draft-josefsson-openpgp-mailnews-header-06.txt   draft-josefsson-openpgp-mailnews-header.txt 
Network Working Group A. Smasher Network Working Group A. Smasher
Internet-Draft S. Josefsson Internet-Draft S. Josefsson
Intended status: Informational May 20, 2008 Intended status: Informational May 2008
Expires: November 21, 2008 Expires: November 2, 2008
The "OpenPGP" mail and news header field The "OpenPGP" mail and news header field
draft-josefsson-openpgp-mailnews-header-06 draft-josefsson-openpgp-mailnews-header-07
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any This Internet-Draft is submitted to IETF in full conformance with the
applicable patent or other IPR claims of which he or she is aware provisions of BCP 78 and BCP 79.
have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on November 21, 2008. This Internet-Draft will expire on November 2, 2008.
Copyright Notice
Copyright (c) 2008 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents in effect on the date of
publication of this document (http://trustee.ietf.org/license-info).
Please review these documents carefully, as they describe your rights
and restrictions with respect to this document.
Abstract Abstract
This document describes the "OpenPGP" mail and news header field. This document describes the "OpenPGP" mail and news header field.
The field provide information about the sender's OpenPGP key. The field provide information about the sender's OpenPGP key.
See <http://josefsson.org/openpgp-header/> for more information. See <http://josefsson.org/openpgp-header/> for more information.
Table of Contents Table of Contents
1. Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1. Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
2. Background and Motivation . . . . . . . . . . . . . . . . . . 3 2. Background and Motivation . . . . . . . . . . . . . . . . . . 3
3. OpenPGP Header Field . . . . . . . . . . . . . . . . . . . . . 4 3. OpenPGP Header Field . . . . . . . . . . . . . . . . . . . . . 4
3.1. Primary Key ID field: id . . . . . . . . . . . . . . . . . 5 3.1. Primary Key ID field: id . . . . . . . . . . . . . . . . . 5
3.2. Key URL field: url . . . . . . . . . . . . . . . . . . . . 6 3.2. Key URL field: url . . . . . . . . . . . . . . . . . . . . 6
3.3. Protection Preference Field: preference . . . . . . . . . 6 3.3. Protection Preference Field: preference . . . . . . . . . 6
4. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 4. Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 5. Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7 6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 7
7. Security Considerations . . . . . . . . . . . . . . . . . . . 7 7. Security Considerations . . . . . . . . . . . . . . . . . . . 7
8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 10
9.1. Normative References . . . . . . . . . . . . . . . . . . . 10 9.1. Normative References . . . . . . . . . . . . . . . . . . . 10
9.2. Informative References . . . . . . . . . . . . . . . . . . 10 9.2. Informative References . . . . . . . . . . . . . . . . . . 10
Appendix A. Copying conditions . . . . . . . . . . . . . . . . . 11 Appendix A. Copying conditions . . . . . . . . . . . . . . . . . 11
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 11
Intellectual Property and Copyright Statements . . . . . . . . . . 12
1. Preface 1. Preface
This document is intended to define the "OpenPGP" message header This document is intended to define the "OpenPGP" message header
field. This field should be considered "informational" (and field. This field should be considered "informational" (and
"optional"), and be suitable for both mail [RFC2822] and netnews "optional"), and be suitable for both mail [RFC5322] and netnews
[RFC1036] messages. This field should be used to provide information [RFC1036] messages. This field should be used to provide information
about the sender's OpenPGP [RFC4880] key. This field MAY be used in about the sender's OpenPGP [RFC4880] key. This field MAY be used in
any message. any message.
This document should be interpreted within the context of RFC 2822. This document should be interpreted within the context of [RFC5322].
In the event of a discrepancy, refer to that document. In the event of a discrepancy, refer to that document.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119]. document are to be interpreted as described in RFC 2119 [RFC2119].
2. Background and Motivation 2. Background and Motivation
There are quite a few PGP and GnuPG users who add header fields with There are quite a few PGP and GnuPG users who add header fields with
information about the sender's OpenPGP key. Fields in current use information about the sender's OpenPGP key. Fields in current use
skipping to change at page 4, line 24 skipping to change at page 4, line 24
the sender's OpenPGP key. The field typically contains the Key ID the sender's OpenPGP key. The field typically contains the Key ID
and the URL where the key can be retrieved. and the URL where the key can be retrieved.
Because the mail header is typically not integrity protected, the Because the mail header is typically not integrity protected, the
information conveyed in the OpenPGP header field MUST NOT be trusted information conveyed in the OpenPGP header field MUST NOT be trusted
without additional verification. Some of the information given in without additional verification. Some of the information given in
this field may also be given in the OpenPGP key itself. When these this field may also be given in the OpenPGP key itself. When these
two sources conflict, users SHOULD favor the information from the two sources conflict, users SHOULD favor the information from the
OpenPGP key, as that information can be cryptographically protected. OpenPGP key, as that information can be cryptographically protected.
