Technical Summary
The SMTP STARTTLS option, used in negotiating transport-level
encryption of SMTP connections, is not as useful from a security
standpoint as it might be because of its opportunistic nature;
message delivery is, by default, prioritized over security. This
document describes an SMTP service extension, REQUIRETLS, and message
header field, RequireTLS. If the REQUIRETLS option or RequireTLS
message header field is used when sending a message, it asserts a
request on the part of the message sender to override the default
negotiation of TLS, either by requiring that TLS be negotiated when
the message is relayed, or by requesting that recipient-side policy
mechanisms such as MTA-STS and DANE be ignored when relaying a
message for which security is unimportant.
Working Group Summary
The WG consensus for adoption this draft was clear. The draft was
well discussed in the WG and has undergone significant changes
during this discussion. At some point there was a strong consideration
to split the draft into two, separating SMTP service extension
and mail header field, but the final consensus was that
it's better to define them in a single document.
Document Quality
There are at least two implementations of the early version of the draft.
A few major vendors and operators express an interest in this technology
and have indicated that they evaluate a possibility to implement (or use) it.
Personnel
Valery Smyslov (shepherd)
Alexey Melnikov (AD)
RFC Editor Note
RFC Editor Note
In Appendix A.1 (REQUIRETLS SMTP Option), 1st sentence:
OLD:
The TLS-Required SMTP option is used to express the intent of the
^^^^^^^^^^^^
sender that the associated message be relayed using TLS.
NEW:
The REQUIRETLS SMTP option is used to express the intent of the
^^^^^^^^^^
sender that the associated message be relayed using TLS.