In order to move ahead with the WG last call after a break of eight months
since the previous version, please review the updated version (-02 or -03) and
send your remaining comments ASAP and no later than by the end of day Thu,
March 17. This will allow the authors to submit a revision or revisions (if
needed) before the cutoff day of Mar 21.
Please note that all Open Issues have been removed from the latest versions (02
and 03) because "enough time has passed so not worth waiting for more input ".
The Open Issues are listed below to make sure that everyone is aware and
comfortable with their closure:
o Port 465 is presently used for two purposes: for submissions by a
large number of clients and service providers and for the "urd"
protocol by one vendor. Actually documenting this current state
is controversial as discussed in the IANA considerations section.
However, there is no good alternative. Registering a new port for
submissions when port 465 is widely used for that purpose already
will just create interoperability problems. Registering a port
that's only used if advertised by an SRV record (RFC 6186) would
not create interoperability problems but would require all client
and server deployments and software to change significantly which
is contrary to the goal of promoting more TLS use. Encouraging
use of STARTTLS on port 587 would not create interoperability
problems, but is unlikely to have impact on current undocumented
use of port 465 and makes the guidance in this document less
consistent.
o One author believes that the security latch model is complementary
with draft-ietf-dane-smtp-with-dane-02 but hasn't thought about
the issues in depth. We welcome feedback on this point.
o The two authors of this document and the author of draft-melnikov-
email-tls-certs are willing to merge these two documents.
However, it is undesirable to delay publication of either document
so this will be done only if the latter document is not yet
through IESG processing when this document is ready for the IESG.
o It might make sense to split this in two or more documents if it's
getting too long to evaluate in one IETF last call. In
particular, it might make sense to put implementation requirements
and service provider requirements in separate documents. The
authors prefer to edit one document for now and defer discussion
of splitting the document until all technical issues are resolved.
o The use of SRV records [RFC6186] for account setup or refresh is
presently not secure from DNS active attacks unless DNSSEC is
used. If someone wishes to provide suggested text describing how
to use DANE in this process, the WG can consider adding that text
to this document. Absent suggested text, the editor intends to
leave this issue alone.
Thanks,
Orit.
-----Original Message-----
From: Uta [mailto:[email protected]] On Behalf Of [email protected]
Sent: Thursday, March 10, 2016 10:14 PM
To: [email protected]
Cc: [email protected]
Subject: [Uta] I-D Action: draft-ietf-uta-email-deep-02.txt
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Using TLS in Applications of the IETF.
Title : Deployable Enhanced Email Privacy (DEEP)
Authors : Keith Moore
Chris Newman
Filename : draft-ietf-uta-email-deep-02.txt
Pages : 38
Date : 2016-03-10
Abstract:
This specification defines a set of requirements and facilities
designed to improve email confidentiality between a mail user agent
(MUA) and a mail submission or mail access server. This provides
mechanisms intended to increase use of already deployed Transport
Layer Security (TLS) technology, provide a model for mail user
agent's confidentiality assurance, and enable mail service providers
to advertise improved TLS confidentiality facilities.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-uta-email-deep/
There's also a htmlized version available at:
https://tools.ietf.org/html/draft-ietf-uta-email-deep-02
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-email-deep-02
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
