SMTP MTA Strict Transport Security (MTA-STS)
RFC 8461

Approval announcement
Draft of message to be sent after approval:

From: The IESG <>
To: IETF-Announce <>
Cc:, The IESG <>,,, Leif Johansson <>,,,
Subject: Protocol Action: 'SMTP MTA Strict Transport Security (MTA-STS)' to Proposed Standard (draft-ietf-uta-mta-sts-21.txt)

The IESG has approved the following document:
- 'SMTP MTA Strict Transport Security (MTA-STS)'
  (draft-ietf-uta-mta-sts-21.txt) as Proposed Standard

This document is the product of the Using TLS in Applications Working Group.

The IESG contact persons are Adam Roach, Alexey Melnikov and Ben Campbell.

A URL of this Internet Draft is:

Technical Summary

   SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a
   mechanism enabling mail service providers to declare their ability to
   receive Transport Layer Security (TLS) secure SMTP connections, and
   to specify whether sending SMTP servers should refuse to deliver to
   MX hosts that do not offer TLS with a trusted server certificate.

Working Group Summary

   The WG had a hard time aligning on the format of MTA-STS policy
   and initially had chosen JSON as the format. Strong push-back from
   parts of the opensource community led to a change to key-value text
   based format. The consensus is strong on the new format but the path
   there was a bit rough. There is still too little understanding of 
   how SNI is deployed in the email domain to warrant clear normative
   language on the use of SNI. Security directorate review may change
   this a bit but probably not much. The WG consensus is to leave the
   language as is in the draft.

Document Quality

   There are multiple implementations on the protocol and major email-
   providers (eg google) are already deploying the protocol as specified.  
   There are indications that major opensource implementations of MTAs
   will implement the protocol.


  Who is the Document Shepherd? Who is the Responsible Area

  Leif Johansson (document shepherd)
  Alexei Melnikov (AD)

RFC Editor Note

In Section 3.2, in the ABNF:

sts-policy-field         = sts-policy-version /      ; required once
                           sts-policy-mode    /      ; required once
                           sts-policy-max-age /      ; required once

                           sts-policy-term /
                           ; required at least once, except when
                           ; mode is "none"

                           sts-policy-extension      ; other fields

Please change "sts-policy-term" to "sts-policy-mx"

In the same section, also change:


sts-policy-mx-value      = ["."] Domain


sts-policy-mx-value      = ["*."] Domain

In Section 3.4:

OLD:  This specification does not provide a means of associating
      policies with addresses that employ Address Literals [RFC5321].

NEW: s/with addresses/with email addresses/