ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] Fwd: New Version Notification for draft-fenton-smtp-require-tls-00.txt

2016-01-11 04:38:58
Hi Jim,

On Sun 10/Jan/2016 23:27:46 +0100 Jim Fenton wrote: 

Below is the announcement of a draft I just submitted that may be of interest
to this list. The approach here is complementary to the other proposals I have
seen along these lines (e.g., smtp-sts).

Your approach looks rather similar to Courier's "SECURITY" extension than
Strict Transport Security.  I think you'd be interested in having a look to the
former.  For example, its provision to increase the requirement level allows
practical use of the extension even in the absence of supporting MUAs.

http://www.courier-mta.org/draft-varshavchik-security-smtpext.txt
(That was implemented in 2001, before DANE, and even before SNI.)

Thoughts, reviews, etc. welcomed.

Neither proposal seems to allow clients to specify a set of root CAs (to be
transmitted along with the envelope).  That lack is tantamount to assuming that
the trust relationship is transitive.  Is it, or is it me?

Ale

-------- Forwarded Message --------
Subject:      New Version Notification for 
draft-fenton-smtp-require-tls-00.txt
Date:         Sun, 10 Jan 2016 14:21:37 -0800
From:         internet-drafts(_at_)ietf(_dot_)org
To:   Jim Fenton <fenton(_at_)bluepopcorn(_dot_)net>



A new version of I-D, draft-fenton-smtp-require-tls-00.txt
has been successfully submitted by Jim Fenton and posted to the
IETF repository.

Name:         draft-fenton-smtp-require-tls
Revision:     00
Title:                SMTP Require TLS Option
Document date:        2016-01-10
Group:                Individual Submission
Pages:                7
URL:            
https://www.ietf.org/internet-drafts/draft-fenton-smtp-require-tls-00.txt
Status:         
https://datatracker.ietf.org/doc/draft-fenton-smtp-require-tls/
Htmlized:       https://tools.ietf.org/html/draft-fenton-smtp-require-tls-00


Abstract:
   The SMTP STARTTLS option, used in negotiating transport-level
   encryption of SMTP connections, is not as useful from a security
   standpoint as it might be because of its opportunistic nature;
   message delivery is prioritized over security.  This document
   describes a complementary option, REQUIRETLS, which causes message
   delivery to fail if a TLS connection with the required security
   characteristics cannot be negotiated with the next hop MTA or if that
   MTA does not also support REQUIRETLS.  Message originators may
   therefore expect transport security for messages sent with this
   option.

                                                                              
    


Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at tools.ietf.org.

The IETF Secretariat





_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp


_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp

<Prev in Thread] Current Thread [Next in Thread>