draft-josefsson-openpgp-mailnews-header-04.txt   draft-josefsson-openpgp-mailnews-header-05.txt 
Network Working Group A. Smasher Network Working Group A. Smasher
Internet-Draft S. Josefsson Internet-Draft S. Josefsson
Intended status: Informational April 2, 2008 Intended status: Informational April 15, 2008
Expires: October 4, 2008 Expires: October 17, 2008
The OpenPGP mail and news header field The OpenPGP mail and news header field
draft-josefsson-openpgp-mailnews-header-04 draft-josefsson-openpgp-mailnews-header-05
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on October 4, 2008. This Internet-Draft will expire on October 17, 2008.
Abstract Abstract
This document describes the OpenPGP mail and news header field. The This document describes the OpenPGP mail and news header field. The
field provide information about the sender's OpenPGP key. field provide information about the sender's OpenPGP key.
See <http://josefsson.org/openpgp-header/> for more information. See <http://josefsson.org/openpgp-header/> for more information.
Table of Contents Table of Contents
1. Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Background and Motivation . . . . . . . . . . . . . . . . . . 3 2. Background and Motivation . . . . . . . . . . . . . . . . . . 3
3. OpenPGP Header Field . . . . . . . . . . . . . . . . . . . . . 4 3. OpenPGP Header Field . . . . . . . . . . . . . . . . . . . . . 4
3.1. Primary Key ID field: id . . . . . . . . . . . . . . . . . 5 3.1. Primary Key ID field: id . . . . . . . . . . . . . . . . . 5
3.2. Key URL field: url . . . . . . . . . . . . . . . . . . . . 5 3.2. Key URL field: url . . . . . . . . . . . . . . . . . . . . 6
3.3. Protection Preference Field: preference . . . . . . . . . 6 3.3. Protection Preference Field: preference . . . . . . . . . 6
4. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
9. Copying conditions . . . . . . . . . . . . . . . . . . . . . . 9 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
10. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 9.1. Normative References . . . . . . . . . . . . . . . . . . . 10
10.1. Normative References . . . . . . . . . . . . . . . . . . . 9 9.2. Informative References . . . . . . . . . . . . . . . . . . 10
10.2. Informative References . . . . . . . . . . . . . . . . . . 9 Appendix A. Copying conditions . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 10 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
Intellectual Property and Copyright Statements . . . . . . . . . . 11 Intellectual Property and Copyright Statements . . . . . . . . . . 12
1. Preface 1. Preface
This document is intended to define the "OpenPGP" message header This document is intended to define the "OpenPGP" message header
field. This field should be considered "informational" (and field. This field should be considered "informational" (and
"optional"), and be suitable for both mail [RFC2822] and netnews "optional"), and be suitable for both mail [RFC2822] and netnews
[RFC1036] messages. This field should be used to provide information [RFC1036] messages. This field should be used to provide information
about the sender's OpenPGP [RFC4880] key. This field MAY be used in about the sender's OpenPGP [RFC4880] key. This field MAY be used in
any message. any message.
skipping to change at page 3, line 37 skipping to change at page 3, line 37
cannot be reliably parsed automatically by applications, only parsed cannot be reliably parsed automatically by applications, only parsed
by humans. by humans.
Since both PGP and GnuPG rely on the OpenPGP protocol, it appear Since both PGP and GnuPG rely on the OpenPGP protocol, it appear
preferable to use the term "OpenPGP" rather than "PGP", or "GPG", in preferable to use the term "OpenPGP" rather than "PGP", or "GPG", in
the field name. The latter forms appear as underhanded attempts to the field name. The latter forms appear as underhanded attempts to
advocate specific applications, rather than the open standard they advocate specific applications, rather than the open standard they
both share. The field specified here is named "OpenPGP". both share. The field specified here is named "OpenPGP".
