Skip to main content

SMTP MTA Strict Transport Security (MTA-STS)
draft-ietf-uta-mta-sts-21

Revision differences

Document history

Date Rev. By Action
2018-09-18
21 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2018-09-08
21 (System) RFC Editor state changed to AUTH48 from RFC-EDITOR
2018-08-20
21 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2018-06-22
21 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2018-06-22
21 (System) IANA Action state changed to Waiting on RFC Editor from Waiting on Authors
2018-06-21
21 (System) IANA Action state changed to Waiting on Authors from In Progress
2018-06-21
21 (System) IANA Action state changed to In Progress from On Hold
2018-06-19
21 (System) IANA Action state changed to On Hold from In Progress
2018-06-18
21 (System) RFC Editor state changed to EDIT
2018-06-18
21 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2018-06-18
21 (System) Announcement was received by RFC Editor
2018-06-18
21 (System) IANA Action state changed to In Progress
2018-06-17
21 Cindy Morgan IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2018-06-17
21 Cindy Morgan IESG has approved the document
2018-06-17
21 Cindy Morgan Closed "Approve" ballot
2018-06-17
21 Cindy Morgan Ballot approval text was generated
2018-06-16
21 Alexey Melnikov IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup
2018-06-16
21 Alexey Melnikov [Ballot comment]
Discussion of IANA registration of ".well-known/mta-sts.txt" with the Designated Expert is in progress.
2018-06-16
21 Alexey Melnikov Ballot comment text updated for Alexey Melnikov
2018-06-16
21 Alexey Melnikov RFC Editor Note was changed
2018-06-16
21 Alexey Melnikov RFC Editor Note for ballot was generated
2018-06-16
21 Alexey Melnikov RFC Editor Note for ballot was generated
2018-06-15
21 Alex Brotman New version available: draft-ietf-uta-mta-sts-21.txt
2018-06-15
21 (System) New version approved
2018-06-15
21 (System) Request for posting confirmation emailed to previous authors: Mark Risher , Alexander Brotman , Binu Ramakrishnan , Daniel Margolis , Janet Jones
2018-06-15
21 Alex Brotman Uploaded new revision
2018-06-12
20 Gunter Van de Velde Closed request for Telechat review by OPSDIR with state 'No Response'
2018-06-06
20 Alex Brotman New version available: draft-ietf-uta-mta-sts-20.txt
2018-06-06
20 (System) New version approved
2018-06-06
20 (System) Request for posting confirmation emailed to previous authors: Mark Risher , Alexander Brotman , Binu Ramakrishnan , Daniel Margolis , Janet Jones
2018-06-06
20 Alex Brotman Uploaded new revision
2018-05-30
19 Eric Rescorla [Ballot comment]
Thank you for addressing my DISCUSS.
2018-05-30
19 Eric Rescorla [Ballot Position Update] Position for Eric Rescorla has been changed to No Objection from Discuss
2018-05-24
19 Adam Roach [Ballot comment]
Thanks to the authors of draft-ietf-uta-smtp-tlsrpt for addressing the situation highlighted in my earlier DISCUSS.
2018-05-24
19 Adam Roach [Ballot Position Update] Position for Adam Roach has been changed to Yes from Discuss
2018-05-23
19 Warren Kumari
[Ballot comment]
I still don't love this - it feels like it is still "reserving" a DNS label, but -18 text is close enough to …
[Ballot comment]
I still don't love this - it feels like it is still "reserving" a DNS label, but -18 text is close enough to having this as  a convention that I'm OK with it...

Thank you!
W

Previous DISCUSS position:
[ Edit: Could the format of the _mta-sts to be something like:
"_mta-sts.example.com.  TXT "v=STSv2; id=20180114T070707; label=foo"  ?

This would mean that the policy can be fetched from foo.example.com - the record *could* specify "label=mta-sts" if it wanted - this allows this to work without "reserving" a DNS label.  ]


I apologize, this DISCUSS written in a rush.

I'm uncomfortable with the DNS "reservations" happening in this document -- it basically reserves the (leftmost) DNS labels _mta-sts (as a TXT record) and mta-sts as a hard-coded name -- I think that this needs to be better documented / in the IANA considerations.

