Email Protective Marking Standard for the Australian Government

More documents

Recommendations

Info

2.6 Internet Message Header ExtensionIn this syntax the protective marking is carried as a custom Internet Message HeaderExtension “X-Protective-Marking”.• This approach is a more sophisticated technique that is an extension of the Subjectfield syntax. It is designed for construction and parsing by email agents (clients,gateways and servers) as they have access to Internet message headers. In thisway a richer syntax can be used and email agents can perform more complexhandling based on the protective marking.2.7 Syntax Precedence and QuantitiesBoth techniques MAY be used in a single email message so long as the protectivemarking is consistent across both.When a message contains both forms of the protective marking, information in the “X-Protective-Marking” SHALL take precedence over that in the Subject field.As per RFC2882, an Internet email message can have at most one Subject field.A message conforming to this Standard MUST contain at most one “X-Protective-Marking” field.An email protective marking writer SHALL allow no more than one email protectivemarking in the subject line.2.7.1 Non-Compliant MarkingsWhen a reader encounters an email with multiple protective markings in aSubject line, precedence SHALL be given to the first protective marking in thesubject line. "First" means "leftmost" when reading left-to-right.2.8 Size of Protective MarkingThe protective marking, in either Subject or Internet Message Header Extension form,MUST NOT exceed a length of 8192 ASCII characters.• In principle, a protective marking may contain a number of DLMs/caveats. Thiscould provide a means for attackers to cause resource exhaustion on receivingagents. In practice, the length of protective marking will be bounded to somereasonable size which accommodates all current and future possible values. Thesize constraint given here should accommodate such values and thus minimiseavenues of attack.2.9 Syntax DefinitionsThe syntax for each protective marking is defined using two methods. A modifiedregular expression syntax using a format derived from script language regularexpressions and a formal syntax using the Augmented Backus-Naur Form (ABNF)notation as used by RFC2822.If there are any ambiguities arising from the two syntaxes then the ABNF syntax SHALLbe definitive.10
2.10 Regular Expression DefinitionThe modified regular expression syntax of the protective marking, when it appears inthe Subject field, is:[(SEC=|DLM=|SEC=,DLM=)(, CAVEAT=:)*(,EXPIRES=(|), DOWNTO=)?]The modified regular expression syntax of the protective marking, when it appears asan Internet Message Header Extension is:X-Protective-Marking: VER=, NS=gov.au,(SEC=|DLM=|SEC=,DLM=)(, CAVEAT=:)*(,EXPIRES=(|), DOWNTO=)?(,NOTE=)?, ORIGIN=For both of the above definitions:• ( )? delimits an optional element that MAY appear only once if used; the bracketsand question mark do not actually appear if element is used.• ( )* delimits an optional element that MAY be repeated any number of times; thebrackets and star symbol do not actually appear if element is used.• denotes the variable value of an element; the angle brackets do not actuallyappear if the value is present. Any character in text may be preceded with ‘\’; thefollowing characters must be preceded with ‘\’: ‘\’ and ‘,’ only printable charactersare permitted (see ABNF definitions for more detail).• (a|b) denotes an OR option whether either a or b can be used, but not both. Thebrackets and bar symbol do not actually appear if element is used.• The order of elements shown here is important – elements, if present, MUSTappear in the order specified.• Field names and values are case-sensitive.• The security classification value used with the DOWNTO tag MUST be less thanthat of the SEC tag. The hierarchy of security classifications is outlined in theAustralian Government security classification system.• corresponds to the Australian Government securityclassification system and two additional markings introduced specifically for emailmessages, and is one of:o UNOFFICIAL 4o UNCLASSIFIED 5o PROTECTEDo CONFIDENTIALo SECRETo TOP-SECRET4 UNOFFICIAL is not a security classification marking in the Australian Government security classification system. It is included in this Standard toallow those agencies that choose to use it a way of distinguishing non work-related email on their systems.5 UNCLASSIFIED is not a security classification in the Australian Government security classification system. It is included in this Standard in orderto allow agencies to recognise work-related emails that do not carry a security classification or other protective marking.11
Page 1 and 2: Email Protective Marking Standardfo
Page 3 and 4: AbstractThis Standard defines the f
Page 5 and 6: Changes from Version 1.0 26Changes
Page 7 and 8: 1.2 AudienceThis Standard is intend
Page 9: 2.4 NamespaceThe protective marking
Page 13 and 14: Values for DLMs that may be conditi
Page 15 and 16: NS appears in the Internet Message
Page 17 and 18: 2.11.1 Base tokenscomma-FWS = "," F
Page 19 and 20: 2.11.6 Caveat rulescaveat-tag = %d6
Page 21 and 22: 2.11.13 Version rulesversion-tag =
Page 23 and 24: 4. GlossaryThese definitions have b
Page 25 and 26: 5. Appendix AA5.1 Change LogThis is
Page 27 and 28: Changes from 2005.3Specified Intern
Page 29 and 30: 6. Appendix B6.1 ExamplesFor the sa
Page 32: A message containing SECRET informa

Email Protective Marking Standard for the Australian Government

Create successful ePaper yourself

Delete template?

Save as template?