Transport Layer Security
charter-ietf-tls-04-00
Document | Proposed charter | Transport Layer Security WG (tls) Snapshot | |
---|---|---|---|
Title | Transport Layer Security | ||
Last updated | 2014-01-31 | ||
State | Draft Charter Rechartering | ||
WG | State | Active | |
IESG | Responsible AD | Paul Wouters | |
Charter edit AD | (None) | ||
Send notices to | (None) |
The TLS (Transport Layer Security) working group was
established in 1996 to standardize a 'transport layer'
security protocol. The basis for the work was SSL
(Secure Socket Layer) v3.0. The TLS working group has
completed a series of specifications that describe the
TLS protocol v1.0, v1.1, and v1.2 and DTLS
(Datagram TLS) v1.2 as well as extensions to the
protocols and ciphersuites.
The primary purpose of the working group is to develop
(D)TLS v1.3. Some of the main design goals are as follows,
in no particular order:
o Develop a mode that encrypts as much of the handshake as
is possible to reduce the amount of observable data to
both passive and active attackers.
o Develop modes to reduce handshake latency, which primarily
support HTTP-based applications, aiming for one roundtrip
for a full handshake and one or zero roundtrip for repeated
handshakes. The aim is also to maintain current security "@ONE,@TWO,JOE@THREE", where ONE, TWO, and THREE are hosts. This
form is used to emphasize the distinction between an address and a
route. The mailbox is an absolute address, and the route is
information about how to get there. The two concepts should not
be confused.
The elements of the forward-path are moved to the reverse-path as
the message is relayed from one server-SMTP to another. The
reverse-path is a reverse source route, (i.e., a source route from
the current location of the message to the originator of the
message). When a server-SMTP deletes its identifier from the
forward-path and inserts it into the reverse-path, it must use the
name it is known by in the environment it is sending into, not the
environment the mail came from, in case the server-SMTP is known
by different names in different environments.
Using source routing the receiver-SMTP receives mail to be relayed
to another server-SMTP The receiver-SMTP may accept or reject the
task of relaying the mail in the same way it accepts or rejects
mail for a local user. The receiver-SMTP transforms the command
arguments by moving its own identifier from the forward-path to
the beginning of the reverse-path. The receiver-SMTP then becomes
a sender-SMTP, establishes a transmission channel to the next SMTP
in the forward-path, and sends it the mail.
The first host in the reverse-path should be the host sending the
SMTP commands, and the first host in the forward-path should be
the host receiving the SMTP commands.
Notice that the forward-path and reverse-path appear in the SMTP
commands and replies, but not necessarily in the message. That
is, there is no need for these paths and especially this syntax to
appear in the "To:" , "From:", "CC:", etc. fields of the message
header.
If a server-SMTP has accepted the task of relaying the mail and
later finds that the forward-path is incorrect or that the mail
cannot be delivered for whatever reason, then it must construct an
"undeliverable mail" notification message and send it to the
originator of the undeliverable mail (as indicated by the
reverse-path).
Postel [Page 13]
November 1981 RFC 788
Simple Mail Transfer Protocol
This notification message must be from the server-SMTP at this
host. Of course, server-SMTPs should not send notification
messages about problems with notification messages. One way to
prevent loops in error reporting is to specify a null reverse-path
in the MAIL command of a notification message. When such a
message is relayed it is permissible to leave the reverse-path
null. A MAIL command with a null reverse-path appears as follows:
MAIL FROM:<>
An undeliverable mail notification message is shown in example 7.
This notification is in response to a message originated by JOE at
HOSTW and sent via HOSTX to HOSTY with instructions to relay it on
to HOSTZ. What we see in the example is the transaction between
HOSTY and HOSTX, which is the first step in the return of the
notification message.
-------------------------------------------------------------
Example Undeliverable Mail Notification Message
S: MAIL FROM:<>
R: 250 ok
S: RCPT TO:<@HOSTX,JOE@HOSTW>
R: 250 ok
S: DATA
R: 354 send the mail data, end with .
S: Date: 23 Oct 81
S: Sender: SMTP@HOSTY
S: Subject: Mail System Problem
S:
S: Sorry JOE, your message to SAM@HOSTZ lost.
S: HOSTZ said this:
S: "550 No Such User"
S: .
R: 250 ok
Example 7
-------------------------------------------------------------
[Page 14] Postel
RFC 788 November 1981
Simple Mail Transfer Protocol
3.7. DOMAINS
At some not too distant future time it might be necessary to
expand the mailbox format to include a region or name domain
identifier. There is quite a bit of discussion on this at
present, and is likely that SMTP will be revised in the future to
take into account naming domains.
The examples in this document do not show mail domains.
