Hi all,
Here are a few remarks:
5.1. Email Security Tags
Each security latch is given a name known as an email security tag.
An email security tag is a short alphanumeric token that represents a
security facility that can be used by an IMAP, POP or SMTP Submission
session. When a server advertises a security tag it is making a
commitment to support that security facility indefinitely and
recommending that the client save that security tag with the account
configuration and require that security feature for future
connections to that server.
=> Does it mean that if a server advertises both "tls11" and "tls12",
and one day TLS 1.1 is declared insecure and its support is deactivated
on the server, "tls11" will still be mandatory to advertise even though
only TLS 1.2 is available?
If I understand well how security tags work, "tls11" will always be
advertised if "tls12" is. So why bother to advertise "tls11"?
When TLS 1.3 has been standardized, will it mean that "tls11", "tls12"
and "tls13" will all be advertised and latched?
I don't see the point in having such redundancy.
10.6. Advertisement of DEEP status
MSPs SHOULD advertise a DEEP status that includes tls11, tls-cert and
an HTTPS URL that can be used to inform clients of service outages or
problems impacting client confidentiality. Note that advertising
tls-cert is a commitment to maintain and renew server certificates.
=> Couldn't tls12 also be advertised?
11.1. Security Tag Registry
IANA shall create (has created) the registry "Email Security Tags".
=> In order not to duplicate registries in the future, couldn't the IANA
registry be named "Security Tags" or "Security Tags in Applications"
instead of "Email Security Tags"? This way, any protocol could benefit
of the available security tags instead of having to ask for yet another
registry.
--
Julien ÉLIE
« L'atour est fiel aux Huns valides. »
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
