| draft-josefsson-openpgp-mailnews-header-01.txt | draft-josefsson-openpgp-mailnews-header-02.txt | |||
|---|---|---|---|---|
| Network Working Group A. Smasher | Network Working Group A. Smasher | |||
| Internet-Draft S. Josefsson | Internet-Draft S. Josefsson | |||
| Expires: November 26, 2005 May 25, 2005 | Expires: March 27, 2006 September 23, 2005 | |||
| The OpenPGP mail and news header | The OpenPGP mail and news header | |||
| draft-josefsson-openpgp-mailnews-header-01 | draft-josefsson-openpgp-mailnews-header-02 | |||
| Status of this Memo | Status of this Memo | |||
| By submitting this Internet-Draft, each author represents that any | By submitting this Internet-Draft, each author represents that any | |||
| applicable patent or other IPR claims of which he or she is aware | applicable patent or other IPR claims of which he or she is aware | |||
| have been or will be disclosed, and any of which he or she becomes | have been or will be disclosed, and any of which he or she becomes | |||
| aware will be disclosed, in accordance with Section 6 of BCP 79. | aware will be disclosed, in accordance with Section 6 of BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF), its areas, and its working groups. Note that | Task Force (IETF), its areas, and its working groups. Note that | |||
| skipping to change at page 1, line 33 | skipping to change at page 1, line 33 | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| The list of current Internet-Drafts can be accessed at | The list of current Internet-Drafts can be accessed at | |||
| http://www.ietf.org/ietf/1id-abstracts.txt. | http://www.ietf.org/ietf/1id-abstracts.txt. | |||
| The list of Internet-Draft Shadow Directories can be accessed at | The list of Internet-Draft Shadow Directories can be accessed at | |||
| http://www.ietf.org/shadow.html. | http://www.ietf.org/shadow.html. | |||
| This Internet-Draft will expire on November 26, 2005. | This Internet-Draft will expire on March 27, 2006. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (C) The Internet Society (2005). | Copyright (C) The Internet Society (2005). | |||
| Abstract | Abstract | |||
| This document describes the OpenPGP mail and news header field. The | This document describes the OpenPGP mail and news header field. The | |||
| field provide information about the sender's OpenPGP key. | field provide information about the sender's OpenPGP key. | |||
| See <http://josefsson.org/openpgp-header/> for more information. | See <http://josefsson.org/openpgp-header/> for more information. | |||
| Table of Contents | Table of Contents | |||
| 1. Preface . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Background and Motivation . . . . . . . . . . . . . . . . . 3 | 2. Background and Motivation . . . . . . . . . . . . . . . . . . 3 | |||
| 3. OpenPGP Header Field . . . . . . . . . . . . . . . . . . . . 4 | 3. OpenPGP Header Field . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.1 Primary Key ID field: id . . . . . . . . . . . . . . . . . 5 | 3.1. Primary Key ID field: id . . . . . . . . . . . . . . . . . 5 | |||
| 3.2 Key URL field: url . . . . . . . . . . . . . . . . . . . . 5 | 3.2. Key URL field: url . . . . . . . . . . . . . . . . . . . . 5 | |||
| 4. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 3.3. Protection Preference Field: preference . . . . . . . . . 6 | |||
| 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . 5 | 4. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . 6 | 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | 6. Open Issues . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . 6 | 7. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . 7 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 10. Copying conditions . . . . . . . . . . . . . . . . . . . . . 8 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 11. References . . . . . . . . . . . . . . . . . . . . . . . . . 8 | 10. Copying conditions . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 11.1 Normative References . . . . . . . . . . . . . . . . . . 8 | 11. References . . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 11.2 Informative References . . . . . . . . . . . . . . . . . 9 | 11.1. Normative References . . . . . . . . . . . . . . . . . . . 9 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . 9 | 11.2. Informative References . . . . . . . . . . . . . . . . . . 10 | |||
| Intellectual Property and Copyright Statements . . . . . . . 10 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| Intellectual Property and Copyright Statements . . . . . . . . . . 12 | ||||
| 1. Preface | 1. Preface | |||
| This document is intended to define the "OpenPGP" message header. | This document is intended to define the "OpenPGP" message header. | |||
| This header should be considered "informational" (and "optional"), | This header should be considered "informational" (and "optional"), | |||