The OpenPGP field is not a required part of successful use of OpenPGP The OpenPGP field is not a required part of successful use of OpenPGP
in e-mail. It is intended as a convenience, in those situations in e-mail or other messages. It is intended as a convenience, in
where the user experience may be enhanced by using the information in those situations where the user experience may be enhanced by using
the field. Consequently, the information in the field should not the information in the field. Consequently, the information in the
disrupt the normal OpenPGP key retrieval and web of trust mechanism. field should not disrupt the normal OpenPGP key retrieval and web of
Neither the integrity nor the authenticity of the information in the trust mechanism. Neither the integrity nor the authenticity of the
field should be assumed to be correct or be trust-worthy. information in the field should be assumed to be correct or trust-
worthy.
No specific scenario when the field should be used, nor how it should No specific scenario when the field should be used, nor how it should
be used in that scenario, are suggested by this document. It is be used in that scenario, are suggested by this document. It is
acknowledged that the dominant use of the information in the field acknowledged that the dominant use of the information in the field
may be by humans and not applications. may be by humans and not applications.
To promote good use of the field, care should be taken so that To promote good use of the field, care should be taken so that
applications do not trigger error messages that may annoy the user, applications do not trigger error messages that may annoy the user,
when an error condition arise during handling of the OpenPGP field. when an error condition arise during handling of the OpenPGP field.
It is generally recommended that an implementation ignore the It is generally recommended that an implementation ignore the
presence of the OpenPGP fields if an error condition occur. Since presence of the OpenPGP fields if it would cause an error condition.
the field is optional, this approach should not be difficult to Since the field is optional, this approach should not be difficult to
implement. The philosophy here is to enable an enhanced user implement. The philosophy here is to enable an enhanced user
experience. Error messages rarely contribute to that goal. experience. Error messages rarely contribute to that goal.
3. OpenPGP Header Field 3. OpenPGP Header Field
The OpenPGP header field is intended to present characteristics of The OpenPGP header field is intended to present characteristics of
the sender's OpenPGP key. The field may contain the Key ID and the the sender's OpenPGP key. The field typically contains the Key ID
URL where the key can be retrieved. and the URL where the key can be retrieved.
Because the header is typically not integrity protected, the Because the mail header is typically not integrity protected, the
information conveyed in the OpenPGP header field MUST NOT be trusted information conveyed in the OpenPGP header field MUST NOT be trusted
without additional verification. Some of the information given in without additional verification. Some of the information given in
this field may also be given on the OpenPGP key itself. When these this field may also be given in the OpenPGP key itself. When these
two sources conflict, users SHOULD favor the information from the two sources conflict, users SHOULD favor the information from the
OpenPGP key, as that information can be cryptographically protected. OpenPGP key, as that information can be cryptographically protected.
The field is of a "structured" type (see section 2.2.2 of RFC 2822). The field is of a "structured" type (see section 2.2.2 of RFC 2822).
In general, the structure consist of one or more parameters, each In general, the structure consist of one or more parameters, each
consisting of one attribute and one value. The terminology and consisting of one attribute and one value. The terminology and
format of the field was inspired by MIME [RFC2045]. The various format of the field was inspired by MIME [RFC2045]. The various
provisions of RFC 2045 apply. In particular, the value part of provisions of RFC 2045 apply. In particular, the value part of
parameters may be quoted; whitespace, folding and comments may occur parameters may be quoted; whitespace, folding and comments may occur
in the middle of parameters. The provisions of MIME [RFC2231] also in the middle of parameters; except as noted below. The provisions
apply; in particular it deals with handling parameters of excessive of MIME [RFC2231] also apply; in particular it deals with handling
length. parameters of excessive length.
The OpenPGP header field is defined as below in the Augmented BNF The OpenPGP header field is defined as below in the Augmented BNF
[RFC5234] notation. By itself, however, this grammar is incomplete. [RFC5234] notation. By itself, however, this grammar is incomplete.
It refers by name to syntax rules that are defined in [RFC2822] and It refers by name to syntax rules that are defined in [RFC2822] and
[RFC3986]. Rather than reproduce those definitions here, and risk [RFC3986]. Rather than reproduce those definitions here, and risk
unintentional differences between the two, this document refer the unintentional differences between the two, this document refer the
reader to the other documents for the definition of non-terminals. reader to the other documents for the definition of non-terminals.
Unrecognized parameters MUST be ignored. The grammar permit them to Implementations MUST understand the "id", "url", and "preference"
allow for future extensions. A given parameter type (i.e., "id", attributes. Parameter with unrecognized attributes MUST be ignored.
