SMTP Require TLS Option
Draft of message to be sent after approval:
From: The IESG <email@example.com> To: IETF-Announce <firstname.lastname@example.org> Cc: The IESG <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, Valery Smyslov <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org Subject: Protocol Action: 'SMTP Require TLS Option' to Proposed Standard (draft-ietf-uta-smtp-require-tls-09.txt) The IESG has approved the following document: - 'SMTP Require TLS Option' (draft-ietf-uta-smtp-require-tls-09.txt) as Proposed Standard This document is the product of the Using TLS in Applications Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Barry Leiba. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-uta-smtp-require-tls/
Technical Summary The SMTP STARTTLS option, used in negotiating transport-level encryption of SMTP connections, is not as useful from a security standpoint as it might be because of its opportunistic nature; message delivery is, by default, prioritized over security. This document describes an SMTP service extension, REQUIRETLS, and message header field, RequireTLS. If the REQUIRETLS option or RequireTLS message header field is used when sending a message, it asserts a request on the part of the message sender to override the default negotiation of TLS, either by requiring that TLS be negotiated when the message is relayed, or by requesting that recipient-side policy mechanisms such as MTA-STS and DANE be ignored when relaying a message for which security is unimportant. Working Group Summary The WG consensus for adoption this draft was clear. The draft was well discussed in the WG and has undergone significant changes during this discussion. At some point there was a strong consideration to split the draft into two, separating SMTP service extension and mail header field, but the final consensus was that it's better to define them in a single document. Document Quality There are at least two implementations of the early version of the draft. A few major vendors and operators express an interest in this technology and have indicated that they evaluate a possibility to implement (or use) it. Personnel Valery Smyslov (shepherd) Alexey Melnikov (AD)
RFC Editor Note In Appendix A.1 (REQUIRETLS SMTP Option), 1st sentence: OLD: The TLS-Required SMTP option is used to express the intent of the ^^^^^^^^^^^^ sender that the associated message be relayed using TLS. NEW: The REQUIRETLS SMTP option is used to express the intent of the ^^^^^^^^^^ sender that the associated message be relayed using TLS.