Re: RFC 3207 STARTTLS


Putting on my area director hat:

An RFC 3207 STARTTLS revision needs text related to server identity check.I would prefer this text be as similar as possible to server identity checktext in other IETF application protocols.

For Submit, I'd expect the TLS server identity check to bemandatory-to-implement and very close to that of IMAP and POP (or to have ajustification why it shouldn't follow IETF practices for this).

I've attempted to get volunteers to write a generalized TLS server identitycheck for use by applications so it can be included by reference. Theinitial draft has unfortunately expired:<http://tools.ietf.org/html/draft-hodges-server-ident-check-00>

and needs work.  This issue has come up in _many_ WGs and protocols.

For SMTP transfer, the situation is different and probably needs technicaldiscussion to reach consensus on the path forward. It would not surpriseme if we needed one or more additional EHLO keywords/arguments to resolvelegitimate concerns. I will observe that for SMTP without SMTP AUTH, thereis value in opportunistic STARTTLS encryption without authentication aslong as the risks are understood.


                - Chris

<Prev in Thread]	Current Thread	[Next in Thread>
RFC 3207 STARTTLS, Ivar Lumi Re: RFC 3207 STARTTLS, Philip Guenther Re: RFC 3207 STARTTLS, Matti Aarnio Re: RFC 3207 STARTTLS, Alexey Melnikov Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Alexey Melnikov Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Paul Hoffman Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Chris Newman <= Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Tony Finch Message not available Re: RFC 3207 STARTTLS, SM Re: RFC 3207 STARTTLS, Tony Finch Re: RFC 3207 STARTTLS, John C Klensin Re: RFC 3207 STARTTLS, Alessandro Vesely Re: RFC 3207 STARTTLS, Willie Gillespie