| and be suitable for both mail [8] and netnews [1] messages. This | and be suitable for both mail [8] and netnews [1] messages. This | |||
| header should be used to provide information about the sender's | header should be used to provide information about the sender's | |||
| OpenPGP [7] key. This header MAY be used in any message. | OpenPGP [7] key. This header MAY be used in any message. | |||
| This document should be interpreted within the context of RFC 2822. | This document should be interpreted within the context of RFC 2822. | |||
| skipping to change at page 4, line 34 | skipping to change at page 4, line 36 | |||
| In the Augmented BNF [5] notation, an OpenPGP header field is defined | In the Augmented BNF [5] notation, an OpenPGP header field is defined | |||
| as below. By itself, however, this grammar is incomplete. It refers | as below. By itself, however, this grammar is incomplete. It refers | |||
| by name to several syntax rules that are defined by RFC 2822 and the | by name to several syntax rules that are defined by RFC 2822 and the | |||
| URI syntax document [6]. Rather than reproduce those definitions | URI syntax document [6]. Rather than reproduce those definitions | |||
| here, and risk unintentional differences between the two, this | here, and risk unintentional differences between the two, this | |||
| document refer the reader to RFC 2822 and RFC 2396 for the definition | document refer the reader to RFC 2822 and RFC 2396 for the definition | |||
| of non-terminals. | of non-terminals. | |||
| Unrecognized parameters MUST be ignored. The grammar permit them to | Unrecognized parameters MUST be ignored. The grammar permit them to | |||
| allow for future extensions. This header SHOULD NOT appear more than | allow for future extensions. This header SHOULD NOT appear more than | |||
| once within a message. A given parameter type (i.e., "id" or "url") | once within a message. A given parameter type (i.e., "id", "url" or | |||
| may appear no more than once. | "preference") MUST NOT occur more than once. | |||
| openpgp := "OpenPGP:" id-or-url / | openpgp := "OpenPGP:" | |||
| (openpgp-parameter *(";" openpgp-parameter)) | (openpgp-parameter *(";" openpgp-parameter)) | |||
| CRLF | CRLF | |||
| id-or-url := id / url | ||||
| id := *HEXDIG | id := *HEXDIG | |||
| url := absoluteURI ; Defined in RFC 2396. | url := absoluteURI ; Defined in RFC 2396. | |||
| preference := "sign" / "encrypt" / "signencrypt" / "unprotected" | ||||
| openpgp-parameter | openpgp-parameter | |||
| := ("id" "=" id) / | := ("id" "=" id) / | |||
| ("url" "=" url) / | ("url" "=" url) / | |||
| ("preference" "=" preference) / | ||||
| parameter ; See RFC 2045 for definition of parameter. | parameter ; See RFC 2045 for definition of parameter. | |||
| 3.1 Primary Key ID field: id | 3.1. Primary Key ID field: id | |||
| The "id" attribute=value pair, if present, MUST define the primary | The "id" attribute=value pair, if present, MUST define the primary | |||
| key ID. The value MUST identify the key ID (in either short or long | key ID. The value MUST identify the key ID (in either short or long | |||
| form) or the fingerprint, all using the hexadecimal [14] notation. | form) or the fingerprint, all using the hexadecimal [14] notation. | |||
| The length of the field imply the kind of key id, i.e., short or long | The length of the field imply the kind of key id, i.e., short or long | |||
| form, or a v3 or v4 key. | form, or a v3 or v4 key. | |||
| Note that each of the following examples includes a comment, which is | Note that each of the following examples includes a comment, which is | |||
| optional. | optional. | |||
| id=12345678 (short key ID) | id=12345678 (short key ID) | |||
| id=1234567890ABCDEF (long key ID) | id=1234567890ABCDEF (long key ID) | |||
| id=1234567890ABCDEF01234567890ABCDEF0123456 (v4 fingerprint) | id=1234567890abcdef01234567890ABCDEF0123456 (v4 fingerprint) | |||
| id=1234567890ABCDEF01234567890ABCDE (v3 fingerprint, deprecated) | id=1234567890ABCDEF01234567890ABCDE (v3 fingerprint, deprecated) | |||
| 3.2 Key URL field: url | 3.2. Key URL field: url | |||
| The "url" attribute=value pair, if present, MUST specify a URL where | The "url" attribute=value pair, if present, MUST specify a URL where | |||
| the public key can be found. It is RECOMMENDED to use a common URL | the public key can be found. It is RECOMMENDED to use a common URL | |||
| family, such as HTTP [12] or FTP [9]. The URL MUST be fully | family, such as HTTP [12] or FTP [9]. The URL MUST be fully | |||
| qualified, MUST explicitly specify a protocol and SHOULD be | qualified, MUST explicitly specify a protocol and SHOULD be | |||
| accessible on the public Internet. | accessible on the public Internet. | |||
| For example: | For example: | |||
