Re: [Uta] I-D Action: draft-ietf-uta-smtp-require-tls-04.txt

Wed, 26 Sep 2018 14:42:02 -0700

This revision incorporates comments, primarily corrections, that were received during Working Group Last Call.
Two significant comments were not addressed because of lack of direction from the Working Group: 


- Suggestion from Viktor Dukhovni that DANE or MTA-STS be required for 
recipient domains when REQUIRETLS is specified:


https://www.ietf.org/mail-archive/web/uta/current/msg02712.html
https://www.ietf.org/mail-archive/web/uta/current/msg02713.html


- Suggestion from external reviewer that use of REQUIRETLS be noted in 
Received header fields:


https://www.ietf.org/mail-archive/web/uta/current/msg02720.html


-Jim


On 9/26/18 2:32 PM, internet-dra...@ietf.org wrote:

A New Internet-Draft is available from the on-line Internet-Drafts directories.
This draft is a work item of the Using TLS in Applications WG of the IETF.

         Title           : SMTP Require TLS Option
         Author          : Jim Fenton
        Filename        : draft-ietf-uta-smtp-require-tls-04.txt
        Pages           : 15
        Date            : 2018-09-26

Abstract:
    The SMTP STARTTLS option, used in negotiating transport-level
    encryption of SMTP connections, is not as useful from a security
    standpoint as it might be because of its opportunistic nature;
    message delivery is, by default, prioritized over security.  This
    document describes an SMTP service extension, REQUIRETLS, and message
    header field, RequireTLS.  If the REQUIRETLS option or RequireTLS
    message header field is used when sending a message, it asserts a
    request on the part of the message sender to override the default
    negotiation of TLS, either by requiring that TLS be negotiated when
    the message is relayed, or by requesting that recipient-side policy
    mechanisms such as MTA-STS and DANE be ignored when relaying a
    message for which security is unimportant.


The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-uta-smtp-require-tls/

There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-04
https://datatracker.ietf.org/doc/html/draft-ietf-uta-smtp-require-tls-04

A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-uta-smtp-require-tls-04


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/

_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta


_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta






















					Reply via email to