> On Aug 9, 2016, at 3:08 PM, Viktor Dukhovni <[email protected]> wrote:
>
>>
>> The STARTTLS extension to SMTP [RFC3207] allows SMTP clients and hosts to
>> establish secure SMTP sessions over TLS. In its current form, however, it
>> fails to provide (a) message confidentiality — because opportunistic
>> STARTTLS is subject to downgrade attacks — and (b) server authenticity —
>> because the trust relationship from email domain to MTA server identity is
>> not cryptographically validated.
>
> Replace: allows SMTP clients and hosts to establish secure SMTP sessions over
> TLS.
> With: allows SMTP clients and servers to negotiate the use of a TLS
> channel security.
By the way, feel free to fix obvious errors in my suggested text, e.g. above it
should have been "the use of TLS channel security" not "the use of a TLS
channel security". The extra indefinite article was left over due to an
incomplete edit.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