I apologize for the lack of detail/lack of actionable content - I couldn't decide between Deferring and balloting DISCUSS -- I decided on DISCUSS because  I think I need to think about this, and clearing a DISCUSS is simpler than having the document stuck for a full cycle.
2018-05-23
19 Warren Kumari [Ballot Position Update] Position for Warren Kumari has been changed to No Objection from Discuss
2018-05-23
19 Daniel Margolis New version available: draft-ietf-uta-mta-sts-19.txt
2018-05-23
19 (System) New version approved
2018-05-23
19 (System) Request for posting confirmation emailed to previous authors: Mark Risher , Alexander Brotman , Binu Ramakrishnan , Daniel Margolis , Janet Jones
2018-05-23
19 Daniel Margolis Uploaded new revision
2018-05-21
18 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-05-21
18 (System) IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2018-05-21
18 Alex Brotman New version available: draft-ietf-uta-mta-sts-18.txt
2018-05-21
18 (System) New version approved
2018-05-21
18 (System) Request for posting confirmation emailed to previous authors: Alexander Brotman , Binu Ramakrishnan , Mark Risher , uta-chairs@ietf.org, Janet Jones , Daniel Margolis
2018-05-21
18 Alex Brotman Uploaded new revision
2018-05-10
17 Cindy Morgan IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation
2018-05-10
17 Warren Kumari
[Ballot discuss]
[ Edit: Could the format of the _mta-sts to be something like:
"_mta-sts.example.com.  TXT "v=STSv2; id=20180114T070707; label=foo"  ?

This would mean that the …
[Ballot discuss]
[ Edit: Could the format of the _mta-sts to be something like:
"_mta-sts.example.com.  TXT "v=STSv2; id=20180114T070707; label=foo"  ?

This would mean that the policy can be fetched from foo.example.com - the record *could* specify "label=mta-sts" if it wanted - this allows this to work without "reserving" a DNS label.  ]


I apologize, this DISCUSS written in a rush.

I'm uncomfortable with the DNS "reservations" happening in this document -- it basically reserves the (leftmost) DNS labels _mta-sts (as a TXT record) and mta-sts as a hard-coded name -- I think that this needs to be better documented / in the IANA considerations.

I apologize for the lack of detail/lack of actionable content - I couldn't decide between Deferring and balloting DISCUSS -- I decided on DISCUSS because  I think I need to think about this, and clearing a DISCUSS is simpler than having the document stuck for a full cycle.
2018-05-10
17 Warren Kumari Ballot discuss text updated for Warren Kumari
2018-05-10
17 Warren Kumari
[Ballot discuss]
[ Edit: Could the format of the _mta-sts to be something like:
"_mta-sts.example.com.  TXT "v=STSv2; id=20180114T070707; label=foo"

This would mean that the policy …
[Ballot discuss]
[ Edit: Could the format of the _mta-sts to be something like:
"_mta-sts.example.com.  TXT "v=STSv2; id=20180114T070707; label=foo"

This would mean that the policy can be fetched from foo.example.com - the record *could* specify "label=mta-sts" if it liked... ]


I apologize, this DISCUSS written in a rush.

I'm uncomfortable with the DNS "reservations" happening in this document -- it basically reserves the (leftmost) DNS labels _mta-sts (as a TXT record) and mta-sts as a hard-coded name -- I think that this needs to be better documented / in the IANA considerations.

I apologize for the lack of detail/lack of actionable content - I couldn't decide between Deferring and balloting DISCUSS -- I decided on DISCUSS because  I think I need to think about this, and clearing a DISCUSS is simpler than having the document stuck for a full cycle.
2018-05-10
17 Warren Kumari Ballot discuss text updated for Warren Kumari
2018-05-10
17 Martin Vigoureux [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux
2018-05-10
17 Ignas Bagdonas [Ballot Position Update] New position, No Objection, has been recorded for Ignas Bagdonas
2018-05-10
17 Alissa Cooper [Ballot Position Update] New position, No Objection, has been recorded for Alissa Cooper
2018-05-09
17 Suresh Krishnan [Ballot Position Update] New position, No Objection, has been recorded for Suresh Krishnan
2018-05-09
17 Terry Manderson [Ballot Position Update] New position, No Objection, has been recorded for Terry Manderson
2018-05-09
17 Ben Campbell
[Ballot comment]
I'm balloting "Yes" because I want to see this work published. But I have a few concerns:

§3 seems to leave much of …
[Ballot comment]
I'm balloting "Yes" because I want to see this work published. But I have a few concerns:

§3 seems to leave much of the interpretation of the TXT record as "implication". It should be explicit. I'd like to see the specific steps the sender is supposed to follow (perhaps the flow in §5.1 could be expanded to include the TXT query and interpretation?

For example, the idea that a non-existent record means no MTA-STS support is sort of buried in the description of multiple text records. Would it be reasonable to say that the sender SHOULD NOT query for policy if the id hasn't changed since a previous query?