The field is of a "structured" type (see section 2.2.2 of RFC 2822). The field is of a "structured" type (see section 2.2.2 of RFC 5322).
In general, the structure consist of one or more parameters, each In general, the structure consist of one or more parameters, each
consisting of one attribute and one value. The terminology and consisting of one attribute and one value. The terminology and
format of the field was inspired by MIME [RFC2045]. The various format of the field was inspired by MIME [RFC2045]. The various
provisions of RFC 2045 apply. In particular, the value part of provisions of RFC 2045 apply. In particular, the value part of
parameters may be quoted; whitespace, folding and comments may occur parameters may be quoted; whitespace, folding and comments may occur
in the middle of parameters; except as noted below. The provisions in the middle of parameters; except as noted below.
of MIME Parameter Extensions [RFC2231] also apply; in particular,
that document deals with handling parameters of excessive length.
The OpenPGP header field is defined below in the Augmented BNF The OpenPGP header field is defined below in the Augmented BNF
[RFC5234] notation. By itself, however, this grammar is incomplete. [RFC5234] notation. By itself, however, this grammar is incomplete.
It refers by name to syntax rules that are defined in [RFC2822] and It refers by name to syntax rules that are defined in [RFC5322] and
[RFC3986]. Rather than reproduce those definitions here, and risk [RFC3986]. Rather than reproduce those definitions here, and risk
unintentional differences between the two, this document refers the unintentional differences between the two, this document refers the
reader to the other documents for the definition of non-terminals. reader to the other documents for the definition of non-terminals.
Implementations MUST understand the "id", "url", and "preference" Implementations MUST understand the "id", "url", and "preference"
attributes. Parameter with unrecognized attributes MUST be ignored. attributes. Parameter with unrecognized attributes MUST be ignored.
The grammar permits unknown parameters to allow for future The grammar permits unknown parameters to allow for future
extensions. Each parameter attribute (e.g., "url") MUST NOT occur extensions. Each parameter attribute (e.g., "url") MUST NOT occur
more than once in any single instance of the OpenPGP field. The more than once in any single instance of the OpenPGP field. The
OpenPGP field itself MAY occur more than once in a single email (for OpenPGP field itself MAY occur more than once in a single email (for
example if the sender has multiple keys). example if the sender has multiple keys).
openpgp = "OpenPGP:" SP o-params CRLF openpgp = "OpenPGP:" o-params CRLF
; CFWS is defined in RFC 2822. ; CFWS is defined in RFC 5322.
; SP and CRLF are defined in RFC 5234. ; CRLF is defined in RFC 5234.
o-params = (o-parameter *(";" o-parameter)) o-params = (o-parameter *(";" o-parameter))
o-parameter = *CFWS "id" "=" id *CFWS o-parameter = *CFWS "id" "=" id *CFWS
/ *CFWS "url" "=" url *CFWS / *CFWS "url" "=" url *CFWS
/ *CFWS "preference" "=" preference *CFWS / *CFWS "preference" "=" preference *CFWS
/ *CFWS parameter *CFWS ; normally unused, for extensions / *CFWS parameter *CFWS ; normally unused, for extensions
; parameter is defined in RFC 2045. ; parameter is defined in RFC 2045.
id = 1*(8HEXDIG) id = 1*(8HEXDIG)
; HEXDIG is defined in RFC 5234. ; HEXDIG is defined in RFC 5234.
; Matching of value is case-insensitive. ; Matching of value is case-insensitive.
url = absoluteURI / quoted-url url = folded-uri / quoted-url
; absoluteURI is defined in RFC 3986.
; If the URL contains the character ";", ; If the URL contains the character ";",
; the quoted-url form MUST be used. ; the quoted-url form MUST be used.
quoted-url = DQUOTE absoluteURI DQUOTE quoted-url = DQUOTE folded-uri DQUOTE
; DQUOTE is defined in RFC 5234. ; DQUOTE is defined in RFC 5234.
folded-uri = <absolute-URI, but free insertion of FWS permitted>
; absoluteURI is defined in RFC 3986.
; FWS is defined in RFC 5234.
preference = "sign" / "encrypt" / "signencrypt" / "unprotected" preference = "sign" / "encrypt" / "signencrypt" / "unprotected"
; Matching of values is case-insensitive. ; Matching of values is case-insensitive.
The folded-URI MAY contain folding whitespace (FWS, [RFC5322]), which
is ignored. To convert a folded-URI to a absolute-URI, first apply
standard [RFC5322] unfolding rules (replacing FWS with a single SP),
and then delete any remaining un-encoded SP characters. Folding may
be used to shorten long lines.
