Eric Rescorla has entered the following ballot position for draft-ietf-uta-smtp-require-tls-07: Discuss
When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-uta-smtp-require-tls/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- I support Benjamin's DISCUSS. To elaborate on one point a bit: it seems to me that it's harmful to security to allow the sender to unilaterally override the recipient's preferences that something be encrypted. To forestall one argument, yes, the sender knows the contents of the message, but the recipient knows their own circumstances, and they may be at particular risk The choices of key lengths and algorithms change over time, so a specific requirement is not presented here. This is not a verifiable conformance requirement. You either need to not have a 8174 SHOULD here, or actually specify what "meaningfully secure" means. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- email by giving the originator of a message an expectation that it will be transmitted in an encrypted form "over the wire". When used, REQUIRETLS changes the traditional behavior of email transmission, This does not seem to accurately describe "RequireTLS: NO" _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
