[Uta] Last Call: (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard

[The IESG]

The IESG has received a request from the Using TLS in Applications WG (uta)
to consider the following document: - 'SMTP MTA Strict Transport Security
(MTA-STS)'
   as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
i...@ietf.org mailing lists by 2018-04-23. Exceptionally, comments may be
sent to i...@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


   SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a
   mechanism enabling mail service providers to declare their ability to
   receive Transport Layer Security (TLS) secure SMTP connections, and
   to specify whether sending SMTP servers should refuse to deliver to
   MX hosts that do not offer TLS with a trusted server certificate.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/ballot/

The following IPR Declarations may be related to this I-D:

   https://datatracker.ietf.org/ipr/2776/





___
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta

Re: [Uta] I-D Action: draft-ietf-uta-smtp-require-tls-02.txt

[Chris Newman]

On 6 Apr 2018, at 16:20, Jim Fenton wrote:

The major change in this version is the removal of the options (CHAIN,
DANE, and DNSSEC) from the REQUIRETLS SMTP option as discussed in
London. There were also inconsistencies in the header field name
(Require-TLS vs. RequireTLS) so I chose the latter.


Although I don't intend to implement this because I don't foresee a use 
case, I reviewed it out of curiosity:


1. Section 4.3 needs to allow use of implicit TLS (RFC 8314) in addition 
to STARTTLS. The submission client would verify the TLS certificate of 
the submission server as documented in RFC 8314.


2. There should be an example showing the SMTP protocol used with the 
REQUIRETLS mail from parameter.


3. The IANA considerations are incomplete. For example, they are missing 
fields required to register in the SMTP mail system response codes 
registry. See RFC 5248. I'm not sure this specifies all the IANA 
registration fields described in RFC 5321 for an SMTP extension. IANA 
considerations are not typically removed during publication.


Architecturally, I see "RequireTLS: No" as potentially useful to work 
around MTA-STS deployment bugs.


I think the text related to bouncing a REQUIRETLS message is highly 
problematic. Metadata related to email is not private due to laws in 
certain jurisdictions and pretending it can be more private than it is 
does a disservice to implementers and users. The mail bounce 
infrastructure is already problematic and this makes that infrastructure 
more complicated; if this were implemented it would increase the chances 
of lost mail and/or the cost of mail system operations. I find both of 
those outcomes objectionable. Even if I decided to implement REQUIRETLS, 
I'd deliberately choose not to implement the entire section about bounce 
processing as presently written (and document that choice as both an 
intentional choice and a good one).


If you want to say something about bounce processing, I believe this is 
the best you can do without making the bounce processing unduly complex:


If a REQUIRETLS message is bounced, the server MUST behave as if 
RET=HDRS was present as described in RFC 3461. If both RET=FULL and 
REQUIRETLS are present, the RET=FULL MUST be disregarded and MAY be 
transformed to RET=HDRS on relay. The SMTP client for a REQUIRETLS 
bounce message MUST use an empty MAIL FROM return-path as required by 
RFC 5321. When the MAIL FROM return-path is empty, the REQUIRETLS 
parameter SHOULD NOT cause a bounce message to be discarded even if the 
next-hop relay does not advertise REQUIRETLS.


- Chris

___
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta