draft-josefsson-openpgp-mailnews-header-01.txt | draft-josefsson-openpgp-mailnews-header-02.txt | |||
---|---|---|---|---|
Network Working Group A. Smasher | Network Working Group A. Smasher | |||
Internet-Draft S. Josefsson | Internet-Draft S. Josefsson | |||
Expires: November 26, 2005 May 25, 2005 | Expires: March 27, 2006 September 23, 2005 | |||
The OpenPGP mail and news header | The OpenPGP mail and news header | |||
draft-josefsson-openpgp-mailnews-header-01 | draft-josefsson-openpgp-mailnews-header-02 | |||
Status of this Memo | Status of this Memo | |||
By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
This Internet-Draft will expire on November 26, 2005. | This Internet-Draft will expire on March 27, 2006. | |||
Copyright Notice | Copyright Notice | |||
Copyright (C) The Internet Society (2005). | Copyright (C) The Internet Society (2005). | |||
Abstract | Abstract | |||
This document describes the OpenPGP mail and news header field. The | This document describes the OpenPGP mail and news header field. The | |||
field provide information about the sender's OpenPGP key. | field provide information about the sender's OpenPGP key. | |||
See <http://josefsson.org/openpgp-header/> for more information. | See <http://josefsson.org/openpgp-header/> for more information. | |||
Table of Contents | Table of Contents | |||
1. Preface . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
2. Background and Motivation . . . . . . . . . . . . . . . . . 3 | 2. Background and Motivation . . . . . . . . . . . . . . . . . . 3 | |||
3. OpenPGP Header Field . . . . . . . . . . . . . . . . . . . . 4 | 3. OpenPGP Header Field . . . . . . . . . . . . . . . . . . . . . 4 | |||
3.1 Primary Key ID field: id . . . . . . . . . . . . . . . . . 5 | 3.1. Primary Key ID field: id . . . . . . . . . . . . . . . . . 5 | |||
3.2 Key URL field: url . . . . . . . . . . . . . . . . . . . . 5 | 3.2. Key URL field: url . . . . . . . . . . . . . . . . . . . . 5 | |||
4. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3.3. Protection Preference Field: preference . . . . . . . . . 6 | |||
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
6. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 6 | 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | 6. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
8. Security Considerations . . . . . . . . . . . . . . . . . . 6 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . 7 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
10. Copying conditions . . . . . . . . . . . . . . . . . . . . . 8 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 10. Copying conditions . . . . . . . . . . . . . . . . . . . . . . 9 | |||
11.1 Normative References . . . . . . . . . . . . . . . . . . 8 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
11.2 Informative References . . . . . . . . . . . . . . . . . 9 | 11.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 9 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 10 | |||
Intellectual Property and Copyright Statements . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
Intellectual Property and Copyright Statements . . . . . . . . . . 12 | ||||
1. Preface | 1. Preface | |||
This document is intended to define the "OpenPGP" message header. | This document is intended to define the "OpenPGP" message header. | |||
This header should be considered "informational" (and "optional"), | This header should be considered "informational" (and "optional"), | |||
and be suitable for both mail [8] and netnews [1] messages. This | and be suitable for both mail [8] and netnews [1] messages. This | |||
header should be used to provide information about the sender's | header should be used to provide information about the sender's | |||
OpenPGP [7] key. This header MAY be used in any message. | OpenPGP [7] key. This header MAY be used in any message. | |||
This document should be interpreted within the context of RFC 2822. | This document should be interpreted within the context of RFC 2822. | |||
skipping to change at page 4, line 34 | skipping to change at page 4, line 36 | |||
In the Augmented BNF [5] notation, an OpenPGP header field is defined | In the Augmented BNF [5] notation, an OpenPGP header field is defined | |||
as below. By itself, however, this grammar is incomplete. It refers | as below. By itself, however, this grammar is incomplete. It refers | |||
by name to several syntax rules that are defined by RFC 2822 and the | by name to several syntax rules that are defined by RFC 2822 and the | |||
URI syntax document [6]. Rather than reproduce those definitions | URI syntax document [6]. Rather than reproduce those definitions | |||
here, and risk unintentional differences between the two, this | here, and risk unintentional differences between the two, this | |||
document refer the reader to RFC 2822 and RFC 2396 for the definition | document refer the reader to RFC 2822 and RFC 2396 for the definition | |||
of non-terminals. | of non-terminals. | |||
Unrecognized parameters MUST be ignored. The grammar permit them to | Unrecognized parameters MUST be ignored. The grammar permit them to | |||
allow for future extensions. This header SHOULD NOT appear more than | allow for future extensions. This header SHOULD NOT appear more than | |||
once within a message. A given parameter type (i.e., "id" or "url") | once within a message. A given parameter type (i.e., "id", "url" or | |||
may appear no more than once. | "preference") MUST NOT occur more than once. | |||
openpgp := "OpenPGP:" id-or-url / | openpgp := "OpenPGP:" | |||
(openpgp-parameter *(";" openpgp-parameter)) | (openpgp-parameter *(";" openpgp-parameter)) | |||
CRLF | CRLF | |||
id-or-url := id / url | ||||
id := *HEXDIG | id := *HEXDIG | |||
url := absoluteURI ; Defined in RFC 2396. | url := absoluteURI ; Defined in RFC 2396. | |||
preference := "sign" / "encrypt" / "signencrypt" / "unprotected" | ||||
openpgp-parameter | openpgp-parameter | |||
:= ("id" "=" id) / | := ("id" "=" id) / | |||
("url" "=" url) / | ("url" "=" url) / | |||
("preference" "=" preference) / | ||||
parameter ; See RFC 2045 for definition of parameter. | parameter ; See RFC 2045 for definition of parameter. | |||
3.1 Primary Key ID field: id | 3.1. Primary Key ID field: id | |||
The "id" attribute=value pair, if present, MUST define the primary | The "id" attribute=value pair, if present, MUST define the primary | |||
key ID. The value MUST identify the key ID (in either short or long | key ID. The value MUST identify the key ID (in either short or long | |||
form) or the fingerprint, all using the hexadecimal [14] notation. | form) or the fingerprint, all using the hexadecimal [14] notation. | |||
The length of the field imply the kind of key id, i.e., short or long | The length of the field imply the kind of key id, i.e., short or long | |||
form, or a v3 or v4 key. | form, or a v3 or v4 key. | |||
Note that each of the following examples includes a comment, which is | Note that each of the following examples includes a comment, which is | |||
optional. | optional. | |||
id=12345678 (short key ID) | id=12345678 (short key ID) | |||
id=1234567890ABCDEF (long key ID) | id=1234567890ABCDEF (long key ID) | |||
id=1234567890ABCDEF01234567890ABCDEF0123456 (v4 fingerprint) | id=1234567890abcdef01234567890ABCDEF0123456 (v4 fingerprint) | |||
id=1234567890ABCDEF01234567890ABCDE (v3 fingerprint, deprecated) | id=1234567890ABCDEF01234567890ABCDE (v3 fingerprint, deprecated) | |||
3.2 Key URL field: url | 3.2. Key URL field: url | |||
The "url" attribute=value pair, if present, MUST specify a URL where | The "url" attribute=value pair, if present, MUST specify a URL where | |||
the public key can be found. It is RECOMMENDED to use a common URL | the public key can be found. It is RECOMMENDED to use a common URL | |||
family, such as HTTP [12] or FTP [9]. The URL MUST be fully | family, such as HTTP [12] or FTP [9]. The URL MUST be fully | |||
qualified, MUST explicitly specify a protocol and SHOULD be | qualified, MUST explicitly specify a protocol and SHOULD be | |||
accessible on the public Internet. | accessible on the public Internet. | |||
For example: | For example: | |||
url=http://example.org/pgp.txt | url=http://example.org/pgp.txt | |||
3.3. Protection Preference Field: preference | ||||