§3.3:
- "When fetching a new policy or updating a policy, the HTTPS endpoint MUST present a X.509 certificate which is valid for the "mta-sts"
I find this confusing. Which endpoint is doing the fetching? Which one MUST present the cert. Are we talking about this in the context of TLS or something else?
- Why is checking for certificate revocation only a MAY?
- Does the term "sender" refer to the SMTP sender, or something else?

§4.1: Why is checking for certificate revocation only a MAY?
2018-05-09
17 Ben Campbell [Ballot Position Update] New position, Yes, has been recorded for Ben Campbell
2018-05-09
17 Spencer Dawkins [Ballot Position Update] New position, No Objection, has been recorded for Spencer Dawkins
2018-05-09
17 Amanda Baber IANA Review state changed to IANA - Not OK from Version Changed - Review Needed
2018-05-09
17 Warren Kumari
[Ballot discuss]
I apologize, this DISCUSS written in a rush.

I'm uncomfortable with the DNS "reservations" happening in this document -- it basically reserves the …
[Ballot discuss]
I apologize, this DISCUSS written in a rush.

I'm uncomfortable with the DNS "reservations" happening in this document -- it basically reserves the (leftmost) DNS labels _mta-sts (as a TXT record) and mta-sts as a hard-coded name -- I think that this needs to be better documented / in the IANA considerations.

I apologize for the lack of detail/lack of actionable content - I couldn't decide between Deferring and balloting DISCUSS -- I decided on DISCUSS because  I think I need to think about this, and clearing a DISCUSS is simpler than having the document stuck for a full cycle.
2018-05-09
17 Warren Kumari Ballot discuss text updated for Warren Kumari
2018-05-09
17 Warren Kumari
[Ballot discuss]
I apologize, this DISCUSS written in a rush.

I'm uncomfortable with the DNS "reservations" happening in this document -- it basically reserves the …
[Ballot discuss]
I apologize, this DISCUSS written in a rush.

I'm uncomfortable with the DNS "reservations" happening in this document -- it basically reserves the (leftmost) DNS labels _mta-sts (as a TXT record) and mta-sts as a hard-coded name -- I think that this needs to be better documented / in the IANA considerations.

I apologize for the lack of detail/lack of actionable content - I couldn't decide between Deferring and balloting DISCUSS - seeing as there are already 2 DISCUSSes I figured the latter - I think I need to think about this, and clearing a DISCUSS is simpler than having the document stuck.
2018-05-09
17 Warren Kumari [Ballot Position Update] New position, Discuss, has been recorded for Warren Kumari
2018-05-09
17 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2018-05-09
17 Deborah Brungard [Ballot Position Update] New position, No Objection, has been recorded for Deborah Brungard
2018-05-09
17 Benjamin Kaduk
[Ballot comment]
Thanks for the well-written document!  Other people have noted some things already,
so I can only add small things.

Section 3.1

Did you …
[Ballot comment]
Thanks for the well-written document!  Other people have noted some things already,
so I can only add small things.

Section 3.1

Did you consider ABNF that would let new versions be defined without
having to redefine the ABNF?


Section 3.2

  When fetching a policy, senders SHOULD validate that the media type
  is "text/plain" to guard against cases where webservers allow
  untrusted users to host non-text content (typically, HTML or images)
  at a user-defined path.  All parameters other charset=utf-8 or
  charset=us-ascii are ignored.

Nit: "other than"


Section 5

Should the "enforce" text also mention the STARTTLS requirement from
Section 4?


Section 7.2

It's probably better to cite this as BCP 195 than RFC 7525 directly.


Section 8.1

  Recipients should also prefer to update the HTTPS policy body before
  updating the TXT record; this ordering avoids the risk that senders,
  seeing a new TXT record, mistakenly cache the old policy from HTTPS.

It seems like this risk would be mitigated if the "id" value from
the TXT record was required to also appear in the policy body as an
identifier.  But presumably that would cause issues elsewhere, as it
is not the case in the current document.
2018-05-09
17 Benjamin Kaduk [Ballot Position Update] New position, No Objection, has been recorded for Benjamin Kaduk
2018-05-09
17 Alexey Melnikov
[Ballot comment]
Discussion of IANA registration of ".well-known/mta-sts.txt" with the Designated Expert is in progress.

Some comments from Ned Freed (in particular ABNF related) still …
[Ballot comment]
Discussion of IANA registration of ".well-known/mta-sts.txt" with the Designated Expert is in progress.