"url" or "preference") MUST NOT occur more than once. The OpenPGP: The grammar permit unknown parameters to allow for future extensions.
field itself SHOULD NOT appear more than once within a message. Each parameter attribute (e.g., "url") MUST NOT occur more than once
in any single instance of the OpenPGP field. The OpenPGP field
itself MAY occur more than once in a single email (for example if the
sender has multiple keys).
openpgp = "OpenPGP:" SP *CFWS openpgp-params *CFWS CRLF openpgp = "OpenPGP:" SP *CFWS o-params CRLF
; CFWS is defined in RFC 2822. ; CFWS is defined in RFC 2822.
; SP and CRLF are defined in RFC 5234.
openpgp-params o-params = (o-parameter *CFWS *(";" *CFWS o-params))
= (openpgp-parameter *(";" *CFWS openpgp-parameter))
openpgp-parameter o-parameter =
= ("id" "=" id) / ("id" "=" id) /
("url" "=" url) / ("url" "=" url) /
("preference" "=" preference) / ("preference" "=" preference) /
parameter ; See RFC 2045 for definition of parameter. parameter ; normally unused, for extensions
; parameter is defined in RFC 2045.
id = 8*HEXDIG ; Defined in RFC 5234. id = 8*HEXDIG
; HEXDIG is defined in RFC 5234.
; Matching of value is case-insensitive.
url = absoluteURI ; Defined in RFC 3986. url = absoluteURI / quoted-url
; absoluteURI is defined in RFC 3986.
; If URL contains the character ';',
; the quoted-url form MUST be used.
quoted-url = DQUOTE absoluteURI DQUOTE
; DQUOTE is defined in RFC 5234.
preference = "sign" / "encrypt" / "signencrypt" / "unprotected" preference = "sign" / "encrypt" / "signencrypt" / "unprotected"
; Matching of values are case-insensitive.
3.1. Primary Key ID field: id 3.1. Primary Key ID field: id
The "id" attribute=value pair, if present, MUST define the primary The "id" parameter, if present, MUST hold the Key ID or key
key ID. The value MUST identify the key ID (in either short or long fingerprint for the primary key. The value uses the hex [RFC4648]
form) or the fingerprint, all using the hex [RFC4648] notation. notation. The parameter value is case-insensitive.
The length of the field imply the kind of key id, i.e., short or long The length of the field determine whether it denotes a Key ID (8 hex
form, or a v3 or v4 key. symbols), a long Key ID (16 hex symbols), a v3 key fingerprint (32
hex symbols), or a v4 key fingerprint (40 hex symbols).
Note that each of the following examples includes a comment, which is Note that each of the following examples includes a comment, which is
optional. optional.
id=12345678 (short key ID) id=12345678 (short key ID)
id=1234567890ABCDEF (long key ID) id=1234567890ABCDEF (long key ID)
id=1234567890abcdef01234567890ABCDEF0123456 (v4 fingerprint) id=1234567890abcdef0123456789ABCDEF01234567 (v4 fingerprint)
id=1234567890ABCDEF01234567890ABCDE (v3 fingerprint, deprecated) id=1234567890ABCDEF0123456789ABCDEF (v3 fingerprint, deprecated)
3.2. Key URL field: url 3.2. Key URL field: url
The "url" attribute=value pair, if present, MUST specify a URL where The "url" parameter, if present, MUST specify a URL where the public
the public key can be found. It is RECOMMENDED to use a common URL key can be found. It is RECOMMENDED to use a common URL family, such
family, such as HTTP [RFC2616] or FTP [RFC0959]. The URL MUST be as HTTP [RFC2616] or FTP [RFC0959]. The URL MUST be fully qualified,
fully qualified, MUST explicitly specify a protocol and SHOULD be MUST explicitly specify a protocol and SHOULD be accessible on the
accessible on the public Internet. public Internet.
The content of where the URL points SHOULD be either an ASCII armored
or binary OpenPGP packet containing the key. A valid reason for
storing something else may be if the key has been revoked.
