Hi,
here is my review of the document.
The draft is well written, however I found few places where it could be
improved.
1. Section 2:
In the following para:
In order to specify REQUIRETLS treatment for a given message, the
REQUIRETLS option is specified on the MAIL FROM command when that
message is transmitted. This option MUST only be specified in the
context of an SMTP session meeting the security requirements that
have been specified:
The last sentence uses uppercase MUST, while in fact using MUST NOT is more
appropriate giving the meaning of the sentence. I.e. "This option MUST NOT be
specified unless all the following requirements are met in the context of SMTP
session:"
And in the following list I believe using uppercase words is unnecessary,
since they described not a protocol (REQUIRETLS) behavior, but
the requirements for REQUIRETLS to be used. I suggest changing
those MUSTs to lowercase.
o The session itself MUST employ TLS transmission.
o The certificate presented by the SMTP server MUST either verify
successfully in a trust chain leading to a certificate trusted by
the SMTP client or it MUST verify succesfully using DANE as
specified in RFC 7672 [RFC7672]. For trust chains, the choice of
trusted (root) certificates is at the discretion of the SMTP
client.
o Following the negotiation of STARTTLS, the SMTP server MUST
advertise in the subsequent EHLO response that it supports
REQUIRETLS.
2. I also have a question regarding the last bullet above - why advertising
REQUIRETLS is linked with negotiation of STARTTLS?
It is my understanding that TLS session may be established
without negotiation STARTTLS (as recommended by RFC8314),
so why the last bullet doesn't say just: "The SMTP server must
advertise in the EHLO response that it supports REQUIRETLS"?
Am I missing something here? The same question is applicable
to the first para in Section 4.3, where STARTTLS and REQUIRETLS are
also logically linked.
(and note a typo in a second bullet above: s/succesfully/successfully)
3. Section 8.1.
REQUIRETLS is generally effective against passive attackers who are
merely trying to eavesdrop on an SMTP exchange between an SMTP client
and server. This assumes, of course, the cryptographic integrity of
the TLS connection being used.
I assume that it is encryption (and not an integrity) that protects
messages confidentiality against passive eavesdroppers, doesn't it?
Regards,
Valery.
> Hi,
>
> this message starts extended 4-week Workgroup Last Call for
> <draft-ietf-uta-smtp-require-tls-03> "SMTP Require TLS Option".
> The WGLC will end on August 15th. Please, review the document
> (especially if you promised to do it earlier).
>
> Regards,
> Leif & Valery.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
