Re: [ietf-822] utf8 messages

[Brandon Long <blong@google.com>]

On Mon, Aug 11, 2014 at 4:08 PM, Ned Freed <ned.freed@mrochek.com> wrote:

> > In our recent launch of support for EAI, we noticed an issue with 6532
> > "utf8" messages.
>
> > As near as I can tell, there is nothing about a 6532 message which tells
> > you it is such a message... except the existence of 8bit characters in
> the
> > headers.  Ie, 7bit -> 5322, 8bit -> 6532.
>
> Sure there is: The smtputf8 flag in the envelope and/or utf8 flag in the
> IMAP
> metadata is what tells you that the message is in RFC 6532 format.
>
> It's true that there's no explicit indicator in the message content. There
> doesn't need to be, and since you have to have the indicator in the
> envelope
> and in the message metadata, putting it in both places just creates the
> possibility of a silly state.
>
> The basic theory of operation of EAI is if decide to submit an RFC 6532
> message, you do so with the SMTPUTF8 extension engaged. If you decide to
> APPEND
> it to an IMAP folder, you do so with the utf8 data extension engaged. Same
> thing if you decide to use CATENATE to create the message. This tells
> whicever
> server that the message is in fact in RFC 6532 format so it can keep track
> of
> that fact.
>
> EAI only allows for the transport and movement of RFC 6532 messages if the
> necessary extensions are present. If they aren't, the message cannot be
> transferred or moved.
>
> The only time a RFC 6532 message can escape the EAI world is inside of a
> DSN,
> and in that case a message/global wrapper provides the indicator.
>
> It is, or is supposed to be, a sealed system implemented as a set of
> interlocking extensions to existing email facilities.
>

So, if I have an "email" message, I can no longer just parse it.  Instead,
there are actually two
types of email messages, and the only way to know how to parse it is to
know a priori which type it is.
Because all systems are "sealed" and there's never any leakage.

As for just check for 8 bit messages... on to the next part.

> Our problem is that this isn't actually true in practice.  Prior to
> > launching support for 6532 messages, we've already had to support
> > widespread use of 8bit messages that were not always in utf8.  Since
> these
> > typically didn't specify which charset they were in, we used a variety of
> > techniques including direct charset detection on such messages.
>
> It depends on what you mean by "8bit message". If you mean messages with
> 8bit
> in the body data, then sure, that's fully standard and widespread.
>
> But 8bit of any sort in a header at any level was a standards violation
> prior
> to RFC 6532. And since there are many 8bit charsets, and telling them
> apart is
> in general impossible (although intelligent guesses can be made) without
> labeling (which implies conversion to 7bit), this was never a terribly
> interoperable thing to be doing from day 1.
>

Yes, it wasn't a great idea.  Apparently, strict adherence to spec was not
a strong concern from the non-English speaking world.  And, this worked
fine before "global" services, such that local sites would just assume
local charsets for these broken messages.  We've had to do auto-detection
on messages for quite a while, and yes, its sometimes broken.

Last time we looked, it was 2% of the email in the subset we checked.

> The problem we're having with 6532 messages, is that we moved from
> > explicitly identified charsets via 2047/etc mechanisms, to "its just
> > utf8"... and sometimes we mis-detect the utf8 as cp1250 or other
> encodings.
>
> No message created prior to the release of support for RFC 6532 can be
> assumed
> to be a RFC 6532 message. Now, if you want to vet those messages using some
> sort of process to insure such a message meets the syntax and at least
> looks
> semantically sensible, then I suppose you could set the flag in the
> metadata.
>
> But if you can't distinguish such messages from legitimate RFC 6532
> created and
> submitted by compliant clients, it sounds to me like you're not retaining a
> really critical piece of envelope/metadata in your implementation.
>

Yes.  And the most obvious place for that information, to me, is in the
headers of the message.  Assuming that every mechanism for exchanging email
messages needs an explicit external piece of data...

Is there a separate three letter filename extension for 6532 messages, for
example? (for platforms which use such things).


> > This would all be solved if 6532 messages were actually denoted as such,
> > and I recall seeing at least one such X header used by another service
> > we've been interoperability testing with:
> > X-CM-HeaderCharset: UTF-8
> > CM no doubt standing for CoreMail, which is the software used:
> > X-Mailer: Coremail Webmail Server Version XT3.0.4 build
> >  20140526(27182.6409.6185) Copyright (c) 2002-2014 www.mailtech.cn
> coremail
>
> Say what? This solves nothing, since nobody else is going to bother doing
> this,
> and creates unnecessary silly states.
>
> Legitimate RFC 6532 messages are, or should be, labeled, and the label
> should be carried along with the message as it moves around.
>
> I suppose if you wanted to you could make the label manifest as a header
> field in the stored copy. You could even write a specification for such
> a header, but you won't be able to count on its presence.
>

[snip]


> > Now, as hinted at in the consensus to remove such a marker from the
> draft,
> > we can certainly add such a header when composing 6532 messages or when
> we
> > receive any message via SMTPUTF8 for our own utility, but I would think
> > there would be some utility in such a marker being mutually understood
> and
> > shared.
>
> Please don't. This is the sort of thing that wrecks standards.


So, its ok to write a specification to have such a header but doing so
wrecks standards?

Or are you saying it would be fine for us to have such a header, but not to
leak it?

Brandon