Some comments from Ned Freed (in particular ABNF related) still need to be addressed.
2018-05-09
17 Alexey Melnikov Ballot comment text updated for Alexey Melnikov
2018-05-09
17 Alexey Melnikov IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup
2018-05-08
17 Adam Roach
[Ballot discuss]
Thanks to everyone who contributed to this document. I intend to ballot "yes,"
once the following issue has been resolved:

This document defines …
[Ballot discuss]
Thanks to everyone who contributed to this document. I intend to ballot "yes,"
once the following issue has been resolved:

This document defines three modes: "enforce", "testing", and "none". It is
intended to work in conjunction with draft-ietf-uta-smtp-tlsrpt, which shows the
use of "mode: report" in all of its examples.

On a quick survey of hosts I can quickly find publishing MTA-STS records, I
find:

version: STSv1
mode: testing
mx: aspmx.l.google.com
mx: .aspmx.l.google.com
max_age: 86400

version: STSv1
mode: report
mx: mx00.emig.gmx.net
mx: mx01.emig.gmx.net
max_age: 604800

version: STSv1
mode: report
mx: mx1.comcast.net
mx: mx2.comcast.net
max_age: 2592000

version: STSv1
mode: report
mx: *.am0.yahoodns.net
max_age: 86400

The implementation confusion here appears to be real. Please ensure that
draft-ietf-uta-smtp-tlsrpt and draft-ietf-uta-mta-sts agree about valid values
for the "mode" parameter.
2018-05-08
17 Adam Roach [Ballot Position Update] New position, Discuss, has been recorded for Adam Roach
2018-05-07
17 Alexey Melnikov [Ballot comment]
Discussion of IANA registration of ".well-known/mta-sts.txt" with the Designated Expert is in progress.
2018-05-07
17 Alexey Melnikov Ballot comment text updated for Alexey Melnikov
2018-05-07
17 Mirja Kühlewind
[Ballot comment]
Some questions on use of normative language:

1) sec 3.3.: Is there a reason that you not always use normative language for the …
[Ballot comment]
Some questions on use of normative language:

1) sec 3.3.: Is there a reason that you not always use normative language for the recommendation regarding rate limiting?
e.g. "...we suggest implementions may limit further attempts to a period of five minutes or longer..." or "A suggested timeout is one minute, and a suggested maximum policy size 64 kilobytes".
(also a nit here s/implementions/implementations/)

2) Also in sec 8.1. and 8.2 you maybe want to use normative language as well...?

3) And there also a few cases in section 10.2 where normative language could be appropriate/help:
"we strongly recommend implementers to prefer policy "max_age" values to be as long as is practical." and "we suggest implementers do not wait until a cached policy has expired before checking for an update" and "MTAs should alert administrators to repeated policy refresh failures long before cached policies expire"
2018-05-07
17 Mirja Kühlewind [Ballot Position Update] New position, No Objection, has been recorded for Mirja Kühlewind
2018-05-03
17 Eric Rescorla
[Ballot discuss]
Rich version of this review at:
https://mozphab-ietf.devsvcdev.mozaws.net/D4010



DETAIL
S 3.3.
>        character '*' as the complete left-most label within the …
[Ballot discuss]
Rich version of this review at:
https://mozphab-ietf.devsvcdev.mozaws.net/D4010



DETAIL
S 3.3.
>        character '*' as the complete left-most label within the
>        identifier.

>      The certificate MAY be checked for revocation via the Online
>      Certificate Status Protocol (OCSP) [RFC6960], certificate revocation
>      lists (CRLs), or some other mechanism.

Why is revocation only MAY?


S 4.
>      1.  That the recipient MX supports STARTTLS and offers a valid PKIX-
>          based TLS certificate.

>      2.  That at least one of the policy's "mx" patterns matches at least
>          one of the identities presented in the MX's X.509 certificate, as
>          described in "MX Certificate Validation".

This doesn't seem like quite what you want. Consider the case where
the STS policy has:


S 5.
>          as though it does not have any active policy; see Section 8.3,
>          "Removing MTA-STS", for use of this mode value.

>      When a message fails to deliver due to an "enforce" policy, a
>      compliant MTA MUST NOT permanently fail to deliver messages before
>      checking for the presence of an updated policy at the Policy Domain.

What exactly does this mean? That you have to do HTTPS or just do a
new DNS resolution despite the TTL?


S 8.2.
>      to the hosting organization.  This can be done either by setting the
>      "mta-sts" record to an IP address or CNAME specified by the hosting
>      organization and by giving the hosting organization a TLS certificate
>      which is valid for that host, or by setting up a "reverse proxy"
>      (also known as a "gateway") server that serves as the Policy Domain's
>      policy the policy currently served by the hosting organization.