For example: For example:
url=http://example.org/pgp.txt url=http://example.org/pgp.txt
url="http://example.org/funny;name.txt"
If the URL contains the character ';' the entire URL MUST be quoted,
as illustrated in the example.
3.3. Protection Preference Field: preference 3.3. Protection Preference Field: preference
The "preference" attribute=value pair, if present, specify the The "preference" parameter, if present, specify the quality of
quality of protection preferred by the sender. The available choices protection preferred by the sender. The parameter value is case-
are "unprotected" which means that the sender prefer not to receive insensitive.
OpenPGP protected e-mails. A "sign" token means that the sender
prefer to receive digitally signed e-mails. A "encrypt" token means The available values are as follows. A "unprotected" token means
that the sender prefer to receive digitally encrypted e-mails. A that the sender prefer not to receive OpenPGP protected e-mails. A
"signencrypt" token means that the sender prefer to receive digitally "sign" token means that the sender prefer to receive digitally signed
encrypted and signed e-mails. Note that there is no technical e-mails. A "encrypt" token means that the sender prefer to receive
requirement on the receiver to follow the stated preference. encrypted e-mails. A "signencrypt" token means that the sender
prefer to receive encrypted and signed e-mails.
Note that there is no normative requirement on the receiver to follow
the stated preference.
For example: For example:
preference=sign preference=sign
preference="unprotected" preference=unprotected
preference=ENCRYPT preference=ENCRYPT
4. Comments 4. Comments
As discussed in section 3.2.3 of RFC 2822, comments may appear in As discussed in section 3.2.3 of RFC 2822, comments may appear in
header field bodies. Comments are not intended to be interpreted by header field bodies. Comments are not intended to be interpreted by
any application, but to provide additional information for humans. any application, but to provide additional information for humans.
The following are examples of OpenPGP fields with comments: The following are examples of OpenPGP fields with comments:
id=B565716F (key stored on non-networked laptop) id=B565716F (key stored on non-networked laptop)
id=12345678 (1024 bit RSA Key for Encrypt or Sign) id=12345678 (1024 bit RSA Key for Encrypt or Sign)
id=ABCD0123 (created Sun Jan 2 02:25:15 CET 2005) id=ABCD0123 (created Sun Jan 2 02:25:15 CET 2005)
5. Examples 5. Examples
These are valid examples of how the field may be used. This list is These are valid examples of how the field may be used. This list is
not meant to be exhaustive, but do reflect expected typical usages. not meant to be exhaustive, but to reflect expected typical usages.
OpenPGP: id=12345678 OpenPGP: id=12345678
OpenPGP: url=http://example.com/key.txt OpenPGP: url=http://example.com/key.txt
OpenPGP: preference=unprotected OpenPGP: preference=unprotected
OpenPGP: url=http://example.com/key.txt; id=12345678 OpenPGP: url=http://example.com/key.txt; id=12345678
OpenPGP: id=12345678; url=http://example.com/key.txt; OpenPGP: id=12345678; url=http://example.com/key.txt;
preference=signencrypt preference=signencrypt
OpenPGP: url=http://example.com/key.txt (down 2-3pm UTC); OpenPGP: url=http://example.com/key.txt (down 2-3pm UTC);
id=12345678 (this key is only used at the office); id=12345678 (this key is only used at the office);
preference=sign (unsigned emails are filtered away) preference=sign (unsigned emails are filtered away)
OpenPGP: id=12345678; url="http://example.com/openpgp;key.txt"
6. Acknowledgements 6. Acknowledgements
The content of this document builds on discussions with (in The content of this document builds on discussions with (in
alphabetical order) Christian Biere, Patrick Brunschwig, Jon Callas, alphabetical order) Christian Biere, Patrick Brunschwig, Jon Callas,
Dave Evans, Peter J. Holzer, Ingo Klocker, Werner Koch, Jochen Dave Evans, Peter J. Holzer, Ingo Klocker, Werner Koch, Jochen
Kupper, William Leibzon, Charles Lindsey, Aleksandar Milivojevic, Kupper, William Leibzon, Charles Lindsey, Aleksandar Milivojevic,
Xavier Maillard, Greg Sabino Mullane, Thomas Roessler, Moritz Xavier Maillard, Greg Sabino Mullane, Tim Polk, Thomas Roessler,
Schulte, Olav Seyfarth, David Shaw, Thomas Sjogren, Paul Walker, and Moritz Schulte, Olav Seyfarth, David Shaw, Thomas Sjogren, Paul
Steve Youngs. No doubt the list is incomplete. We apologize to Walker, and Steve Youngs. No doubt the list is incomplete. We
anyone we left out. apologize to anyone we left out.
7. Security Considerations 7. Security Considerations
The OpenPGP header field is intended to be a convenience in locating The OpenPGP header field is intended to be a convenience in locating
public keys. They are neither secure nor intended to be. Since the public keys. The OpenPGP header is neither secure nor intended to
message header is easy to spoof, information contained in the header be. Since the message header is easy to spoof, information contained
should not be trusted. The information must be verified. in the header should not be trusted. The information must be
verified.
Applications that interpret the field MUST NOT assume that the Applications that interpret the field MUST NOT assume that the
content is correct, and MUST NOT present the data to the user in any content is correct, and MUST NOT present the data to the user in any
way that would cause the user to assume that it is correct. way that would cause the user to assume that it is correct.
Applications that interpret the data within the field SHOULD alert Applications that interpret the data within the field SHOULD alert
the user that this information is not a substitute for personally the user that this information is not a substitute for personally
verifying keys and being a part of the web of trust. verifying keys and being a part of the web of trust.
If an application receives a signed message and uses the information If an application receives a signed message and uses the information
in the field to retrieve a key, the application MAY ignore the in the field to automatically retrieve a key, the application MAY
retrieved key if it is not the same key used to sign the message. ignore the retrieved key if it is not the same key used to sign the
This SHOULD be done before the newly retrieved key is imported into message. This SHOULD be done before the newly retrieved key is
the user's keyring. imported into the user's keyring.
The use of HTTPS [RFC2818], DNSSEC [RFC4033], SMTP STARTTLS The use of HTTPS [RFC2818], DNSSEC [RFC4033], SMTP STARTTLS
[RFC3207], IMAP/POP3 STARTTLS [RFC2595] and other secure protocols, [RFC3207], IMAP/POP3 STARTTLS [RFC2595] and other secure protocols,
may enhance the security of information conveyed through this field, may enhance the security of information conveyed through this field,
but does not guarantee any level of security or authenticity. but does not guarantee any level of security or authenticity.
Developers and users must remain aware of this. Developers and users must remain aware of this.
Version 3 OpenPGP keys can be created with a chosen key id (aka "the Version 3 OpenPGP keys can be created with a chosen key id (aka "the
0xDEADBEEF attack"). Verifying the Key ID of a retrieved key against 0xDEADBEEF attack"). Verifying the Key ID of a retrieved key against
the one provided in the field is thus not sufficient to protect the one provided in the field is thus not sufficient to protect
against a man-in-the-middle attack. Instead, the web-of-trust against a man-in-the-middle attack. Instead, the web-of-trust
mechanism should be used. mechanism should be used.
If an attacker wants to check the validity of Email addresses, he If an attacker wants to check the validity of email addresses, he
might send out junk email to arbitrary addresses and collect those might email arbitrary addresses with a unique OpenPGP header field
that report back to the crafted OpenPGP URL. To protect against URL (presumably an URL under the attacker's control). The attacker
can verify the liveness of each email address by checking if the URL
for each particular recipient has been retrieved. To protect against
this, implementations MUST inform the user of that potential privacy this, implementations MUST inform the user of that potential privacy
issue when retrieving keys from an URL provided by the field of an issue when retrieving keys from an URL provided by the field of an
inbound email message: either when the feature is enabled or to be inbound email message: either when the feature is enabled or to be
used for the first time or every time the MUA detects an unknown key. used for the first time or every time the MUA detects an unknown key.
Given the flexibility of the syntax of the field, slightly varying Given the flexibility of the syntax of the field, slightly varying
the content between messages can be used as a covert channel. the content between messages can be used as a covert channel. This
is already possible using other header fields in email, and thus the
OpenPGP field do not introduce a new vulnerability here.