| url=http://example.org/pgp.txt | url=http://example.org/pgp.txt | |||
| 3.3. Protection Preference Field: preference | ||||
| The "preference" attribute=value pair, if present, specify the | ||||
| quality of protection preferred by the sender. The available choices | ||||
| are "unprotected" which means that the sender prefer not to receive | ||||
| OpenPGP protected e-mails. A "sign" token means that the sender | ||||
| prefer to receive digitally signed e-mails. A "encrypt" token means | ||||
| that the sender prefer to receive digitally encrypted e-mails. A | ||||
| "signencrypt" token means that the sender prefer to receive digitally | ||||
| encrypted and signed e-mails. Note that there is no technical | ||||
| requirement on the receiver to follow the stated preference. | ||||
| For example: | ||||
| preference=sign | ||||
| preference="unprotected" | ||||
| preference=ENCRYPT | ||||
| 4. Comments | 4. Comments | |||
| As discussed in section 3.2.3 of RFC 2822, comments may appear in | As discussed in section 3.2.3 of RFC 2822, comments may appear in | |||
| header field bodies. Comments are not intended to be interpreted by | header field bodies. Comments are not intended to be interpreted by | |||
| any application, but to provide additional information for humans. | any application, but to provide additional information for humans. | |||
| The following are examples of header field bodies with comments: | The following are examples of header field bodies with comments: | |||
| id=B565716F (key stored on non-networked laptop) | id=B565716F (key stored on non-networked laptop) | |||
| id=12345678 (1024 bit RSA Key for Encrypt or Sign) | id=12345678 (1024 bit RSA Key for Encrypt or Sign) | |||
| id=ABCD0123 (created Sun Jan 2 02:25:15 CET 2005) | id=ABCD0123 (created Sun Jan 2 02:25:15 CET 2005) | |||
| 5. Examples | 5. Examples | |||
| These are valid examples of ways in which this header may be used. | These are valid examples of ways in which this header may be used. | |||
| This list is not meant to be exhaustive, but do reflect expected | This list is not meant to be exhaustive, but do reflect expected | |||
| typical usages. | typical usages. | |||
| OpenPGP: 12345678 | ||||
| OpenPGP: id=12345678 | OpenPGP: id=12345678 | |||
| OpenPGP: http://example.com/key.txt | ||||
| OpenPGP: url=http://example.com/key.txt | OpenPGP: url=http://example.com/key.txt | |||
| OpenPGP: preference=unprotected | ||||
| OpenPGP: url=http://example.com/key.txt; id=12345678 | OpenPGP: url=http://example.com/key.txt; id=12345678 | |||
| OpenPGP: id=12345678; url=http://example.com/key.txt | OpenPGP: id=12345678; url=http://example.com/key.txt; | |||
| preference=signencrypt | ||||
| OpenPGP: url=http://example.com/key.txt (down 2-3pm UTC); | OpenPGP: url=http://example.com/key.txt (down 2-3pm UTC); | |||
| id=12345678 (this key is only used at the office) | id=12345678 (this key is only used at the office); | |||
| preference=sign (unsigned emails are filtered away) | ||||
| 6. Open Issues | 6. Open Issues | |||
| Should there be a "supports" field, that signal whether the sender | Should there be a "supports" field, that signal whether the sender | |||
| support inline PGP or PGP/MIME? As in supports="inline, mime" or | support inline PGP or PGP/MIME? As in supports="inline, mime" or | |||
| similar. Should it be in preferred priority order? | similar. Should it be in preferred priority order? This draft | |||
| tentatively closes this issue by ignoring the matter, until someone | ||||
| proposes text. | ||||
| The ABNF definition is known to be under-specified. | The ABNF definition is known to be under-specified. | |||
| 7. Acknowledgements | 7. Acknowledgements | |||
| The content of this document builds on discussions with (in | The content of this document builds on discussions with (in | |||
| alphabetical order) Christian Biere, Patrick Brunschwig, Jon Callas, | alphabetical order) Christian Biere, Patrick Brunschwig, Jon Callas, | |||
| Peter J. Holzer, Ingo Klocker, Werner Koch, Jochen Kupper, Charles | Peter J. Holzer, Ingo Klocker, Werner Koch, Jochen Kupper, Charles | |||
| Lindsey, Aleksandar Milivojevic, Xavier Maillard, Greg Sabino | Lindsey, Aleksandar Milivojevic, Xavier Maillard, Greg Sabino | |||
| Mullane, Thomas Roessler, Moritz Schulte, Olav Seyfarth, Thomas | Mullane, Thomas Roessler, Moritz Schulte, Olav Seyfarth, Thomas | |||
| skipping to change at page 8, line 24 | skipping to change at page 9, line 24 | |||
| makes no guarantees and is not responsible for any damage | makes no guarantees and is not responsible for any damage | |||
| resulting from its use. The authors grants irrevocable | resulting from its use. The authors grants irrevocable | |||
| permission to anyone to use, modify, and distribute it in any way | permission to anyone to use, modify, and distribute it in any way | |||
