Technical Summary
SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a
mechanism enabling mail service providers to declare their ability to
receive Transport Layer Security (TLS) secure SMTP connections, and
to specify whether sending SMTP servers should refuse to deliver to
MX hosts that do not offer TLS with a trusted server certificate.
Working Group Summary
The WG had a hard time aligning on the format of MTA-STS policy
and initially had chosen JSON as the format. Strong push-back from
parts of the opensource community led to a change to key-value text
based format. The consensus is strong on the new format but the path
there was a bit rough. There is still too little understanding of
how SNI is deployed in the email domain to warrant clear normative
language on the use of SNI. Security directorate review may change
this a bit but probably not much. The WG consensus is to leave the
language as is in the draft.
Document Quality
There are multiple implementations on the protocol and major email-
providers (eg google) are already deploying the protocol as specified.
There are indications that major opensource implementations of MTAs
will implement the protocol.
Personnel
Who is the Document Shepherd? Who is the Responsible Area
Director?
Leif Johansson (document shepherd)
Alexei Melnikov (AD)
RFC Editor Note
RFC Editor Note
In Section 3.2, in the ABNF:
sts-policy-field = sts-policy-version / ; required once
sts-policy-mode / ; required once
sts-policy-max-age / ; required once
sts-policy-term /
; required at least once, except when
; mode is "none"
sts-policy-extension ; other fields
Please change "sts-policy-term" to "sts-policy-mx"
In the same section, also change:
OLD:
sts-policy-mx-value = ["."] Domain
NEW:
sts-policy-mx-value = ["*."] Domain
In Section 3.4:
OLD: This specification does not provide a means of associating
policies with addresses that employ Address Literals [RFC5321].
NEW: s/with addresses/with email addresses/