TOC 
Network Working GroupT. Hansen
Internet-DraftAT&T Laboratories
Updates: 3463, 4468, 4954J. Klensin
(if approved)February 25, 2008
Intended status: Standards Track 
Expires: August 28, 2008 


A Registry for SMTP Enhanced Mail System Status Codes
draft-hansen-4468upd-mailesc-registry-04

Status of this Memo

By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet-Drafts.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as “work in progress.”

The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt.

The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html.

This Internet-Draft will expire on August 28, 2008.

Abstract

The specification for enhanced mail system enhanced status codes, RFC 3463, establishes a new code model and lists a collection of status codes. While it anticipated that more codes would be added over time, it did not provide an explicit mechanism for registering and tracking those codes. This document specifies an IANA registry for mail system enhanced status codes, and initializes that registry with the codes so far established in published standards-track documents, as well as other codes that have become established in the industry.



Table of Contents

1.  Introduction
2.  IANA Considerations
    2.1.  SMTP Enhanced Status Codes Registry
    2.2.  Review Process for New Values
    2.3.  Registration Updates
    2.4.  Initial Values
3.  Security Considerations
4.  Acknowledgements
5.  References
    5.1.  Normative References
    5.2.  Informative References
§  Authors' Addresses
§  Intellectual Property and Copyright Statements




 TOC 

1.  Introduction

Enhanced Status Codes for SMTP were first defined in [RFC1893] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 1996.), subsequently replaced by [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.). While it anticipated that more codes would be added over time (see its Section 2), it did not provide an explicit mechanism for registering and tracking those codes. Since that time, various RFCs have been published and internet drafts proposed that define further status codes. However, without an IANA registry, conflicts in definitions have begun to appear.

This RFC defines such an IANA registry and was written to help prevent further conflicts from appearing in the future. It initializes the registry with the established standards-track enhanced status codes from [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.), [RFC3886] (Allman, E., “An Extensible Message Format for Message Tracking Responses,” September 2004.), [RFC4468] (Newman, C., “Message Submission BURL Extension,” May 2006.) and [RFC4954] (Siemborski, R. and A. Melnikov, “SMTP Service Extension for Authentication,” July 2007.). In addition, several codes are added that were established by various internet drafts and have come into common use, despite the expiration of the documents themselves.

NOTE: The values given in Table 1 below are incomplete. The entries denoted "Not given" should be filled in better. (RFC EDITOR NOTE: Remove this paragraph on publication.)

This document is being discussed on the SMTP mailing list, ietf-smtp@imc.org. (RFC EDITOR NOTE: Remove this paragraph on publication.)



 TOC 

2.  IANA Considerations



 TOC 

2.1.  SMTP Enhanced Status Codes Registry

IANA is directed to create the registry "SMTP Enhanced Status Codes". The Mail Enhanced Status Codes registry will have three tables:

Each entry in the tables will include the following. (The sub-code tables will not have the Associated Basic Status Code entries.)

Code:
The sub-code or enumerated status code, which will be a numeric code consisting of three components, as specified in [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.).
Summary: or Sample Text:
For class and subject sub-codes, this is the summary of the use for the sub-code shown in section 2 of [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.). For enumerated status codes, this is an example of a message that might be sent along with the code.
Associated Basic Status Code:
For enumerated status codes, the basic status code(s) of [RFC2821] (Klensin, J., “Simple Mail Transfer Protocol,” April 2001.) with which it is usually associated. This may also have a value such as "Any" or "Not given". NOTE: This is a non-exclusive list.
Description:
A short description of the code.
Defined:
A reference to the document in which the code is defined. This reference should note whether the relevant specification is standards-track or not using "(Standards track)" or "(Not standards track)".
Submitter:
The identity of the submitter, usually the document author.
Change Controller:
The identity of the change controller for the specification. This will be "IESG" in the case of IETF-produced documents.

An example of an entry in the enumerated status code table would be:

Code:
X.0.0
Sample Text:
Other undefined Status
Associated basic status code:
Any
Description:
Other undefined status is the only undefined error code. It should be used for all errors for which only the class of the error is known.
Defined:
RFC 3463. (Standards track)
Submitter:
G. Vaudreuil
Change controller:
IESG.



 TOC 

2.2.  Review Process for New Values

Entries in this registry are expected to follow the "Specification Required" model ([RFC2434] (Narten, T. and H. Alvestrand, “Guidelines for Writing an IANA Considerations Section in RFCs,” October 1998.)) although, in practice, most entries are expected to derive from standards-track documents. Non-standards-track documents that specify codes to be registered should be readily available. The principal purpose of this registry is to avoid confusion and conflicts among different definitions or uses for the same code.

