draft-ietf-uta-tls-for-email-02.txt | draft-ietf-uta-tls-for-email-03.txt | |||
---|---|---|---|---|
Network Working Group L. Velvindron | Network Working Group L. Velvindron | |||
Internet-Draft cyberstorm.mu | Internet-Draft cyberstorm.mu | |||
Updates: 8314 (if approved) S. Farrell | Updates: 8314 (if approved) S. Farrell | |||
Intended status: Standards Track Trinity College Dublin | Intended status: Standards Track Trinity College Dublin | |||
Expires: March 14, 2020 September 11, 2019 | Expires: April 24, 2020 October 22, 2019 | |||
Use of TLS for Email Submission and Access | Use of TLS for Email Submission and Access | |||
draft-ietf-uta-tls-for-email-02 | draft-ietf-uta-tls-for-email-03 | |||
Abstract | Abstract | |||
This specification updates current recommendation for the use of | This specification updates current recommendation for the use of | |||
Transport Layer Security (TLS) protocol to provide confidentiality of | Transport Layer Security (TLS) protocol to provide confidentiality of | |||
email between a Mail User Agent (MUA) and a Mail Submission Server or | email between a Mail User Agent (MUA) and a Mail Submission Server or | |||
Mail Access Server. This document updates RFC8314. | Mail Access Server. This document updates RFC8314. | |||
Status of This Memo | Status of This Memo | |||
skipping to change at page 1, line 34 ¶ | skipping to change at page 1, line 34 ¶ | |||
Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
This Internet-Draft will expire on March 14, 2020. | This Internet-Draft will expire on April 24, 2020. | |||
Copyright Notice | Copyright Notice | |||
Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
document authors. All rights reserved. | document authors. All rights reserved. | |||
This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
(https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
publication of this document. Please review these documents | publication of this document. Please review these documents | |||
skipping to change at page 4, line 11 ¶ | skipping to change at page 4, line 11 ¶ | |||
" MUAs MUST implement TLS 1.2 [RFC5246] or later e.g TLS 1.3 | " MUAs MUST implement TLS 1.2 [RFC5246] or later e.g TLS 1.3 | |||
[RFC8446]. Earlier TLS and SSL versions MAY also be supported, so | [RFC8446]. Earlier TLS and SSL versions MAY also be supported, so | |||
long as the MUA requires at least TLS 1.2 [RFC5246] when accessing | long as the MUA requires at least TLS 1.2 [RFC5246] when accessing | |||
accounts that are configured to impose minimum confidentiality | accounts that are configured to impose minimum confidentiality | |||
requirements. " | requirements. " | |||
OLD: | OLD: | |||
" The default minimum expected level of confidentiality for all new | " The default minimum expected level of confidentiality for all new | |||
accounts MUST require successful validation of the server's | accounts MUST require successful validation of the server's | |||
certificate and SHOULD require negotiation of TLS version 1.2 or | certificate and SHOULD require negotiation of TLS version 1.1 or | |||
greater. (Future revisions to this specification may raise these | greater. (Future revisions to this specification may raise these | |||
requirements or impose additional requirements to address newly | requirements or impose additional requirements to address newly | |||
discovered weaknesses in protocols or cryptographic algorithms. " | discovered weaknesses in protocols or cryptographic algorithms. " | |||
NEW: | NEW: | |||
" The default minimum expected level of confidentiality for all new | " The default minimum expected level of confidentiality for all new | |||
accounts MUST require successful validation of the server's | accounts MUST require successful validation of the server's | |||
certificate and SHOULD require negotiation of TLS version 1.2 or | certificate and SHOULD require negotiation of TLS version 1.2 or | |||
greater. (Future revisions to this specification may raise these | greater. (Future revisions to this specification may raise these | |||
skipping to change at page 4, line 37 ¶ | skipping to change at page 4, line 37 ¶ | |||
None of the proposed measures have an impact on IANA. | None of the proposed measures have an impact on IANA. | |||
5. Security Considerations | 5. Security Considerations | |||
The purpose of this document is to document updated recommendations | The purpose of this document is to document updated recommendations | |||
for using TLS with Email services. Those recommendations are based | for using TLS with Email services. Those recommendations are based | |||
on [I-D.ietf-tls-oldversions-deprecate]. | on [I-D.ietf-tls-oldversions-deprecate]. | |||
6. Acknowledgement | 6. Acknowledgement | |||
The authors would like to thank Vittorio Bertola for his feedback. | The authors would like to thank Vittorio Bertola and Viktor Dukhovni | |||
for their feedback. | ||||
7. References | 7. References | |||
7.1. Informative References | 7.1. Informative References | |||
[RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
(TLS) Protocol Version 1.1", RFC 4346, | (TLS) Protocol Version 1.1", RFC 4346, | |||
DOI 10.17487/RFC4346, April 2006, | DOI 10.17487/RFC4346, April 2006, | |||
<https://www.rfc-editor.org/info/rfc4346>. | <https://www.rfc-editor.org/info/rfc4346>. | |||
End of changes. 5 change blocks. | ||||
5 lines changed or deleted | 6 lines changed or added | |||
This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ |