Guidance on End-to-End E-mail Security

Document Type Replaced Internet-Draft (lamps WG)
Author Daniel Gillmor 
Last updated 2021-07-07 (latest revision 2021-02-22)
Replaced by draft-ietf-lamps-e2e-mail-guidance
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
plain text html xml htmlized pdfized bibtex
Stream WG state Candidate for WG Adoption
Document shepherd No shepherd assigned
IESG IESG state Replaced by draft-ietf-lamps-e2e-mail-guidance
Consensus Boilerplate Unknown
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


End-to-end cryptographic protections for e-mail messages can provide useful security. However, the standards for providing cryptographic protection are extremely flexible. That flexibility can trap users and cause surprising failures. This document offers guidance for mail user agent implementers that need to compose or interpret e-mail messages with end-to-end cryptographic protection. It provides a useful set of vocabulary as well as suggestions to avoid common failures.


Daniel Gillmor (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)