[Top] [All Lists]

Re: [ietf-smtp] Request for discussion of Mandatory Secure Mail Delivery proposal (draft-wchuang-msmd)

2013-10-15 16:25:50
On 15.10.2013, at 21.31, Wei Chuang <weihaw(_at_)google(_dot_)com> wrote:

Hi ietf-smtp,

Request for discussion (draft-wchuang-msmd) of a proposal to secure mail from 
eavesdropping and MitM attacks.  All comments welcome on this thread.  I'm 
mentioning the proposal also to apps-discuss@ and saag@ lists as this may be 
of interest to them too, but redirecting discussion to this list so its all 
happening in one place.

The SMTP side is mostly what I had been thinking about earlier (although I was 
thinking about MAIL FROM parameter instead of a header, but I'm not sure if 
there's a big difference). The IMAP side of the draft makes the security 
"complete", but it would also seriously slow down the deployment, which is 
especially annoying because most of the target users are already using IMAP and 
SMTP with TLS, making the MSMD command requirement mostly irrelevant. If the 
IMAP server simply checked that the IMAP client was connected with TLS, that 
would make it very likely that the SMTP submission would also be done with TLS, 
I think? Unless maybe Google has statistics that this isn't the case?

Anyway, if the idea behind MSMD IMAP command survives, it should be done with 
ENABLE MSMD instead.

ietf-smtp mailing list