On 29 Sep 2017, at 11:34, Stephan Bosch wrote:
Hi,
Op 9/29/2017 om 5:54 PM schreef The IESG:
The IESG has received a request from the Using TLS in Applications WG
(uta)
to consider the following document: - 'Cleartext Considered Obsolete:
Use of
TLS for Email Submission and
Access'
<draft-ietf-uta-email-deep-09.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits
final
comments on this action. Please send substantive comments to the
[email protected] mailing lists by 2017-10-13. Exceptionally, comments
may be
sent to [email protected] instead. In either case, please retain the
beginning of
the Subject line to allow automated sorting.
Abstract
This specification outlines current recommendations for use of
Transport Layer Security (TLS) to provide confidentiality of email
traffic between a mail user agent (MUA) and a mail submission or
mail
access server.
I haven't followed the discussions and I hadn't seen this document
until
I saw this last call. But after reading it, I have one question: what
about ManageSieve (RFC5804)? Arguably, it is not a mail submission nor
a
mail access protocol, but it would be a service (often) operated along
with those functions. Most notably, ManageSieve currently only
supports
STARTTLS and not the implicit TLS prescribed in this document; no
well-known port is assigned for that purpose. Therefore, systems
supporting ManageSieve along with the protocols mentioned would have a
weakness (which could perhaps be used to access the other services as
well). It is unlikely that a ManageSieve client would support implicit
TLS without some IETF specification.
Is that going to be addressed in a separate document?
We choose not to specifically mention less widely used protocols in this
space such as manage sieve (RFC 5804) and MTQP (RFC 3887) to keep the
document concise. But section 4 & 5 have catch-all language which covers
these protocols.
- Chris
Regards,
Stephan.
The file can be obtained via
https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Duta-2Demail-2Ddeep_&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=QBZgPENFbjFadxqU4HJ3ZDpRz3X1JlDY-keqMt52FFo&m=tLH8lmlu0cQavkNgSBfaMxleT-TVp1GxhPyb2Mtq7wc&s=jHtWApWkrUxoPy6YHnpRCEhQgbAd-QHULEzPCRuzMTo&e=
IESG discussion can be tracked via
https://urldefense.proofpoint.com/v2/url?u=https-3A__datatracker.ietf.org_doc_draft-2Dietf-2Duta-2Demail-2Ddeep_ballot_&d=DwIFaQ&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=QBZgPENFbjFadxqU4HJ3ZDpRz3X1JlDY-keqMt52FFo&m=tLH8lmlu0cQavkNgSBfaMxleT-TVp1GxhPyb2Mtq7wc&s=1d8Y1OB22fSwqQcTpVPBXgRJojnPNhR-CxF6HFNHsZQ&e=
No IPR declarations have been submitted directly on this I-D.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