3.1. Primary Key ID field: id 3.1. Primary Key ID field: id
The "id" parameter, if present, MUST hold the Key ID or key The "id" parameter, if present, MUST hold the Key ID or key
fingerprint for the primary key. The value uses the hex [RFC4648] fingerprint for the primary key. The value uses the hex [RFC4648]
notation. The parameter value is case-insensitive. notation. The parameter value is case-insensitive.
The length of the field determines whether it denotes a Key ID (8 hex The length of the field determines whether it denotes a Key ID (8 hex
symbols), a long Key ID (16 hex symbols), a v3 key fingerprint (32 symbols), a long Key ID (16 hex symbols), a v3 key fingerprint (32
hex symbols), or a v4 key fingerprint (40 hex symbols). hex symbols), or a v4 key fingerprint (40 hex symbols).
skipping to change at page 6, line 49 skipping to change at page 7, line 7
the stated preference. the stated preference.
For example: For example:
preference=sign preference=sign
preference=unprotected preference=unprotected
preference=ENCRYPT preference=ENCRYPT
4. Comments 4. Comments
As discussed in section 3.2.3 of RFC 2822, comments may appear in As discussed in section 3.2.2 of RFC 5322, comments may appear in
header field bodies. Comments are not intended to be interpreted by header field bodies. Comments are not intended to be interpreted by
any application, but to provide additional information for humans. any application, but to provide additional information for humans.
The following are examples of OpenPGP fields with comments: The following are examples of OpenPGP fields with comments:
id=B565716F (key stored on non-networked laptop) id=B565716F (key stored on non-networked laptop)
id=12345678 (1024 bit RSA Key for Encrypt or Sign) id=12345678 (1024 bit RSA Key for Encrypt or Sign)
id=ABCD0123 (created Sun Jan 2 02:25:15 CET 2005) id=ABCD0123 (created Sun Jan 2 02:25:15 CET 2005)
5. Examples 5. Examples
skipping to change at page 10, line 16 skipping to change at page 10, line 16
9.1. Normative References 9.1. Normative References
[RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail
Extensions (MIME) Part One: Format of Internet Message Extensions (MIME) Part One: Format of Internet Message
Bodies", RFC 2045, November 1996. Bodies", RFC 2045, November 1996.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and Encoded
Word Extensions:
Character Sets, Languages, and Continuations", RFC 2231,
November 1997.
[RFC2822] Resnick, P., "Internet Message Format", RFC 2822,
April 2001.
[RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform [RFC3986] Berners-Lee, T., Fielding, R., and L. Masinter, "Uniform
Resource Identifier (URI): Generic Syntax", STD 66, Resource Identifier (URI): Generic Syntax", STD 66,
RFC 3986, January 2005. RFC 3986, January 2005.
[RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R. [RFC4880] Callas, J., Donnerhacke, L., Finney, H., Shaw, D., and R.
Thayer, "OpenPGP Message Format", RFC 4880, November 2007. Thayer, "OpenPGP Message Format", RFC 4880, November 2007.
[RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax [RFC5234] Crocker, D. and P. Overell, "Augmented BNF for Syntax
Specifications: ABNF", STD 68, RFC 5234, January 2008. Specifications: ABNF", STD 68, RFC 5234, January 2008.
[RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322,
October 2008.
9.2. Informative References 9.2. Informative References
[RFC0959] Postel, J. and J. Reynolds, "File Transfer Protocol", [RFC0959] Postel, J. and J. Reynolds, "File Transfer Protocol",
STD 9, RFC 959, October 1985. STD 9, RFC 959, October 1985.
[RFC1036] Horton, M. and R. Adams, "Standard for interchange of [RFC1036] Horton, M. and R. Adams, "Standard for interchange of
USENET messages", RFC 1036, December 1987. USENET messages", RFC 1036, December 1987.
[RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP", [RFC2595] Newman, C., "Using TLS with IMAP, POP3 and ACAP",
RFC 2595, June 1999. RFC 2595, June 1999.
skipping to change at page 12, line 4 skipping to change at line 433
Authors' Addresses Authors' Addresses
Atom Smasher Atom Smasher
Email: [email protected] (762A3B98A3C396C9C6B7582AB88D52E4D9F57808) Email: [email protected] (762A3B98A3C396C9C6B7582AB88D52E4D9F57808)
Simon Josefsson Simon Josefsson
Email: [email protected] (0424D4EE81A0E3D119C6F835EDA21E94B565716F) Email: [email protected] (0424D4EE81A0E3D119C6F835EDA21E94B565716F)
Full Copyright Statement
Copyright (C) The IETF Trust (2008).
This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors
retain all their rights.
This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property
The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; nor does it represent that it has
made any independent effort to identify any such rights. Information
on the procedures with respect to rights in RFC documents can be
found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository at
http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at
[email protected].
 End of changes. 20 change blocks. 
32 lines changed or deleted 42 lines changed or added

This html diff was produced by rfcdiff 1.29, available from http://www.levkowetz.com/ietf/tools/rfcdiff/