Network Working Group C. Newman Internet-Draft Sun Microsystems Expires: September 20, 2004 March 22, 2004 Message Submission BURL Extension draft-newman-lemonade-burl-00.txt Status of this Memo This document is an Internet-Draft and is in full conformance with all provisions of Section 10 of RFC2026. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http:// www.ietf.org/ietf/1id-abstracts.txt. The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. This Internet-Draft will expire on September 20, 2004. Copyright Notice Copyright (C) The Internet Society (2004). All Rights Reserved. Abstract The submission profile of Simple Mail Transfer Protocol (SMTP) provides a standard way for an email client to submit a complete message for delivery. This specification extends the submission profile by adding a new BURL command which can be used to fetch submission data from an Internet Message Access Protocol (IMAP) server. This permits a mail client to inject content from an IMAP server into the SMTP infrastructure without downloading it to the client and uploading it back to the server. Newman Expires September 20, 2004 [Page 1] Internet-Draft Message Submission BURL Extension March 2004 Table of Contents 1. Conventions Used in this Document . . . . . . . . . . . . . . 3 2. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3 3. BURL Submission Extension . . . . . . . . . . . . . . . . . . 3 3.1 SMTP Submission Extension Registration . . . . . . . . . . . . 3 3.2 BURL Transaction . . . . . . . . . . . . . . . . . . . . . . . 4 3.3 The BURL IMAP Option . . . . . . . . . . . . . . . . . . . . . 4 3.4 Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 3.5 Formal Syntax . . . . . . . . . . . . . . . . . . . . . . . . 6 4. 8-bit and Binary . . . . . . . . . . . . . . . . . . . . . . . 6 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 6. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Document History . . . . . . . . . . . . . . . . . . . . . . . 7 7.1 Changes from -01 . . . . . . . . . . . . . . . . . . . . . . . 7 7.2 Changes from -00 . . . . . . . . . . . . . . . . . . . . . . . 7 Normative References . . . . . . . . . . . . . . . . . . . . . 8 Informative References . . . . . . . . . . . . . . . . . . . . 8 Author's Address . . . . . . . . . . . . . . . . . . . . . . . 9 Intellectual Property and Copyright Statements . . . . . . . . 10 Newman Expires September 20, 2004 [Page 2] Internet-Draft Message Submission BURL Extension March 2004 1. Conventions Used in this Document The key words "MUST", "MUST NOT", "SHOULD", "SHOULD NOT", and "MAY" in this document are to be interpreted as defined in "Key words for use in RFCs to Indicate Requirement Levels" [2]. The formal syntax use the Augmented Backus-Naur Form (ABNF) [4] notation including the core rules defined in Appendix A of RFC 2234. 2. Introduction This specification defines an extension to the standard Message Submission [6] protocol to permit data to be fetched from an IMAP server at message submission time. This MAY be used in conjuction with the CHUNKING [10] mechanism so that chunks of the message can come from an external IMAP server. This provides the ability to forward an email message without first downloading it to the client. 3. BURL Submission Extension This section defines the BURL submission extension. 3.1 SMTP Submission Extension Registration 1. The name of this submission extension is "BURL". This extends the Message Submission protocol on port 587 and MUST NOT be advertised by a regular SMTP [8] server on port 25. Compliant submission clients MUST attempt to use port 587 prior to falling back to port 25, unless explicitly configured to do otherwise by the user. 2. The EHLO keyword value associated with the extension is "BURL". 3. The BURL EHLO keyword will have zero or more arguments. The only argument defined at this time is the "imap" argument, which MUST be present in order to use IMAP URLs with BURL. Clients MUST ignore other arguments after the BURL EHLO keyword unless they are defined by a subsequent IETF standards track specification. The arguments which appear after the BURL EHLO keyword may change subsequent to the use of SMTP AUTH [7], so a server which advertises BURL with no arguments prior to authentication indicates that BURL is supported but authentication is required to use it. 4. This extension adds the BURL SMTP verb. This verb is used as a replacement for the DATA command and is only permitted during a mail transaction after at least one successful recipient. Newman Expires September 20, 2004 [Page 3] Internet-Draft Message Submission