Validate additional_header_fields according to RFC-5322

[mangusm]

According to RFC5322:

Header fields are lines beginning with a field name, followed by a colon (":"), followed by a field body, and terminated by CRLF.
A field name MUST be composed of printable US-ASCII characters (i.e., characters that have values between 33 and 126, inclusive), except colon.

The validation of additional_header_fields as a DictionaryProperty is comparatively very restrictive:

cti-python-stix2/stix2/properties.py

Lines 414 to 419 in 6dd83fa

	if not re.match(r"^[a-zA-Z0-9_-]+$", k):
	msg = (
	"contains characters other than lowercase a-z, "
	"uppercase A-Z, numerals 0-9, hyphen (-), or "
	"underscore (_)"
	)

Expected Behavior

From the STIX 2.1 docs:

The Email Message object represents an instance of an email message, corresponding to the internet message format described in [RFC5322] and related RFCs.

additional_header_fields accepts header field names that are valid according to the RFC.

Actual Behavior

mangus:~$ pip show stix2
Name: stix2
Version: 3.0.1
Summary: Produce and consume STIX 2 JSON content
Home-page: https://oasis-open.github.io/cti-documentation/
Author: OASIS Cyber Threat Intelligence Technical Committee
Author-email: cti-users@lists.oasis-open.org
License: BSD
Location: /home/mangus/.pyenv/versions/3.13.3/lib/python3.13/site-packages
Requires: pytz, requests, simplejson, stix2-patterns
Required-by:
mangus@:~$ python
Python 3.13.3 (main, Apr 25 2025, 09:16:04) [GCC 13.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import stix2
>>> stix2.EmailMessage(is_multipart=False, subject='hello', additional_header_fields={"a.valid.header": "test"})
stix2.exceptions.InvalidValueError: Invalid value for EmailMessage 'additional_header_fields': Invalid dictionary key a.valid.header: (contains characters other than lowercase a-z, uppercase A-Z, numerals 0-9, hyphen (-), or underscore (_)).

[chisholm]

Interesting. The additional_header_fields property is of type dictionary, and the spec has requirements on dictionary keys:

Dictionary keys MUST be unique in each dictionary, MUST be in ASCII, and are limited to the characters a-z (lowercase ASCII), A-Z (uppercase ASCII), numerals 0-9, hyphen (-), and underscore (_). Dictionary keys MUST be no longer than 250 ASCII characters in length and SHOULD be lowercase.

https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.html#_f6e8afjdtrse

That's why the library is enforcing dictionary keys as it is. Maybe it's a bit of a spec inconsistency, although the spec only says additional_header_fields keys "SHOULD" be a case-preserved version of the header field name. So maybe this is the only thing the implementation can do, and be in compliance with the musts and shoulds.

[emaes]

We were getting header keys that contained "." that was causing the error to occur.

Examples:

• imanage.sendandfile.filinglocations
• imanage.sendandfile.filinglocations.firmid

In addition to the usual keys of:

• Accept-Language
• X-MS-Has-Attach