In addition to the comment from Viktor a couple of weeks ago, I received
a suggestion off-list the other day that is worthy of discussion. The
submitter did not want to join the mailing list but did agree to the
terms of the Note Well.
The suggestion:
I had the idea, that it would be useful to see the status of the
requested REQUIRETLS service level in the "Received" trace header,
which is inserted by the MTA using simple comments. Having this, you
could see at which point in message flow the REQUIRETLS was inserted
(and lost), as well as detection of mis-behaving MTAs. And it gives
the recipient of such a message more confidence because he can see
what really happened. For this purpose, adding such information into
the trace header must be mandatory for each MTA supporting Require TLS.
Examples:
Received: from example.com (example.com [127.0.0.1])
by relay.com (Postfix) with ESMTP
(using REQUIRETLS)
for<[email protected]>; Thu, 6 Sep 2018 11:46:34 +0200 (CEST)
or
Received: from example.com (example.com [127.0.0.1])
by relay.com (Postfix) with ESMTP
(using RequireTLS:No)
for<[email protected]>; Thu, 6 Sep 2018 11:46:34 +0200 (CEST)
These strings should be well-defined by RFC.
I am under the impression that the contents of the Received header field
are (in practice, at least) somewhat ad hoc, at least with respect to
transport characteristics like the use of TLS. So I'm not sure how
well-defined these can be, but we could at least suggest the annotation
of whether the message was received with the RequireTLS option included.
This would be primarily for diagnostic purposes, because of course any
MTA along the path could falsify that information.
I'm less convinced of the value in the RequireTLS:no case, because that
is already expressed in a header field, and there isn't any
characteristic of the incoming SMTP session to note.
Any other thoughts on whether this would be a valuable addition?
-Jim
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