Postel [Page 15]
November 1981 RFC 788
Simple Mail Transfer Protocol
4. THE SMTP SPECIFICATIONS
4.1. SMTP COMMANDS
4.1.1. COMMAND SEMANTICS
The SMTP commands define the mail transfer or the mail system
function requested by the user. SMTP commands are character
strings terminated by <CRLF>. The command codes themselves are
alphabetic characters terminated by <SP> if parameters follow
and <CRLF> otherwise. The syntax of mailboxes must conform to
receiver site conventions. The SMTP commands are discussed
below. The SMTP replies are discussed in the Section 4.2.
A mail transaction involves several data objects which are
communicated as arguments to different commands. The
reverse-path is the argument of the MAIL command, the
forward-path is the argument of the RCPT command, and the mail
data is the argument of the DATA command. These arguments or
data objects must be transmitted and held pending the
confirmation communicated by the end of mail data indication
which finalizes the transaction. The model for this is that
distinct buffers are provided to hold the types of data
objects, that is, there is a reverse-path buffer, a
forward-path buffer, and a mail data buffer. Specific commands
cause information to be appended to a specific buffer, or cause
one or more buffers to be cleared.
HELLO (HELO)
This command is used to identify the sender-SMTP to the
receiver-SMTP. The argument field contains the host name of
the sender-SMTP.
The receiver-SMTP identifies itself to the sender-SMTP in
the connection greeting reply, and in the response to this
command.
MAIL (MAIL)
This command is used to initiate a mail transaction in which
the mail data is delivered to one or more mailboxes. The
argument field contains a reverse-path.
The reverse-path consists of an optional list of hosts and
the sender mailbox. When the list of hosts is present, it
[Page 16] Postel
RFC 788 November 1981
Simple Mail Transfer Protocol
is a "reverse" source route and indicates that the mail was
relayed through each host on the list (the first host in the
list was the most recent relay). This list is used as a
source route to return non-delivery notices to the sender.
As each relay host adds itself to the beginning of the list,
it must use its name as known in the IPCE to which it is
relaying the mail rather than the IPCE from which the mail
came (if they are different). In some types of error
reporting messages (for example, undeliverable mail
notifications) the reverse-path may be null (see Example 7).
This command clears the reverse-path buffer, the
forward-path buffer, and the mail data buffer; and inserts
the reverse-path information from this command into the
reverse-path buffer.
RECIPIENT (RCPT)
This command is used to identify an individual recipient of
the mail data; multiple recipients are specified by multiple
use of this command.
The forward-path consists of an optional list of hosts and a
required destination mailbox. When the list of hosts is
present, it is a source route and indicates that the mail
must be relayed to the next host on the list. If the
receiver-SMTP is does not implement the relay function it
may user the same reply it would for an unknown local user
(550).
When mail is relayed, the relay host must remove itself from
the beginning forward-path and put itself at the beginning
of the reverse-path. When mail reaches its ultimate
destination (the forward-path contains only a destination
mailbox), the receiver-SMTP inserts it into the destination
mailbox in accordance with its host mail conventions.
For example, mail received at relay host A with arguments
FROM:<X@Y>
TO:<@A,@B,C@D>
will be relayed on to host B with arguments
FROM:<@A,X@Y>
TO:<@B,C@D>.
Postel [Page 17]
November 1981 RFC 788
Simple Mail Transfer Protocol
This command causes its forward-path argument to be appended
to the forward-path buffer.
DATA (DATA)
The receiver treats the lines following the command as mail
data from the sender. This command causes the mail data
from this command to be appended to the mail data buffer.
The mail data may contain any of the 128 ASCII character
codes.
The mail data is terminated by a line containing only a
period, that is the character sequence "<CRLF>.<CRLF>" (see
Section 4.5.2 on Transparency). This is the end of mail
data indication.
The end of mail data indication requires that the receiver
must now process the stored mail transaction information.
This processing consumes the information in the reverse-path
buffer, the forward-path buffer, and the mail data buffer,
and on the completion of this command these buffers are
cleared. If the processing is successful the receiver must
send an OK reply. If the processing fails completely the
receiver must send a failure reply.
When the receiver-SMTP accepts a message either for relaying
or for final delivery it inserts at the beginning of the
mail data a time stamp line. The time stamp line indicates
the identity of the host that sent the message, and the
identity of the host that received the message (and is
inserting this time stamp), and the date and time the
message was received. Relayed messages will have multiple
time stamp lines.
When the receiver-SMTP makes the "final delivery" of a
message it inserts at the beginning of the mail data a
return path line. The return path line preserves the
information in the <reverse-path> from the MAIL command.
Here, final delivery means the message leaves the SMTP
world. Normally, this would mean it has been delivered to
the destination user, but in some cases it may be further
processed and transmitted by another mail system.