What certificate do I expect in this case?
2018-05-03
17 Eric Rescorla
[Ballot comment]
S 1.

>      o  whether MTAs sending mail to this domain can expect PKIX-
>        authenticated TLS …
[Ballot comment]
S 1.

>      o  whether MTAs sending mail to this domain can expect PKIX-
>        authenticated TLS support

>      o  what a conforming client should do with messages when TLS cannot
>        be successfully negotiated

It would be nice if you stated here that you publish them in the DNS.


S 3.2.

>      The policy itself is a set of key/value pairs (similar to [RFC5322]
>      header fields) served via the HTTPS GET method from the fixed
>      [RFC5785] "well-known" path of ".well-known/mta-sts.txt" served by
>      the "mta-sts" host at the Policy Domain.  Thus for "example.com" the
>      path is "https://mta-sts.example.com/.well-known/mta-sts.txt".

This is slightly confusing text, because domains and  hosts aren't
distinguished categories. I'm not sure what the correct terminology is
for DNS, but the point seems to be that you get it by prepending the
mta-sts label to the policy domain.


S 3.2.
>      path is "https://mta-sts.example.com/.well-known/mta-sts.txt".

>      When fetching a policy, senders SHOULD validate that the media type
>      is "text/plain" to guard against cases where webservers allow
>      untrusted users to host non-text content (typically, HTML or images)
>      at a user-defined path.  All parameters other charset=utf-8 or

Nit: "other than"


S 3.2.
>      charset=us-ascii are ignored.  Additional "Content-Type" parameters
>      are also ignored.

>      This resource contains the following CRLF-separated key/value pairs:

>      o  "version": (plain-text).  Currently only "STSv1" is supported.

What does "plain-text" mean? I don't see a definition,


S 3.2.
>      o  "max_age": Max lifetime of the policy (plain-text non-negative
>        integer seconds, maximum value of 31557600).  Well-behaved clients
>        SHOULD cache a policy for up to this value from last policy fetch
>        time.  To mitigate the risks of attacks at policy refresh time, it
>        is expected that this value typically be in the range of weeks or
>        greater.

What if I receive a policy with a lifetime less than that remaining in
the previously received policy


S 3.2.

>      indicates that mail for this domain might be handled by any MX with a
>      certificate valid for a host at "mail.example.com" or "example.net".
>      Valid patterns can be either fully specified names ("example.com") or
>      suffixes (".example.net") matching the right-hand parts of a server's
>      identity; the latter case are distinguished by a leading period.  If

How many labels can be prepended here. Is "a.b.c.example.net" valid?


S 3.3.
>      is duplicated, all entries except for the first SHALL be ignored.  If
>      any field is not specified, the policy SHALL be treated as invalid.

>  3.3.  HTTPS Policy Fetching

>      When fetching a new policy or updating a policy, the HTTPS endpoint

You probably need a 2818 citation here.


S 4.1.
>      The certificate presented by the receiving MX MUST chain to a root CA
>      that is trusted by the sending MTA and be non-expired.  The
>      certificate MUST have a subject alternative name (SAN, [RFC5280])
>      with a DNS-ID ([RFC6125]) matching the "mx" pattern.  The MX's
>      certificate MAY also be checked for revocation via OCSP [RFC6960],
>      CRLs [RFC6818], or some other mechanism.

Why isn't this required?


S 4.1.
>      identical to other common cases of X.509 certificate authentication
>      (as described, for example, in [RFC6125]).  Consider the example
>      policy given above, with an "mx" pattern containing ".example.com".
>      In this case, if the MX server's X.509 certificate contains a SAN
>      matching "*.example.com", we are required to implement "wildcard-to-
>      wildcard" matching.

If you follow my advice above, this will not be necessary.


S 8.1.
>      may be unable to discover that a new policy exists until the DNS TTL
>      has passed.  Recipients should therefore ensure that old policies
>      continue to work for message delivery during this period of time, or
>      risk message delays.

>      Recipients should also prefer to update the HTTPS policy body before

Do you mean SHOULD?


S 8.1.
>      continue to work for message delivery during this period of time, or
>      risk message delays.

>      Recipients should also prefer to update the HTTPS policy body before
>      updating the TXT record; this ordering avoids the risk that senders,
>      seeing a new TXT record, mistakenly cache the old policy from HTTPS.

Wouldn't it be easier to just to version the policies?


S 10.2.
>      mode, to allow clean MTA-STS removal, as described in Section 8.3.)

>      Resistance to downgrade attacks of this nature--due to the ability to
>      authoritatively determine "lack of a record" even for non-
>      participating recipients--is a feature of DANE, due to its use of
>      DNSSEC for policy discovery.