BURL Extension March 2004 3.2 BURL Transaction When a BURL-aware client connects to a submit server with the BURL extension, it will first authenticate (using SMTP AUTH and perhaps STARTTLS), and then can submit any number of messages with full interoperability with important SMTP extensions such as delivery status notifications [17]. A simple BURL transaction will consist of MAIL FROM, one or more RCPT TO headers and a BURL command with the "LAST" tag. The BURL command will include an IMAP URL pointing to a fully formed message ready for injection into the SMTP infrastructure. If PIPELINING [9] is advertised, the client MAY send the entire transaction in one round trip. If no valid RCPT TO address is supplied, the BURL command will simply fail and no resolution of BURL arguments will be performed. If at least one valid RCPT TO address is supplied, then the BURL argument will be resolved before the server responds to the command. A more sophisticated BURL transaction occurs when the server also advertises CHUNKING [10]. In this case, the BURL and BDAT commands may be interleaved until one of them terminates the transaction with the "LAST" argument. If PIPELINING [9] is also advertise, then the client may pipeline the entire transaction in one round-trip. However, it MUST wait for the results of the "LAST" BDAT or BURL command prior to initiating a new transaction. The BURL command directs the server to fetch the data object to which the URL refers and include it in the message. If the URL fetch fails, the server will fail the entire transaction. 3.3 The BURL IMAP Option When "imap" is present in the space-separated list of arguments following the BURL EHLO keyword, that indicates the BURL command supports IMAP URLs [3] with the URLAUTH [13] extended form. Subsequent to a successful SMTP AUTH command, the submission server MAY indicate a pre-arranged trust relationship with a specific IMAP server by including a BURL EHLO keyword argument of the form "imap:// imap.example.com". In this case, the submission server will permit a regular IMAP URL to mailboxes on imap.example.com which the user who authenticated to the submit server can access. Newman Expires September 20, 2004 [Page 4] Internet-Draft Message Submission BURL Extension March 2004 3.4 Examples In examples, "C:" and "S:" indicate lines sent by the client and server respectively. If a single "C:" or "S:" label applies to multiple lines, then the line breaks between those lines are for editorial clarity only and are not part of the actual protocol exchange. Two successful submissions (without and with pipelining) follow: C: EHLO potter.example.com S: 250-owlry.example.com S: 250-8BITMIME S: 250-BURL imap S: 250-AUTH PLAIN S: 250-DSN S: 250 ENHANCEDSTATUSCODES C: AUTH PLAIN aGFycnkAaGFycnkAYWNjaW8= S: 235 2.7.0 PLAIN authentication successful. C: MAIL FROM: S: 250 2.5.0 Address Ok. C: RCPT TO: S: 250 2.1.5 ron@gryffindor.example.com OK. C: BURL imap://harry@gryffindor.example.com/outbox ;uidvalidity=1078863300/;uid=25;urlauth=submit+harry :internal:91354a473744909de610943775f92038 LAST S: 250 2.5.0 Ok. C: EHLO potter.example.com S: 250-owlry.example.com S: 250-8BITMIME S: 250-PIPELINING S: 250-BURL imap S: 250-AUTH PLAIN S: 250-DSN S: 250 ENHANCEDSTATUSCODES C: AUTH PLAIN aGFycnkAaGFycnkAYWNjaW8= C: MAIL FROM: C: RCPT TO: C: BURL imap://harry@gryffindor.example.com/outbox ;uidvalidity=1078863300/;uid=25;urlauth=submit+harry :internal:91354a473744909de610943775f92038 LAST S: 235 2.7.0 PLAIN authentication successful. S: 250 2.5.0 Address Ok. S: 250 2.1.5 ron@gryffindor.example.com OK. S: 250 2.5.0 Ok. Newman Expires September 20, 2004 [Page 5] Internet-Draft Message Submission BURL Extension March 2004 Some example failure cases: C: MAIL FROM: C: RCPT TO: C: BURL imap://harry@gryffindor.example.com/outbox ;uidvalidity=1078863300/;uid=25;urlauth=submit+harry :internal:91354a473744909de610943775f92038 LAST S: 250 2.5.0 Address Ok. S: 550 5.7.1 Relaying not allowed: malfoy@slitherin.example.com S: 554 5.5.0 No recipients have been specified. C: MAIL FROM: C: RCPT TO: C: BURL imap://harry@gryffindor.example.com/outbox ;uidvalidity=1078863300/;uid=25;urlauth=submit+harry :internal:71354a473744909de610943775f92038 LAST S: 250 2.5.0 Address Ok. S: 250 2.1.5 ron@gryffindor.example.com OK. S: 554 5.7.0 IMAP URL authorization failed 3.5 Formal Syntax The following syntax specification inherits ABNF [4] and Uniform Resource Identifiers [5]. burl-param = "imap" / ("imap://" authority) ; parameter to BURL EHLO keyword burl-cmd = "BURL" SP absoluteURI [SP end-marker] CRLF end-marker = "LAST" 4. 