The preceding two paragraphs imply that the final mail data
[Page 18] Postel
RFC 788 November 1981
Simple Mail Transfer Protocol
will begin with a return path line, followed by one or more
time stamp lines. These lines will be followed by the mail
data header and body [2]. For example:
Return-Path: <@GHI,@DEF,@ABC,JOE@ABC>
Mail-From: GHI received by JKL at 27-Oct-81 15:27:39-PST
Mail-From: DEF received by GHI at 27-Oct-81 15:15:13-PST
Mail-From: ABC received by DEF at 27-Oct-81 15:01:59-PST
Date: 27-Oct-81 15:01:01-PST
From: JOE@ABC
Subject: Improved Mailing System Installed
To: SAM@JKL
This is to inform you that ...
Special mention is needed of the response and further action
required when the processing following the end of mail data
indication is partially successful. This could arise if
after accepting several recipients and the mail data, the
receiver-SMTP finds that the mail data can be successfully
delivered to some of the recipients, but it cannot be to
others (for example, due to mailbox space allocation
problems). In such a situation, the response to the DATA
command must be an OK reply. But, the receiver-SMTP must
compose and send an "undeliverable mail" notification
message to the originator of the message. Either a single
notification which lists all of the recipients that failed
to get the message, or separate notification messages must
be sent for each failed recipient (see Example 7). All
undeliverable mail notification messages are sent using the
MAIL command (even if they result from processing a SEND,
SOML, or SAML command).
SEND (SEND)
This command is used to initiate a mail transaction in which
the mail data is delivered to one or more terminals. The
argument field contains a reverse-path. This command is
successful if the message is delivered to the terminal.
The reverse-path consists of an optional list of hosts and
the sender mailbox. When the list of hosts is present, it
is a "reverse" source route and indicates that the mail was
relayed through each host on the list (the first host in the
list was the most recent relay). This list is used as a
source route to return non-delivery notices to the sender.
Postel [Page 19]
November 1981 RFC 788
Simple Mail Transfer Protocol
As each relay host adds itself to the beginning of the list,
it must use its name as known in the IPCE to which it is
relaying the mail rather than the IPCE from which the mail
came (if they are different).
This command clears the reverse-path buffer, the
forward-path buffer, and the mail data buffer; and inserts
the reverse-path information from this command into the
reverse-path buffer.
SEND OR MAIL (SOML)
This command is used to initiate a mail transaction in which
the mail data is delivered to one or more terminals or
mailboxes. For each recipient the mail data is delivered to
the recipient's terminal if the recipient is active on the
host (and accepting terminal messages), otherwise to the
recipient's mailbox. The argument field contains a
reverse-path. This command is successful if the message is
delivered to the terminal or the mailbox.
The reverse-path consists of an optional list of hosts and
the sender mailbox. When the list of hosts is present, it
is a "reverse" source route and indicates that the mail was
relayed through each host on the list (the first host in the
list was the most recent relay). This list is used as a
source route to return non-delivery notices to the sender.
As each relay host adds itself to the beginning of the list,
it must use its name as known in the IPCE to which it is
relaying the mail rather than the IPCE from which the mail
came (if they are different).
This command clears the reverse-path buffer, the
forward-path buffer, and the mail data buffer; and inserts
the reverse-path information from this command into the
reverse-path buffer.
SEND AND MAIL (SAML)
This command is used to initiate a mail transaction in which
the mail data is delivered to one or more terminals and
mailboxes. For each recipient the mail data is delivered to
the recipient's terminal if the recipient is active on the
host (and accepting terminal messages), and for all
[Page 20] Postel
RFC 788 November 1981
Simple Mail Transfer Protocol
recipients to the recipient's mailbox. The argument field
contains a reverse-path. This command is successful if the
message is delivered to the mailbox.
The reverse-path consists of an optional list of hosts and
the sender mailbox. When the list of hosts is present, it
is a "reverse" source route and indicates that the mail was
relayed through each host on the list (the first host in the
list was the most recent relay). This list is used as a
source route to return non-delivery notices to the sender.
As each relay host adds itself to the beginning of the list,
it must use its name as known in the IPCE to which it is
relaying the mail rather than the IPCE from which the mail
came (if they are different).
This command clears the reverse-path buffer, the
forward-path buffer, and the mail data buffer; and inserts
the reverse-path information from this command into the
reverse-path buffer.
RESET (RSET)
This command specifies that the current mail transaction is
to be aborted. Any stored sender, recipients, and mail data
must be discarded, and all buffers and state tables cleared.
The receiver must send an OK reply.
VERIFY (VRFY)
This command asks the receiver to confirm that the argument
identifies a user. If it is a user name, the full name of
the user (if known) and the fully specified mailbox are
returned.
