Using TLS with IMAP, POP3 and ACAP
RFC 2595

Document Type RFC - Proposed Standard (June 1999; Errata)
Was draft-newman-tls-imappop (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf html bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2595 (Proposed Standard)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                          C. Newman
Request for Comments: 2595                                      Innosoft
Category: Standards Track                                      June 1999

                   Using TLS with IMAP, POP3 and ACAP

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

1. Motivation

   The TLS protocol (formerly known as SSL) provides a way to secure an
   application protocol from tampering and eavesdropping.  The option of
   using such security is desirable for IMAP, POP and ACAP due to common
   connection eavesdropping and hijacking attacks [AUTH].  Although
   advanced SASL authentication mechanisms can provide a lightweight
   version of this service, TLS is complimentary to simple
   authentication-only SASL mechanisms or deployed clear-text password
   login commands.

   Many sites have a high investment in authentication infrastructure
   (e.g., a large database of a one-way-function applied to user
   passwords), so a privacy layer which is not tightly bound to user
   authentication can protect against network eavesdropping attacks
   without requiring a new authentication infrastructure and/or forcing
   all users to change their password.  Recognizing that such sites will
   desire simple password authentication in combination with TLS
   encryption, this specification defines the PLAIN SASL mechanism for
   use with protocols which lack a simple password authentication
   command such as ACAP and SMTP.  (Note there is a separate RFC for the
   STARTTLS command in SMTP [SMTPTLS].)

   There is a strong desire in the IETF to eliminate the transmission of
   clear-text passwords over unencrypted channels.  While SASL can be
   used for this purpose, TLS provides an additional tool with different
   deployability characteristics.  A server supporting both TLS with

Newman                      Standards Track                     [Page 1]
RFC 2595           Using TLS with IMAP, POP3 and ACAP          June 1999

   simple passwords and a challenge/response SASL mechanism is likely to
   interoperate with a wide variety of clients without resorting to
   unencrypted clear-text passwords.

   The STARTTLS command rectifies a number of the problems with using a
   separate port for a "secure" protocol variant.  Some of these are
   mentioned in section 7.

1.1. Conventions Used in this Document

   The key words "REQUIRED", "MUST", "MUST NOT", "SHOULD", "SHOULD NOT",
   "MAY", and "OPTIONAL" in this document are to be interpreted as
   described in "Key words for use in RFCs to Indicate Requirement
   Levels" [KEYWORDS].

   Terms related to authentication are defined in "On Internet
   Authentication" [AUTH].

   Formal syntax is defined using ABNF [ABNF].

   In examples, "C:" and "S:" indicate lines sent by the client and
   server respectively.

2. Basic Interoperability and Security Requirements

   The following requirements apply to all implementations of the
   STARTTLS extension for IMAP, POP3 and ACAP.

2.1. Cipher Suite Requirements

   Implementation of the TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA [TLS] cipher
   suite is REQUIRED.  This is important as it assures that any two
   compliant implementations can be configured to interoperate.

   All other cipher suites are OPTIONAL.

2.2. Privacy Operational Mode Security Requirements

   Both clients and servers SHOULD have a privacy operational mode which
   refuses authentication unless successful activation of an encryption
   layer (such as that provided by TLS) occurs prior to or at the time
   of authentication and which will terminate the connection if that
   encryption layer is deactivated.  Implementations are encouraged to
   have flexability with respect to the minimal encryption strength or
   cipher suites permitted.  A minimalist approach to this
   recommendation would be an operational mode where the
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA cipher suite is mandatory prior to
   permitting authentication.

Newman                      Standards Track                     [Page 2]
RFC 2595           Using TLS with IMAP, POP3 and ACAP          June 1999

   Clients MAY have an operational mode which uses encryption only when
   it is advertised by the server, but authentication continues
   regardless.  For backwards compatibility, servers SHOULD have an
   operational mode where only the authentication mechanisms required by
   the relevant base protocol specification are needed to successfully

2.3. Clear-Text Password Requirements

   Clients and servers which implement STARTTLS MUST be configurable to
Show full document text