Request for discussion (draft-wchuang-msmd) of a proposal to secure mail from
eavesdropping and MitM attacks. All comments welcome on this thread. I'm
mentioning the proposal also to apps-discuss@ and saag@ lists as this may
be of interest to them too, but redirecting discussion to this list so its
all happening in one place.
Here's the abstract:
Opportunistic SMTP TLS does not enforce electronic mail delivery
using TLS leading to potential loss of privacy and security. We
propose an optional mail header extension "mandatory-secure-mail-
delivery:" and SMTP EHLO response extension "MSMD" that indicates
mail must be delivered privately using TLS and with integrity using
DKIM, and thereby provide a security guarantee to the user. When
mail is sent with the header indicating privacy and integrity and if
the receiving party does not support this, the mail is instead
bounced. To protect the mail after delivery, the destination SMTP
server must advertise its capabilities as part of the EHLO response,
and the sender can choose whether the destination is able to honor
the privacy requirements specified on the mail header.
Link to the proposal here:
PS Pardon for any IETF formatting or etiquette errors as I'm very new to
the IETF process.
ietf-smtp mailing list