This command has no effect on any of the reverse-path
buffer, the forward-path buffer, or the mail data buffer.
EXPAND (EXPN)
This command asks the receiver to confirm that the argument
identifies a mailing list, and if so, to return the
membership of that list. The full name of the users (if
known) and the fully specified mailboxes are returned in a
multiline reply.
Postel [Page 21]
November 1981 RFC 788
Simple Mail Transfer Protocol
This command has no effect on any of the reverse-path
buffer, the forward-path buffer, or the mail data buffer.
HELP (HELP)
This command causes the receiver to send helpful information
to the sender of the HELP command. The command may take an
argument (e.g., any command name) and return more specific
information as a response.
This command has no effect on any of the reverse-path
buffer, the forward-path buffer, or the mail data buffer.
NOOP (NOOP)
This command does not affect any parameters or previously
entered commands. It specifies no action other than that
the receiver send an OK reply.
This command has no effect on any of the reverse-path
buffer, the forward-path buffer, or the mail data buffer.
QUIT (QUIT)
This command specifies that the receiver must send an OK
reply, and then close the transmission channel.
The receiver should not close the transmission channel until
it receives and replies to a QUIT command (even if there was
an error). The sender should not close the transmission
channel until it send a QUIT command and receives the reply
(even if there was an error response to a previous command).
If the connection is closed prematurely the receiver should
act as if a RSET command had been received (canceling any
pending transaction, but not undoing any previously
completed transaction), the sender should act as if the
command or transaction in progress had received a temporary
error (4xx).
There are restrictions on the order in which these command may
be used.
The first command in a session must be the HELO command.
The HELO command may be used later in a session as well.
[Page 22] Postel
RFC 788 November 1981
Simple Mail Transfer Protocol
The NOOP, HELP, EXPN, and VRFY commands can be used at any
time during a session.
The MAIL, SEND, SOML, or SAML commands begin a mail
transaction. Once started a mail transaction consists of
one of the transaction beginning commands, one or more RCPT
commands, and a DATA command, in that order. A mail
transaction may be aborted by the RSET command. There may
be zero or more transactions in a session.
The last command in a session must be the QUIT command. The
QUIT command can not be used at any other time in a session.
4.1.2. COMMAND SYNTAX
The commands consist of a command code followed by an argument
field. Command codes are four alphabetic characters. Upper
and lower case alphabetic characters are to be treated
identically. Thus, any of the following may represent the mail
command:
MAIL Mail mail MaIl mAIl
This also applies to any symbols representing parameter values,
such as "TO" or "to" for the forward-path. Command codes and
the argument fields are separated by one or more spaces.
However, within the reverse-path and forward-path arguments
case is important. In particular, in some hosts the user
"smith" is different from the user "Smith".
The argument field consists of a variable length character
string ending with the character sequence <CRLF>. The receiver
is to take no action until this sequence is received.
Square brackets denote an optional argument field. If the
option is not taken, the appropriate default is implied.
Postel [Page 23]
November 1981 RFC 788
Simple Mail Transfer Protocol
The following are the SMTP commands:
HELO <SP> <host> <CRLF>
MAIL <SP> FROM:<reverse-path> <CRLF>
RCPT <SP> TO:<forward-path> <CRLF>
DATA <CRLF>
RSET <CRLF>
SEND <SP> FROM:<reverse-path> <CRLF>
SOML <SP> FROM:<reverse-path> <CRLF>
SAML <SP&
features.
o Update record payload protection cryptographic
mechanisms and algorithms to address known weaknesses
in the CBC block cipher modes and to replace RC4.
o Reevaluate handshake contents, e.g.,: Is time needed in
client hello? Should signature in server key exchange
cover entire handshake? Are bigger randoms required?
Should there be distinct cipher list for each version? Are
additional mechanisms needed to prevent version rollback
needed?
o The WG will consider the privacy implications of
TLS1.3 and where possible (balancing with other requirements)
will aim to make TLS1.3 more privacy-friendly, e.g. via more
consistent application traffic padding, more considered use
of long term identifying values, etc.
A secondary purpose is to maintain previous version of
the (D)TLS protocols as well as to specify the use of
(D)TLS, recommendations for use of (D)TLS, extensions to
(D)TLS, and cipher suites. However, changes or additions
to older versions of (D)TLS whether via extensions or
ciphersuites are discouraged and require significant
justification to be taken on as work items.
With these objectives in mind, the TLS WG will also place a priority
in minimizing gratuitous changes to TLS.
Milestone/Dates:
201404 - CBC Fixes to IESG
201405 - RC4 replacement to IESG
201411 - (D)TLS 1.3 to IESG