Hi, Op 9/29/2017 om 5:54 PM schreef The IESG: > The IESG has received a request from the Using TLS in Applications WG (uta) > to consider the following document: - 'Cleartext Considered Obsolete: Use of > TLS for Email Submission and > Access' > <draft-ietf-uta-email-deep-09.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > [email protected] mailing lists by 2017-10-13. Exceptionally, comments may be > sent to [email protected] instead. In either case, please retain the beginning of > the Subject line to allow automated sorting. > > Abstract > > > This specification outlines current recommendations for use of > Transport Layer Security (TLS) to provide confidentiality of email > traffic between a mail user agent (MUA) and a mail submission or mail > access server. >
I haven't followed the discussions and I hadn't seen this document until I saw this last call. But after reading it, I have one question: what about ManageSieve (RFC5804)? Arguably, it is not a mail submission nor a mail access protocol, but it would be a service (often) operated along with those functions. Most notably, ManageSieve currently only supports STARTTLS and not the implicit TLS prescribed in this document; no well-known port is assigned for that purpose. Therefore, systems supporting ManageSieve along with the protocols mentioned would have a weakness (which could perhaps be used to access the other services as well). It is unlikely that a ManageSieve client would support implicit TLS without some IETF specification. Is that going to be addressed in a separate document? Regards, Stephan. > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-ietf-uta-email-deep/ > > IESG discussion can be tracked via > https://datatracker.ietf.org/doc/draft-ietf-uta-email-deep/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > > > _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