I'm surprised that you don't note that if you use DNSSEC (and the
client validates), you are in general resistant to this form of
attack.
2018-05-03
17 Eric Rescorla [Ballot Position Update] New position, Discuss, has been recorded for Eric Rescorla
2018-05-03
17 Cindy Morgan New version available: draft-ietf-uta-mta-sts-17.txt
2018-05-03
17 (System) Secretariat manually posting. Approvals already received
2018-05-03
17 Cindy Morgan Uploaded new revision
2018-05-02
16 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-05-02
16 (System) IANA Review state changed to Version Changed - Review Needed from IANA - Not OK
2018-05-02
16 Alex Brotman New version available: draft-ietf-uta-mta-sts-16.txt
2018-05-02
16 (System) New version approved
2018-05-02
16 (System) Request for posting confirmation emailed to previous authors: uta-chairs@ietf.org, Binu Ramakrishnan , Alexander Brotman , Mark Risher , Janet Jones , Daniel Margolis
2018-05-02
16 Alex Brotman Uploaded new revision
2018-04-23
15 Alexey Melnikov IESG state changed to Waiting for AD Go-Ahead::Revised I-D Needed from Waiting for AD Go-Ahead
2018-04-23
15 (System) IESG state changed to Waiting for AD Go-Ahead from In Last Call
2018-04-20
15 (System) IANA Review state changed to IANA - Not OK from IANA - Review Needed
2018-04-20
15 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-uta-mta-sts-15. If any part of this review is inaccurate, please let …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-ietf-uta-mta-sts-15. If any part of this review is inaccurate, please let us know.

The IANA Services Operator has a question about one of the actions requested in the IANA Considerations section of this document.

The IANA Services Operator understands that, upon approval of this document, there are three actions which we must complete.

First, in the Well-Known URIs registry located at:

https://www.iana.org/assignments/well-known-uris/

a single, new registration will be made as follows:

URI Suffix: mta-sts.txt
Change Controller: IETF
Reference: [ RFC-to-be ]
Related Information:
Date Registered: [ TBD-at-Registration ]

As this document requests registrations in an Expert Review (see RFC 8126) registry, we will initiate the required Expert Review via a separate request. Expert review will need to be completed before your document can be approved for publication as an RFC.

Second, a new registry is to be created called the MTA-STS TXT Record Fields registry.

IANA Question --> Where should this new registry be located? Should it be added to an existing registry page? If not, does it belong in an existing category at http://www.iana.org/protocols?

The new registry will be managed via Expert Review as defined by RFC 8126. There are initial registrations in the new registry as follows:

+------------+--------------------+---------------------------+
| Field Name | Description | Reference |
+------------+--------------------+---------------------------+
| v | Record version | [ RFC-to-be Section 3.1 ] |
| id | Policy instance ID | [ RFC-to-be Section 3.1 ] |
+------------+--------------------+---------------------------+

Third, a new registry is to be created called the MTA-STS Policy Fields registry.

IANA Question --> Where should this new registry be located? Should it be added to an existing registry page? If not, does it belong in an existing category at http://www.iana.org/protocols?

The new registry will be managed via Expert Review as defined by RFC 8126. There are initial registrations in the new registry as follows:

+------------+----------------------+---------------------------+
| Field Name | Description | Reference |
+------------+----------------------+---------------------------+
| version | Policy version | [ RFC-to-be Section 3.2 ] |
| mode | Enforcement behavior | [ RFC-to-be Section 3.2 ] |
| max_age | Policy lifetime | [ RFC-to-be Section 3.2 ] |
| mx | MX identities | [ RFC-to-be Section 3.2 ] |
+------------+----------------------+---------------------------+

The IANA Services Operator understands that these are the only actions required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is meant only to confirm the list of actions that will be performed.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist
2018-04-19
15 Tero Kivinen Request for Telechat review by SECDIR Completed: Ready. Reviewer: Paul Hoffman.
2018-04-16
15 Alexey Melnikov Ballot has been issued
2018-04-16
15 Alexey Melnikov [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov
2018-04-16
15 Alexey Melnikov Created "Approve" ballot
2018-04-16
15 Alexey Melnikov Ballot writeup was changed
2018-04-09
15 Amy Vezza IANA Review state changed to IANA - Review Needed
2018-04-09
15 Amy Vezza
The following Last Call announcement was sent out (ends 2018-04-23):