The procedures from [RFC4020] (Kompella, K. and A. Zinin, “Early IANA Allocation of Standards Track Code Points,” February 2005.) may be followed to pre-allocate an Enhanced Status Code before final publication of an internet draft.



 TOC 

2.3.  Registration Updates

Standards-track registrations may be updated if the relevant standards are updated as a consequence of that action. Non-standards-track entries may be updated by the listed responsible party. Only the entry's short description or references may be modified in this way, not the code or associated text. In exceptional cases, any aspect of any registered entity may be updated at the direction of the IESG (for example, to correct a conflict).



 TOC 

2.4.  Initial Values

The initial values for the class and subject sub-code tables are to be populated from section 2 of [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.). Specifically, these are the values for 2.X.XXX, 4.X.XXX and 5.X.XXX for the class sub-code table, and the values X.0.XXX, X.1.XXX, X.2.XXX, X.3.XXX, X.4.XXX, X.5.XXX, X.6.XXX and X.7.XXX for the subject sub-code table. The code, sample text and description for each entry are to be taken from [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.). Each entry is to be designated as defined in [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.), submitted by G. Vaudreuil, and change controlled by IESG. There are no associated basic status code values for the class and subject sub-code tables.

The initial values for the enumerated status code table is to be populated from:

  1. sections 3.1 through 3.8 of [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.), (X.0.0, X.1.0 through X.1.8, X.2.0 through X.2.4, X.3.0 through X.3.5, X.4.0 through X.4.7, X.5.0 through X.5.5, X.6.0 through X.6.5, and X.7.0 through X.7.7)
  2. section 3.3.4 of [RFC3886] (Allman, E., “An Extensible Message Format for Message Tracking Responses,” September 2004.) (X.1.9),
  3. X.6.6 found in section 5 of [RFC4468] (Newman, C., “Message Submission BURL Extension,” May 2006.),
  4. and X.5.6, X.7.8, X.7.9, X.7.11 and X.7.12, found in section 6 of [RFC4954] (Siemborski, R. and A. Melnikov, “SMTP Service Extension for Authentication,” July 2007.).

Each entry is to be designated as defined in the corresponding RFC, submitted by the corresponding RFC author, and change controlled by the IESG. Each of the above RFCs is a standards track document.

The initial values for the Associated Basic Status Code for each of the above initial enhanced status codes is given in the following table.

NOTE: This table is incomplete. The entries denoted "Not given" should be filled in better. (RFC EDITOR NOTE: Remove this note on publication.)



Enh. Status CodeAssoc. Basic Status CodeEnh. Status CodeAssoc. Basic Status CodeEnh. Status CodeAssoc. Basic Status Code
X.0.0 Any X.1.0 Not given X.1.1 451, 550
X.1.2 Not given X.1.3 501 X.1.4 Not given
X.1.5 250 X.1.6 Not given X.1.7 Not given
X.1.8 451, 501 X.2.0 Not given X.2.1 Not given
X.2.2 552 X.2.3 552 X.2.4 450, 452
X.3.0 221, 250, 421, 451, 550, 554 X.3.1 452 X.3.2 453
X.3.3 Not given X.3.4 552, 554 X.3.5 Not given
X.4.0 Not given X.4.1 451 X.4.2 421
X.4.3 451, 550 X.4.4 Not given X.4.5 451
X.4.6 Not given X.4.7 Not given X.5.0 220, 250, 251, 252, 253, 451, 452, 454, 458, 459, 501, 502, 503, 554
X.5.1 430, 500, 501, 503, 530, 550, 554, 555 X.5.2 500, 501, 502, 550, 555 X.5.3 451
X.5.4 451, 501, 502, 503, 504, 550, 555 X.5.5 Not given X.5.6 500
X.6.0 Not given X.6.1 Not given X.6.2 Not given
X.6.3 554 X.6.4 250 X.6.5 Not given
X.6.6 554 X.7.0 220, 235, 450, 454, 500, 501, 503, 504, 530, 535, 550 X.7.1 451, 454, 502, 503, 533, 550, 551
X.7.2 550 X.7.3 Not given X.7.4 504
X.7.5 Not given X.7.6 Not given X.7.7 Not given
X.7.8 535, 554 X.7.9 534 X.7.11 524, 538

X.7.12 422, 432
 Table 1 

The following additional definitions are to be registered in the enumerated status code table. These entries have been used in the industry without any published specification. (RFC EDITOR NOTE: change XXXX below to this document's RFC number.)

Code:
X.7.10
Sample Text:
Encryption Needed
Associated basic status code:
523
Description:
This indicates that external strong privacy layer is needed in order to use the requested authentication mechanism. This is primarily intended for use with clear text authentication mechanisms. A client which receives this may activate a security layer such as TLS prior to authenticating, or attempt to use a stronger mechanism.
Defined:
RFC XXXX. (Standards track)
Submitter:
T. Hansen, J. Klensin
Change controller:
IESG.

Code:
X.7.13
Sample Text:
User Account Disabled
Associated basic status code:
525
Description:
Sometimes a system administrator will have to disable a user's account (e.g., due to lack of payment, abuse, evidence of a break-in attempt, etc). This error code occurs after a successful authentication to a disabled account. This informs the client that the failure is permanent until the user contacts their system administrator to get the account re-enabled. It differs from a generic authentication failure where the client's best option is to present the passphrase entry dialog in case the user simply mistyped their passphrase.
Defined:
RFC XXXX. (Standards track)
Submitter:
T. Hansen, J. Klensin
Change controller:
IESG.

Code:
X.7.14
Sample Text:
Trust relationship required
Associated basic status code:
535, 554
Description:
The submission server requires a configured trust relationship with a third-party server in order to access the message content. This value replaces the prior use of X.7.8 for this error condition. thereby updating [RFC4468] (Newman, C., “Message Submission BURL Extension,” May 2006.).
Defined:
RFC XXXX. (Standards track)
Submitter:
T. Hansen, J. Klensin
Change controller:
IESG.



 TOC 

3.  Security Considerations

As stated in [RFC1893] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 1996.), use of enhanced status codes may disclose additional information about how an internal mail system is implemented beyond that available through the SMTP status codes.

Many proposed additions to the response code list are security related. Having these registered in one place to prevent collisions will improve their value. Security error responses can leak information to active attackers (e.g., the distinction between "user not found" and "bad password" during authentication). Documents defining security error codes should make it clear when this is the case so SMTP server software subject to such threats can provide appropriate controls to restrict exposure.



 TOC 

4.  Acknowledgements

While the need for this registry should have become clear shortly after [RFC3463] (Vaudreuil, G., “Enhanced Mail System Status Codes,” January 2003.) was approved, the growth of the code table through additional documents and work done as part of email internationalization and [RFC2821] (Klensin, J., “Simple Mail Transfer Protocol,” April 2001.) updating efforts made the requirement much more clear. The comments of the participants in those efforts are gratefully acknowledged, particularly the members of the ietf-smtp@imc.org mailing list. Chris Newman and Randy Gellens provided useful comments and some text for early versions of the document.



 TOC 

5.  References



 TOC 

5.1. Normative References

[RFC3463] Vaudreuil, G., “Enhanced Mail System Status Codes,” RFC 3463, January 2003 (TXT).
[RFC2821] Klensin, J., “Simple Mail Transfer Protocol,” RFC 2821, April 2001 (TXT).
[RFC3886] Allman, E., “An Extensible Message Format for Message Tracking Responses,” RFC 3886, September 2004 (TXT).
[RFC4020] Kompella, K. and A. Zinin, “Early IANA Allocation of Standards Track Code Points,” BCP 100, RFC 4020, February 2005 (TXT).
[RFC4468] Newman, C., “Message Submission BURL Extension,” RFC 4468, May 2006 (TXT).
[RFC4954] Siemborski, R. and A. Melnikov, “SMTP Service Extension for Authentication,” RFC 4954, July 2007 (TXT).


 TOC 

5.2. Informative References

[RFC1893] Vaudreuil, G., “Enhanced Mail System Status Codes,” RFC 1893, January 1996 (TXT).
[RFC2434] Narten, T. and H. Alvestrand, “Guidelines for Writing an IANA Considerations Section in RFCs,” BCP 26, RFC 2434, October 1998 (TXT, HTML, XML).


 TOC 

Authors' Addresses

  Tony Hansen
  AT&T Laboratories
  200 Laurel Ave.
  Middletown, NJ 07748
  USA
Email:  tony+mailesc@maillennium.att.com
  
  John C Klensin
  1770 Massachusetts Ave, Ste 322
  Cambridge, MA 02140
  USA
Phone:  +1 617 245 1457
Email:  john+ietf@jck.com


 TOC 

Full Copyright Statement

Intellectual Property