On 15.10.2013, at 21.31, Wei Chuang <weihaw(_at_)google(_dot_)com> wrote:
Request for discussion (draft-wchuang-msmd) of a proposal to secure mail from
eavesdropping and MitM attacks. All comments welcome on this thread. I'm
mentioning the proposal also to apps-discuss@ and saag@ lists as this may be
of interest to them too, but redirecting discussion to this list so its all
happening in one place.
The SMTP side is mostly what I had been thinking about earlier (although I was
thinking about MAIL FROM parameter instead of a header, but I'm not sure if
there's a big difference). The IMAP side of the draft makes the security
"complete", but it would also seriously slow down the deployment, which is
especially annoying because most of the target users are already using IMAP and
SMTP with TLS, making the MSMD command requirement mostly irrelevant. If the
IMAP server simply checked that the IMAP client was connected with TLS, that
would make it very likely that the SMTP submission would also be done with TLS,
I think? Unless maybe Google has statistics that this isn't the case?
Anyway, if the idea behind MSMD IMAP command survives, it should be done with
ENABLE MSMD instead.
ietf-smtp mailing list