The "preference" attribute=value pair, if present, specify the | ||||
quality of protection preferred by the sender. The available choices | ||||
are "unprotected" which means that the sender prefer not to receive | ||||
OpenPGP protected e-mails. A "sign" token means that the sender | ||||
prefer to receive digitally signed e-mails. A "encrypt" token means | ||||
that the sender prefer to receive digitally encrypted e-mails. A | ||||
"signencrypt" token means that the sender prefer to receive digitally | ||||
encrypted and signed e-mails. Note that there is no technical | ||||
requirement on the receiver to follow the stated preference. | ||||
For example: | ||||
preference=sign | ||||
preference="unprotected" | ||||
preference=ENCRYPT | ||||
4. Comments | 4. Comments | |||
As discussed in section 3.2.3 of RFC 2822, comments may appear in | As discussed in section 3.2.3 of RFC 2822, comments may appear in | |||
header field bodies. Comments are not intended to be interpreted by | header field bodies. Comments are not intended to be interpreted by | |||
any application, but to provide additional information for humans. | any application, but to provide additional information for humans. | |||
The following are examples of header field bodies with comments: | The following are examples of header field bodies with comments: | |||
id=B565716F (key stored on non-networked laptop) | id=B565716F (key stored on non-networked laptop) | |||
id=12345678 (1024 bit RSA Key for Encrypt or Sign) | id=12345678 (1024 bit RSA Key for Encrypt or Sign) | |||
id=ABCD0123 (created Sun Jan 2 02:25:15 CET 2005) | id=ABCD0123 (created Sun Jan 2 02:25:15 CET 2005) | |||
5. Examples | 5. Examples | |||
These are valid examples of ways in which this header may be used. | These are valid examples of ways in which this header may be used. | |||
This list is not meant to be exhaustive, but do reflect expected | This list is not meant to be exhaustive, but do reflect expected | |||
typical usages. | typical usages. | |||
OpenPGP: 12345678 | ||||
OpenPGP: id=12345678 | OpenPGP: id=12345678 | |||
OpenPGP: http://example.com/key.txt | ||||
OpenPGP: url=http://example.com/key.txt | OpenPGP: url=http://example.com/key.txt | |||
OpenPGP: preference=unprotected | ||||
OpenPGP: url=http://example.com/key.txt; id=12345678 | OpenPGP: url=http://example.com/key.txt; id=12345678 | |||
OpenPGP: id=12345678; url=http://example.com/key.txt | OpenPGP: id=12345678; url=http://example.com/key.txt; | |||
preference=signencrypt | ||||
OpenPGP: url=http://example.com/key.txt (down 2-3pm UTC); | OpenPGP: url=http://example.com/key.txt (down 2-3pm UTC); | |||
id=12345678 (this key is only used at the office) | id=12345678 (this key is only used at the office); | |||
preference=sign (unsigned emails are filtered away) | ||||
6. Open Issues | 6. Open Issues | |||
Should there be a "supports" field, that signal whether the sender | Should there be a "supports" field, that signal whether the sender | |||
support inline PGP or PGP/MIME? As in supports="inline, mime" or | support inline PGP or PGP/MIME? As in supports="inline, mime" or | |||
similar. Should it be in preferred priority order? | similar. Should it be in preferred priority order? This draft | |||
tentatively closes this issue by ignoring the matter, until someone | ||||
proposes text. | ||||
The ABNF definition is known to be under-specified. | The ABNF definition is known to be under-specified. | |||
7. Acknowledgements | 7. Acknowledgements | |||
The content of this document builds on discussions with (in | The content of this document builds on discussions with (in | |||
alphabetical order) Christian Biere, Patrick Brunschwig, Jon Callas, | alphabetical order) Christian Biere, Patrick Brunschwig, Jon Callas, | |||
Peter J. Holzer, Ingo Klocker, Werner Koch, Jochen Kupper, Charles | Peter J. Holzer, Ingo Klocker, Werner Koch, Jochen Kupper, Charles | |||
Lindsey, Aleksandar Milivojevic, Xavier Maillard, Greg Sabino | Lindsey, Aleksandar Milivojevic, Xavier Maillard, Greg Sabino | |||
Mullane, Thomas Roessler, Moritz Schulte, Olav Seyfarth, Thomas | Mullane, Thomas Roessler, Moritz Schulte, Olav Seyfarth, Thomas | |||
