RFC 3629>
UTF8-4 = <Defined in Section 4 of RFC 3629>
Section 3.5 of [RFC6376] states that IDNs in the d=, i=, and s= tags Section 3.5 of [RFC6376] states that IDNs in the d=, i=, and s= tags
of a DKIM-Signature header MUST be encoded as A-labels. This rule is of a DKIM-Signature header MUST be encoded as A-labels. This rule is
relaxed only for headers in internationalized messages [RFC6532] so relaxed only for headers in internationalized messages [RFC6532] so
IDNs SHOULD be represented as U-labels but MAY be A-labels. This IDNs SHOULD be represented as U-labels but MAY be A-labels. This
provides improved consistency with other headers. The set of provides improved consistency with other headers. The set of
allowable characters in the local-part of an i= tag is extended as allowable characters in the local-part of an i= tag is extended as
described in [RFC6532]. When computing or verifying the hash in a described in [RFC6532]. When computing or verifying the hash in a
DKIM signature as described in section 3.7, the hash MUST use the DKIM signature as described in section 3.7, the hash MUST use the
domain name in the format it occurs in the header. domain name in the format it occurs in the header.
skipping to change at page 5, line 24 skipping to change at page 5, line 40
document attempts to slightly mitigate some of them but does not, as document attempts to slightly mitigate some of them but does not, as
far as the author knows, add any new ones. far as the author knows, add any new ones.
9. Normative References 9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, Requirement Levels", BCP 14, RFC 2119,
DOI 10.17487/RFC2119, March 1997, DOI 10.17487/RFC2119, March 1997,
<https://www.rfc-editor.org/info/rfc2119>. <https://www.rfc-editor.org/info/rfc2119>.
[RFC3629] Yergeau, F., "UTF-8, a transformation format of ISO
10646", STD 63, RFC 3629, DOI 10.17487/RFC3629, November
2003, <https://www.rfc-editor.org/info/rfc3629>.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
DOI 10.17487/RFC5322, October 2008, DOI 10.17487/RFC5322, October 2008,
<https://www.rfc-editor.org/info/rfc5322>. <https://www.rfc-editor.org/info/rfc5322>.
[RFC5890] Klensin, J., "Internationalized Domain Names for [RFC5890] Klensin, J., "Internationalized Domain Names for
Applications (IDNA): Definitions and Document Framework", Applications (IDNA): Definitions and Document Framework",
RFC 5890, DOI 10.17487/RFC5890, August 2010, RFC 5890, DOI 10.17487/RFC5890, August 2010,
<https://www.rfc-editor.org/info/rfc5890>. <https://www.rfc-editor.org/info/rfc5890>.
[RFC5891] Klensin, J., "Internationalized Domain Names in [RFC5891] Klensin, J., "Internationalized Domain Names in
skipping to change at page 6, line 25 skipping to change at page 6, line 43
Message Authentication, Reporting, and Conformance Message Authentication, Reporting, and Conformance
(DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015, (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015,
<https://www.rfc-editor.org/info/rfc7489>. <https://www.rfc-editor.org/info/rfc7489>.
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
Appendix A. Change history Appendix A. Change history
02 to 03 minor edits per Alexey
01 to 02 update references 01 to 02 update references
00 to 01 Relaxed canon, Typos 00 to 01 Relaxed canon, Typos
00 First WG version 00 First WG version
Author's Address Author's Address
John Levine John Levine
Taughannock Networks Taughannock Networks
 End of changes. 11 change blocks. 
13 lines changed or deleted 28 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/