From: The IESG
To: IETF-Announce
CC: draft-ietf-uta-mta-sts@ietf.org, uta-chairs@ietf.org, uta@ietf.org, Leif Johansson , …
The following Last Call announcement was sent out (ends 2018-04-23):

From: The IESG
To: IETF-Announce
CC: draft-ietf-uta-mta-sts@ietf.org, uta-chairs@ietf.org, uta@ietf.org, Leif Johansson , alexey.melnikov@isode.com, leifj@sunet.se
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard


The IESG has received a request from the Using TLS in Applications WG (uta)
to consider the following document: - 'SMTP MTA Strict Transport Security
(MTA-STS)'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2018-04-23. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract


  SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a
  mechanism enabling mail service providers to declare their ability to
  receive Transport Layer Security (TLS) secure SMTP connections, and
  to specify whether sending SMTP servers should refuse to deliver to
  MX hosts that do not offer TLS with a trusted server certificate.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/ballot/

The following IPR Declarations may be related to this I-D:

  https://datatracker.ietf.org/ipr/2776/





2018-04-09
15 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2018-04-09
15 Amy Vezza Last call announcement was changed
2018-04-08
15 Alexey Melnikov
All my AD review comments other than the following were addressed in -15

> 4) 3.2.  MTA-STS Policies
>
>    The [RFC7231] …
All my AD review comments other than the following were addressed in -15

> 4) 3.2.  MTA-STS Policies
>
>    The [RFC7231] "Content-Type" media type for this resource MUST be
>    "text/plain".
>
> I think this requirement is a bit strong, because we should really
> register a new text/... media type for the policy format documented in
> the draft. I appreciate that this is not necessarily what you want to do
> in the document.


> 8) In the same section:
>
>    sts-policy-max-age-value = 1*10(DIGIT)
>
> Your ABNF allows for leading 0s. Are leading zeroes Ok? If not, you
> either need to make the ABNF more restrictive or you add an ABNF comment
> saying that. For example for the latter:
>
>    sts-policy-max-age-value = 1*10(DIGIT)
>                              ; leading 0s are disallowed
>
> If leading 0s are allowed, you don't have to do anything (you can say
> that explicitly). I just wanted to double check.
>
> 8) In the same section:
>
>    sts-policy-ext-value    = 1*(%x21-3A / %x3C / %x3E-7E)
>                            ; chars, excluding "=", ";", SP, and
>                            ; control chars
>
> I just want to double check that you really want to be that restrictive
> in the policy format? If extensions want to add a field with human
> readable text, at least allowing for space might be useful. I don't see
> much reason to prohibit "=" and ";" here either.
2018-04-08
15 Alexey Melnikov Last call was requested
2018-04-08
15 Alexey Melnikov Last call announcement was generated
2018-04-08
15 Alexey Melnikov Ballot approval text was generated
2018-04-08
15 Alexey Melnikov Ballot writeup was generated
2018-04-08
15 Alexey Melnikov IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2018-04-05
15 Christer Holmberg Request for Telechat review by GENART Completed: Ready. Reviewer: Christer Holmberg. Sent review to list.
2018-04-05
15 Jean Mahoney Request for Telechat review by GENART is assigned to Christer Holmberg
2018-04-05
15 Jean Mahoney Request for Telechat review by GENART is assigned to Christer Holmberg
2018-04-04
15 (System) Sub state has been changed to AD Followup from Revised ID Needed
2018-04-04
15 Alex Brotman New version available: draft-ietf-uta-mta-sts-15.txt
2018-04-04
15 (System) New version approved
2018-04-04
15 (System) Request for posting confirmation emailed to previous authors: uta-chairs@ietf.org, Binu Ramakrishnan , Alexander Brotman , Mark Risher , Janet Jones , Daniel Margolis
2018-04-04
15 Alex Brotman Uploaded new revision
2018-03-26
14 Gunter Van de Velde Request for Telechat review by OPSDIR is assigned to Fred Baker
2018-03-26
14 Gunter Van de Velde Request for Telechat review by OPSDIR is assigned to Fred Baker
2018-03-22
14 Tero Kivinen Request for Telechat review by SECDIR is assigned to Paul Hoffman
2018-03-22
14 Tero Kivinen Request for Telechat review by SECDIR is assigned to Paul Hoffman
2018-03-21
14 Alexey Melnikov Placed on agenda for telechat - 2018-05-10
2018-03-20
14 Valery Smyslov Added to session: IETF-101: uta  Thu-1810
2018-03-12
14 Alexey Melnikov IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2018-03-12
14 Alexey Melnikov IESG state changed to AD Evaluation from Publication Requested
2018-03-06
14 Leif Johansson
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated …
As required by RFC 4858, this is the current template for the Document
Shepherd Write-Up.

