Skip to main content

Guidance on End-to-End E-mail Security

Document Type Expired Internet-Draft (lamps WG)
Author Daniel Kahn Gillmor
Last updated 2022-07-29 (Latest revision 2022-01-25)
Replaces draft-dkg-lamps-e2e-mail-guidance
Stream Internet Engineering Task Force (IETF)
Intended RFC status (None)
Expired & archived
Additional resources Other Repository
Mailing List
Issuer Tracker
Mailing list discussion
Stream WG state WG Document
Document shepherd (None)
IESG IESG state Expired
Consensus boilerplate Unknown
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


End-to-end cryptographic protections for e-mail messages can provide useful security. However, the standards for providing cryptographic protection are extremely flexible. That flexibility can trap users and cause surprising failures. This document offers guidance for mail user agent implementers that need to compose or interpret e-mail messages with end-to-end cryptographic protection. It provides a useful set of vocabulary as well as suggestions to avoid common failures.


Daniel Kahn Gillmor

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)