skipping to change at page 8, line 24 | skipping to change at page 9, line 24 | |||
makes no guarantees and is not responsible for any damage | makes no guarantees and is not responsible for any damage | |||
resulting from its use. The authors grants irrevocable | resulting from its use. The authors grants irrevocable | |||
permission to anyone to use, modify, and distribute it in any way | permission to anyone to use, modify, and distribute it in any way | |||
that does not diminish the rights of anyone else to use, modify, | that does not diminish the rights of anyone else to use, modify, | |||
and distribute it, provided that redistributed derivative works | and distribute it, provided that redistributed derivative works | |||
do not contain misleading author or version information. | do not contain misleading author or version information. | |||
Derivative works need not be licensed under similar terms. | Derivative works need not be licensed under similar terms. | |||
11. References | 11. References | |||
11.1 Normative References | 11.1. Normative References | |||
[1] Horton, M. and R. Adams, "Standard for interchange of USENET | [1] Horton, M. and R. Adams, "Standard for interchange of USENET | |||
messages", RFC 1036, December 1987. | messages", RFC 1036, December 1987. | |||
[2] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | [2] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | |||
Extensions (MIME) Part One: Format of Internet Message Bodies", | Extensions (MIME) Part One: Format of Internet Message Bodies", | |||
RFC 2045, November 1996. | RFC 2045, November 1996. | |||
[3] Freed, N. and K. Moore, "MIME Parameter Value and Encoded Word | [3] Freed, N. and K. Moore, "MIME Parameter Value and Encoded Word | |||
Extensions: Character Sets, Languages, and Continuations", | Extensions: Character Sets, Languages, and Continuations", | |||
skipping to change at page 9, line 5 | skipping to change at page 10, line 5 | |||
[6] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [6] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
Resource Identifiers (URI): Generic Syntax", RFC 2396, | Resource Identifiers (URI): Generic Syntax", RFC 2396, | |||
August 1998. | August 1998. | |||
[7] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, "OpenPGP | [7] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, "OpenPGP | |||
Message Format", RFC 2440, November 1998. | Message Format", RFC 2440, November 1998. | |||
[8] Resnick, P., "Internet Message Format", RFC 2822, April 2001. | [8] Resnick, P., "Internet Message Format", RFC 2822, April 2001. | |||
11.2 Informative References | 11.2. Informative References | |||
[9] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, | [9] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, | |||
RFC 959, October 1985. | RFC 959, October 1985. | |||
[10] Eastlake, D., "Domain Name System Security Extensions", | [10] Eastlake, D., "Domain Name System Security Extensions", | |||
RFC 2535, March 1999. | RFC 2535, March 1999. | |||
[11] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, | [11] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, | |||
June 1999. | June 1999. | |||
skipping to change at page 9, line 33 | skipping to change at page 11, line 9 | |||
RFC 3548, July 2003. | RFC 3548, July 2003. | |||
[15] Klyne, G., Nottingham, M., and J. Mogul, "Registration | [15] Klyne, G., Nottingham, M., and J. Mogul, "Registration | |||
Procedures for Message Header Fields", BCP 90, RFC 3864, | Procedures for Message Header Fields", BCP 90, RFC 3864, | |||
September 2004. | September 2004. | |||
Authors' Addresses | Authors' Addresses | |||
Atom Smasher | Atom Smasher | |||
Email: atom@smasher.org (0x762A3B98A3C396C9C6B7582AB88D52E4D9F57808) | Email: atom@smasher.org (762A3B98A3C396C9C6B7582AB88D52E4D9F57808) | |||
Simon Josefsson | Simon Josefsson | |||
Email: simon@josefsson.org (0x0424D4EE81A0E3D119C6F835EDA21E94B565716F) | Email: simon@josefsson.org (0424D4EE81A0E3D119C6F835EDA21E94B565716F) | |||
Intellectual Property Statement | Intellectual Property Statement | |||
The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | |||
End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ |