Telechat Review of draft-ietf-uta-mta-sts-15

Request Review of draft-ietf-uta-mta-sts
Requested rev. no specific revision (document currently at 21)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2018-05-08
Requested 2018-03-21
Other Reviews Genart Telechat review of -15 by Christer Holmberg (diff)
Review State Completed
Reviewer Paul Hoffman
Review review-ietf-uta-mta-sts-15-secdir-telechat-hoffman-2018-04-19
Posted at
Reviewed rev. 15 (document currently at 21)
Review result Ready
Draft last updated 2018-04-19
Review completed: 2018-04-19


This document is an ambitious attempt to add STS (strict transport 
security) to SMTP. It carefully deals with all the traps and pitfalls 
that were found in developing STS for HTTP, DANE, and so on. I believe 
that it has hit all the obvious security issues how a determined 
attacker might cause a downgrade; in so doing, it has become a very 
complex protocol. However, the authors make a good argument for each of 
the complexities, which is admirable.

--Paul Hoffman