draft-ietf-uta-email-tls-certs-01.txt   draft-ietf-uta-email-tls-certs-02.txt 
Network Working Group A. Melnikov Network Working Group A. Melnikov
Internet-Draft Isode Ltd Internet-Draft Isode Ltd
Updates: 2595, 3207, 3501, 5804 (if March 5, 2015 Updates: 2595, 3207, 3501, 5804 (if March 23, 2015
approved) approved)
Intended status: Standards Track Intended status: Standards Track
Expires: September 6, 2015 Expires: September 24, 2015
Updated TLS Server Identity Check Procedure for Email Related Protocols Updated TLS Server Identity Check Procedure for Email Related Protocols
draft-ietf-uta-email-tls-certs-01 draft-ietf-uta-email-tls-certs-02
Abstract Abstract
This document describes TLS server identity verification procedure This document describes TLS server identity verification procedure
for SMTP Submission, IMAP, POP and ManageSieve clients. It replaces for SMTP Submission, IMAP, POP and ManageSieve clients. It replaces
Section 2.4 of RFC 2595. Section 2.4 of RFC 2595.
Status of This Memo Status of This Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 6, 2015. This Internet-Draft will expire on September 24, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 38 skipping to change at page 3, line 38
implementations. implementations.
2. Support for the SRV-ID identifier type (subjectAltName of SRVName 2. Support for the SRV-ID identifier type (subjectAltName of SRVName
type [RFC4985]) is REQUIRED for email client software type [RFC4985]) is REQUIRED for email client software
implementations. List of SRV-ID types for email services is implementations. List of SRV-ID types for email services is
specified in [RFC6186]. For ManageSieve the value "sieve" is specified in [RFC6186]. For ManageSieve the value "sieve" is
used. used.
3. URI-ID identifier type (subjectAltName of 3. URI-ID identifier type (subjectAltName of
uniformResourceIdentifier type [RFC5280]) MUST NOT be used by uniformResourceIdentifier type [RFC5280]) MUST NOT be used by
clients for server verification, as clients for server verification, as URI-ID were not historically
used for email.
4. For backward compatibility with deployed software CN-ID 4. For backward compatibility with deployed software CN-ID
identifier type (CN attribute from the subject name, see identifier type (CN attribute from the subject name, see
[RFC6125]) MAY be used for server identity verification. [RFC6125]) MAY be used for server identity verification.
5. Email protocols allow use of certain wilcards in identifiers 5. Email protocols allow use of certain wilcards in identifiers
presented by email servers. The "*" wildcard character MAY be presented by email servers. The "*" wildcard character MAY be
used as the left-most name component of DNS-ID or CN-ID in the used as the left-most name component of DNS-ID or CN-ID in the
certificate. For example, a DNS-ID of *.example.com would match certificate. For example, a DNS-ID of *.example.com would match
a.example.com, foo.example.com, etc. but would not match a.example.com, foo.example.com, etc. but would not match
 End of changes. 5 change blocks. 
5 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/