[Top] [All Lists]

Re: [ietf-smtp] Request for discussion of Mandatory Secure Mail Delivery proposal (draft-wchuang-msmd)

2013-10-16 13:37:56
Hi Alessandro,

On Wed, Oct 16, 2013 at 10:09 AM, Alessandro Vesely <vesely(_at_)tana(_dot_)it> 

On Tue 15/Oct/2013 21:31:17 +0200 Wei Chuang wrote:

Request for discussion (draft-wchuang-msmd) of a proposal to secure mail
eavesdropping and MitM attacks.  All comments welcome on this thread.

Something similar to that is implemented in Courier-MTA, since a
couple of years ago IIRC.  It is shortly described here:

(There are specific instruction for setting it up here: )

I cannot tell much more, because, although that's my favorite SMTP
package, I never enabled that extension.

Thanks for the pointer Alessandro.  Very nicely written concise I-D.  There
are some differences:
1) lacks option mechanism
2) lacks spec for tightening TLS spec/usage

On Wed 16/Oct/2013 12:04:28 +0200 Martijn Grooten wrote:
I do like the idea of using several tiers - but also wonder what
the implications will be when you demand tier 2 or higher and I can
only provide tier 1 security. Won't this just mean emails get
bounced all over the Internet?

+1, I'd suggest to describe the SMTP feature separately.  A further
RFC can then take care of putting together all security related facets
of email in order to build a secure framework.  The latter
specification would be similar in spirit to a prior attempt at
standardizing Certified Electronic Mail:

I see your point, but we're making the argument that as MSMD provides a
kind of certification, and we would like to increase the standing of TLS,
there's benefit in moving TLS and SMTP spec together.


ietf-smtp mailing list

ietf-smtp mailing list
<Prev in Thread] Current Thread [Next in Thread>