This revision incorporates comments, primarily corrections, that were
received during Working Group Last Call.
Two significant comments were not addressed because of lack of direction
from the Working Group:
- Suggestion from Viktor Dukhovni that DANE or MTA-STS be required for
recipient domains when REQUIRETLS is specified:
https://www.ietf.org/mail-archive/web/uta/current/msg02712.html
https://www.ietf.org/mail-archive/web/uta/current/msg02713.html
- Suggestion from external reviewer that use of REQUIRETLS be noted in
Received header fields:
https://www.ietf.org/mail-archive/web/uta/current/msg02720.html
-Jim
On 9/26/18 2:32 PM, internet-dra...@ietf.org wrote:
A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Using TLS in Applications WG of the IETF.
Title : SMTP Require TLS Option
Author : Jim Fenton
Filename : draft-ietf-uta-smtp-require-tls-04.txt
Pages : 15
Date : 2018-09-26
Abstract:
The SMTP STARTTLS option, used in negotiating transport-level
encryption of SMTP connections, is not as useful from a security
standpoint as it might be because of its opportunistic nature;
message delivery is, by default, prioritized over security. This
document describes an SMTP service extension, REQUIRETLS, and message
header field, RequireTLS. If the REQUIRETLS option or RequireTLS
message header field is used when sending a message, it asserts a
request on the part of the message sender to override the default
negotiation of TLS, either by requiring that TLS be negotiated when
the message is relayed, or by requesting that recipient-side policy
mechanisms such as MTA-STS and DANE be ignored when relaying a
message for which security is unimportant.
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-uta-smtp-require-tls/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-04
https://datatracker.ietf.org/doc/html/draft-ietf-uta-smtp-require-tls-04
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-smtp-require-tls-04
Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta