Re: [Uta] I-D Action: draft-ietf-uta-smtp-require-tls-03.txt

Fri, 22 Jun 2018 11:38:43 -0700 

This revision is to address comments from Chris Newman in early April:

- More complete IANA considerations for new registry entries
- Different wording (and somewhat different semantics) for handling of bounce messages where the return-path doesn't provide REQUIRETLS support. It's now somewhat more liberal on sending bounce messages in this situation, at the cost of possibly leaking header information if the bounce message is intercepted in transit.
Any and all other reviews welcomed. We won't be having a UTA WG meeting in Montréal, but I will be there if anyone would like to have a hallway conversation. 

-Jim


On 6/22/18 11:29 AM, [email protected] wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Using TLS in Applications WG of the IETF.

         Title           : SMTP Require TLS Option
         Author          : Jim Fenton
        Filename        : draft-ietf-uta-smtp-require-tls-03.txt
        Pages           : 15
        Date            : 2018-06-22

Abstract:
    The SMTP STARTTLS option, used in negotiating transport-level
    encryption of SMTP connections, is not as useful from a security
    standpoint as it might be because of its opportunistic nature;
    message delivery is, by default, prioritized over security.  This
    document describes an SMTP service extension, REQUIRETLS, and message
    header field, RequireTLS.  If the REQUIRETLS option or RequireTLS
    message header field is used when sending a message, it asserts a
    request on the part of the message sender to override the default
    negotiation of TLS, either by requiring that TLS be negotiated when
    the message is relayed, or by requesting that recipient-side policy
    mechanisms such as MTA-STS and DANE be ignored when relaying a
    message for which security is unimportant.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-uta-smtp-require-tls/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-03
https://datatracker.ietf.org/doc/html/draft-ietf-uta-smtp-require-tls-03

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-smtp-require-tls-03


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta


_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta

Reply via email to