Telechat Review of draft-ietf-uta-mta-sts-15
review-ietf-uta-mta-sts-15-secdir-telechat-hoffman-2018-04-19-00
Request | Review of | draft-ietf-uta-mta-sts |
---|---|---|
Requested revision | No specific revision (document currently at 21) | |
Type | Telechat Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2018-05-08 | |
Requested | 2018-03-21 | |
Authors | Daniel Margolis , Mark Risher , Binu Ramakrishnan , Alex Brotman , Janet Jones | |
I-D last updated | 2018-04-19 | |
Completed reviews |
Secdir Telechat review of -15
by Paul E. Hoffman
(diff)
Genart Telechat review of -15 by Christer Holmberg (diff) |
|
Assignment | Reviewer | Paul E. Hoffman |
State | Completed | |
Request | Telechat review on draft-ietf-uta-mta-sts by Security Area Directorate Assigned | |
Reviewed revision | 15 (document currently at 21) | |
Result | Ready | |
Completed | 2018-04-19 |
review-ietf-uta-mta-sts-15-secdir-telechat-hoffman-2018-04-19-00
This document is an ambitious attempt to add STS (strict transport security) to SMTP. It carefully deals with all the traps and pitfalls that were found in developing STS for HTTP, DANE, and so on. I believe that it has hit all the obvious security issues how a determined attacker might cause a downgrade; in so doing, it has become a very complex protocol. However, the authors make a good argument for each of the complexities, which is admirable. --Paul Hoffman