8-bit and Binary The BURL server MUST advertise 8BITMIME [1] and perform the downconversion described in that specification on the resulting complete message if 8-bit data is received with the BURL command and passed to a 7-bit server. If the URL argument to BURL refers to binary data, then the submit server MAY refuse the command or downconvert as described in Binary SMTP [10]. The Submit server MAY refuse to accept a BURL command or combination of BURL and BDAT commands which result in unencoded 8-bit data in mail or MIME [16] headers. Newman Expires September 20, 2004 [Page 6] Internet-Draft Message Submission BURL Extension March 2004 5. IANA Considerations When this is published as an RFC, the "BURL" SMTP extension as described in Section 3 will be registered. This registration will be marked as for use by message submission [6] only in the registry. 6. Security Considerations A separate specification discussing security details of this proposal and counter-proposals is forthcoming. Implementations which support the URLAUTH [13] form of IMAP URLs SHOULD implement both the SMTP STARTTLS [11] and the IMAP STARTTLS [12] extensions and MUST have a configuration setting which requires their use with such IMAP URLs. When a client uses SMTP STARTTLS to send a BURL command which references non-public information, the message submission server MUST use STARTTLS or a mechanism providing equivalent data privacy when resolving that URL. 7. Document History 7.1 Changes from -01 o Removed the conversion argument to BURL to simplify. o Replace the conversion section with the simpler 8-bit and Binary section. o Removed the failhow argument to simplify and eliminate race-condition which bothered people. o Simplify specification to eliminate "composition" model and just focus on BURL command. o Make it clear that BURL can be used without the chunking extension. 7.2 Changes from -00 o Added the end-marker "LAST", so this could be used without BDAT and works with a pre-composed message. o Changed "Message Composition" to "Message Submission with Composition" in several places. Newman Expires September 20, 2004 [Page 7] Internet-Draft Message Submission BURL Extension March 2004 o Correct Spelling Errors Normative References [1] Klensin, J., Freed, N., Rose, M., Stefferud, E. and D. Crocker, "SMTP Service Extension for 8bit-MIMEtransport", RFC 1652, July 1994. [2] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997. [3] Newman, C., "IMAP URL Scheme", RFC 2192, September 1997. [4] Crocker, D. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", RFC 2234, November 1997. [5] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998. [6] Gellens, R. and J. Klensin, "Message Submission", RFC 2476, December 1998. [7] Myers, J., "SMTP Service Extension for Authentication", RFC 2554, March 1999. [8] Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April 2001. [9] Freed, N., "SMTP Service Extension for Command Pipelining", STD 60, RFC 2920, September 2000. [10] Vaudreuil, G., "SMTP Service Extensions for Transmission of Large and Binary MIME Messages", RFC 3030, December 2000. [11] Hoffman, P., "SMTP Service Extension for Secure SMTP over Transport Layer Security", RFC 3207, February 2002. [12] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1", RFC 3501, March 2003. [13] Crispin, M. and C. Newman, "Internet Message Access Protocol (IMAP) - URLAUTH Extension", draft-crispin-imap-urlauth-06 (work in progress), January 2004. Informative References [14] Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821, Newman Expires September 20, 2004 [Page 8] Internet-Draft Message Submission BURL Extension March 2004 August 1982. [15] Freed, N., "SMTP Service Extension for Returning Enhanced Error Codes", RFC 2034, October 1996. [16] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, November 1996. [17] Moore, K., "Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications (DSNs)", RFC 3461, January 2003. Author's Address Chris Newman Sun Microsystems 1050 Lakes Drive West Covina, CA 91790 US EMail: chris.newman@sun.com Newman Expires September 20, 2004 [Page 9] Internet-Draft Message Submission BURL Extension March 2004 Intellectual Property Statement The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director. Full Copyright Statement Copyright (C) The Internet Society (2004). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION Newman Expires September 20, 2004 [Page 10] Internet-Draft Message Submission BURL Extension March 2004 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society. Newman Expires September 20, 2004 [Page 11]