Skip to main content

Guidance on End-to-End E-mail Security

Document Type Replaced Internet-Draft (lamps WG)
Expired & archived
Author Daniel Kahn Gillmor
Last updated 2021-07-07 (Latest revision 2021-02-22)
Replaced by draft-ietf-lamps-e2e-mail-guidance
RFC stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Additional resources Mailing list discussion
Stream WG state Candidate for WG Adoption
Document shepherd (None)
IESG IESG state Replaced by draft-ietf-lamps-e2e-mail-guidance
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


End-to-end cryptographic protections for e-mail messages can provide useful security. However, the standards for providing cryptographic protection are extremely flexible. That flexibility can trap users and cause surprising failures. This document offers guidance for mail user agent implementers that need to compose or interpret e-mail messages with end-to-end cryptographic protection. It provides a useful set of vocabulary as well as suggestions to avoid common failures.


Daniel Kahn Gillmor

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)