| that does not diminish the rights of anyone else to use, modify, | that does not diminish the rights of anyone else to use, modify, | |||
| and distribute it, provided that redistributed derivative works | and distribute it, provided that redistributed derivative works | |||
| do not contain misleading author or version information. | do not contain misleading author or version information. | |||
| Derivative works need not be licensed under similar terms. | Derivative works need not be licensed under similar terms. | |||
| 11. References | 11. References | |||
| 11.1 Normative References | 11.1. Normative References | |||
| [1] Horton, M. and R. Adams, "Standard for interchange of USENET | [1] Horton, M. and R. Adams, "Standard for interchange of USENET | |||
| messages", RFC 1036, December 1987. | messages", RFC 1036, December 1987. | |||
| [2] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | [2] Freed, N. and N. Borenstein, "Multipurpose Internet Mail | |||
| Extensions (MIME) Part One: Format of Internet Message Bodies", | Extensions (MIME) Part One: Format of Internet Message Bodies", | |||
| RFC 2045, November 1996. | RFC 2045, November 1996. | |||
| [3] Freed, N. and K. Moore, "MIME Parameter Value and Encoded Word | [3] Freed, N. and K. Moore, "MIME Parameter Value and Encoded Word | |||
| Extensions: Character Sets, Languages, and Continuations", | Extensions: Character Sets, Languages, and Continuations", | |||
| skipping to change at page 9, line 5 | skipping to change at page 10, line 5 | |||
| [6] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | [6] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform | |||
| Resource Identifiers (URI): Generic Syntax", RFC 2396, | Resource Identifiers (URI): Generic Syntax", RFC 2396, | |||
| August 1998. | August 1998. | |||
| [7] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, "OpenPGP | [7] Callas, J., Donnerhacke, L., Finney, H., and R. Thayer, "OpenPGP | |||
| Message Format", RFC 2440, November 1998. | Message Format", RFC 2440, November 1998. | |||
| [8] Resnick, P., "Internet Message Format", RFC 2822, April 2001. | [8] Resnick, P., "Internet Message Format", RFC 2822, April 2001. | |||
| 11.2 Informative References | 11.2. Informative References | |||
| [9] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, | [9] Postel, J. and J. Reynolds, "File Transfer Protocol", STD 9, | |||
| RFC 959, October 1985. | RFC 959, October 1985. | |||
| [10] Eastlake, D., "Domain Name System Security Extensions", | [10] Eastlake, D., "Domain Name System Security Extensions", | |||
| RFC 2535, March 1999. | RFC 2535, March 1999. | |||
| [11] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, | [11] Newman, C., "Using TLS with IMAP, POP3 and ACAP", RFC 2595, | |||
| June 1999. | June 1999. | |||
| skipping to change at page 9, line 33 | skipping to change at page 11, line 9 | |||
| RFC 3548, July 2003. | RFC 3548, July 2003. | |||
| [15] Klyne, G., Nottingham, M., and J. Mogul, "Registration | [15] Klyne, G., Nottingham, M., and J. Mogul, "Registration | |||
| Procedures for Message Header Fields", BCP 90, RFC 3864, | Procedures for Message Header Fields", BCP 90, RFC 3864, | |||
| September 2004. | September 2004. | |||
| Authors' Addresses | Authors' Addresses | |||
| Atom Smasher | Atom Smasher | |||
| Email: atom@smasher.org (0x762A3B98A3C396C9C6B7582AB88D52E4D9F57808) | Email: atom@smasher.org (762A3B98A3C396C9C6B7582AB88D52E4D9F57808) | |||
| Simon Josefsson | Simon Josefsson | |||
| Email: simon@josefsson.org (0x0424D4EE81A0E3D119C6F835EDA21E94B565716F) | Email: simon@josefsson.org (0424D4EE81A0E3D119C6F835EDA21E94B565716F) | |||
| Intellectual Property Statement | Intellectual Property Statement | |||
| The IETF takes no position regarding the validity or scope of any | The IETF takes no position regarding the validity or scope of any | |||
| Intellectual Property Rights or other rights that might be claimed to | Intellectual Property Rights or other rights that might be claimed to | |||
| pertain to the implementation or use of the technology described in | pertain to the implementation or use of the technology described in | |||
| this document or the extent to which any license under such rights | this document or the extent to which any license under such rights | |||
| might or might not be available; nor does it represent that it has | might or might not be available; nor does it represent that it has | |||
| made any independent effort to identify any such rights. Information | made any independent effort to identify any such rights. Information | |||
| on the procedures with respect to rights in RFC documents can be | on the procedures with respect to rights in RFC documents can be | |||
| End of changes. | ||||
This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/ | ||||