8. IANA Considerations 8. IANA Considerations
The IANA is asked to register the OpenPGP header field, using the The IANA is asked to register the OpenPGP header field, using the
template as follows, in accordance with RFC 3864 [RFC3864]. template as follows, in accordance with RFC 3864 [RFC3864].
Header field name: OpenPGP Header field name: OpenPGP
Applicable protocol: mail, netnews Applicable protocol: mail, netnews
skipping to change at page 8, line 21 skipping to change at page 9, line 4
8. IANA Considerations 8. IANA Considerations
The IANA is asked to register the OpenPGP header field, using the The IANA is asked to register the OpenPGP header field, using the
template as follows, in accordance with RFC 3864 [RFC3864]. template as follows, in accordance with RFC 3864 [RFC3864].
Header field name: OpenPGP Header field name: OpenPGP
Applicable protocol: mail, netnews Applicable protocol: mail, netnews
Status: informational Status: informational
Author/Change controller: IETF Author/Change controller: IETF
Specification document(s): This document. Specification document(s): This document.
Related information: None Related information: None
9. Copying conditions 9. References
Regarding this entire document or any portion of it, the authors
makes no guarantees and is not responsible for any damage resulting
from its use. The authors grants irrevocable permission to anyone to
use, modify, and distribute it in any way that does not diminish the
rights of anyone else to use, modify, and distribute it, provided
that redistributed derivative works do not contain misleading author
or version information. Derivative works need not be licensed under
similar terms.
10. References
10.1. Normative References 9.1. Normative References
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996. Bodies", RFC 2045, November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and Encoded [RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and Encoded
Word Extensions: Word Extensions:
skipping to change at page 9, line 45 skipping to change at page 10, line 34
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005. RFC 3986, January 2005.
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", RFC 4880, November 2007. Thayer, "OpenPGP Message Format", RFC 4880, November 2007.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008. Specifications: ABNF", STD 68, RFC 5234, January 2008.
10.2. Informative References 9.2. Informative References
[RFC0959] Postel, J. and J. Reynolds, "File Transfer Protocol", [RFC0959] Postel, J. and J. Reynolds, "File Transfer Protocol",
STD 9, RFC 959, October 1985. STD 9, RFC 959, October 1985.
[RFC1036] Horton, M. and R. Adams, "Standard for interchange of [RFC1036] Horton, M. and R. Adams, "Standard for interchange of
USENET messages", RFC 1036, December 1987. USENET messages", RFC 1036, December 1987.
[RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP",
RFC 2595, June 1999. RFC 2595, June 1999.
skipping to change at page 10, line 28 skipping to change at page 11, line 16
Procedures for Message Header Fields", BCP 90, RFC 3864, Procedures for Message Header Fields", BCP 90, RFC 3864,
September 2004. September 2004.
[RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
Rose, "DNS Security Introduction and Requirements", Rose, "DNS Security Introduction and Requirements",
RFC 4033, March 2005. RFC 4033, March 2005.
[RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data [RFC4648] Josefsson, S., "The Base16, Base32, and Base64 Data
Encodings", RFC 4648, October 2006. Encodings", RFC 4648, October 2006.
Appendix A. Copying conditions
Regarding this entire document or any portion of it, the authors
makes no guarantees and is not responsible for any damage resulting
from its use. The authors grants irrevocable permission to anyone to
use, modify, and distribute it in any way that does not diminish the
rights of anyone else to use, modify, and distribute it, provided
that redistributed derivative works do not contain misleading author
or version information. Derivative works need not be licensed under
similar terms.
Authors' Addresses Authors' Addresses
Atom Smasher Atom Smasher
Email: atom@smasher.org (762A3B98A3C396C9C6B7582AB88D52E4D9F57808) Email: atom@smasher.org (762A3B98A3C396C9C6B7582AB88D52E4D9F57808)
Simon Josefsson Simon Josefsson
Email: simon@josefsson.org (0424D4EE81A0E3D119C6F835EDA21E94B565716F) Email: simon@josefsson.org (0424D4EE81A0E3D119C6F835EDA21E94B565716F)
 End of changes. 41 change blocks. 
93 lines changed or deleted 124 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/