Changes are expected over time. This version is dated 24 February 2012.

(1) What type of RFC is being requested (BCP, Proposed Standard,
Internet Standard, Informational, Experimental, or Historic)?  Why
is this the proper type of RFC?  Is this type of RFC indicated in the
title page header?

  Proposed Standard as indicated on the title page header and in the
  datatracker.

(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:

Technical Summary

  SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a
  mechanism enabling mail service providers to declare their ability to
  receive Transport Layer Security (TLS) secure SMTP connections, and
  to specify whether sending SMTP servers should refuse to deliver to
  MX hosts that do not offer TLS with a trusted server certificate.

Working Group Summary

  The WG had a hard time aligning on the format of MTA-STS policy
  and initially had chosen JSON as the format. Strong push-back from
  parts of the opensource community led to a change to key-value text
  based format. The consensus is strong on the new format but the path
  there was a bit rough. There is still too little understanding of
  how SNI is deployed in the email domain to warrant clear normative
  language on the use of SNI. Security directorate review may change
  this a bit but probably not much. The WG consensus is to leave the
  language as is in the draft.

Document Quality

  There are multiple implementations on the protocol and major email-
  providers (eg google) are already deploying the protocol as specified. 
  There are indications that major opensource implementations of MTAs
  will implement the protocol.


Personnel

  Who is the Document Shepherd? Who is the Responsible Area
  Director?

  Leif Johansson (shep)
  Alexei Melnikov (AD)

(3) Briefly describe the review of this document that was performed by
the Document Shepherd.  If this version of the document is not ready
for publication, please explain why the document is being forwarded to
the IESG.

  I have reviewed the document and find it ready. A second shepheard
  review is under way by the co-chair.

(4) Does the document Shepherd have any concerns about the depth or
breadth of the reviews that have been performed?

  None. There has been signifficant review by implementors and by
  other members of the WG.

(5) Do portions of the document need review from a particular or from
broader perspective, e.g., security, operational complexity, AAA, DNS,
DHCP, XML, or internationalization? If so, describe the review that
took place.

  No but an expert ABNF review would be useful.

(6) Describe any specific concerns or issues that the Document Shepherd
has with this document that the Responsible Area Director and/or the
IESG should be aware of? For example, perhaps he or she is uncomfortable
with certain parts of the document, or has concerns whether there really
is a need for it. In any event, if the WG has discussed those issues and
has indicated that it still wishes to advance the document, detail those
concerns here.

  See note about SNI above.

(7) Has each author confirmed that any and all appropriate IPR
disclosures required for full conformance with the provisions of BCP 78
and BCP 79 have already been filed. If not, explain why.

  Yes. IPR has already been filed against the document by Yahoo.

(8) Has an IPR disclosure been filed that references this document?
If so, summarize any WG discussion and conclusion regarding the IPR
disclosures.

  The WG has not discussed the IPR disclosure which grants "Royalty-Free,
  Reasonable and Non-Discriminatory License to All Implementers". The
  IPR disclosure lacks a link/info about the patent (no patent details).
  I don't know if this is cause for concern though.

(9) How solid is the WG consensus behind this document? Does it
represent the strong concurrence of a few individuals, with others
being silent, or does the WG as a whole understand and agree with it? 

  The WG consensus is strong at this point (cf note about JSON
  controversy earlier).

(10) Has anyone threatened an appeal or otherwise indicated extreme
discontent? If so, please summarise the areas of conflict in separate
email messages to the Responsible Area Director. (It should be in a
separate email because this questionnaire is publicly available.)

  No

(11) Identify any ID nits the Document Shepherd has found in this
document. (See https://www.ietf.org/tools/idnits/ and the Internet-Drafts
Checklist). Boilerplate checks are not enough; this check needs to be
thorough.

  Minor warnings only. Authors will address in final revision.

(12) Describe how the document meets any required formal review
criteria, such as the MIB Doctor, media type, and URI type reviews.

  None are applicable as far as I can see but an ABNF review
  would be useful.

(13) Have all references within this document been identified as
either normative or informative?

  Yes

(14) Are there normative references to documents that are not ready for
advancement or are otherwise in an unclear state? If such normative
references exist, what is the plan for their completion?

  No

(15) Are there downward normative references references (see RFC 3967)?
If so, list these downward references to support the Area Director in
the Last Call procedure.

  No

(16) Will publication of this document change the status of any
existing RFCs? Are those RFCs listed on the title page header, listed
in the abstract, and discussed in the introduction? If the RFCs are not
listed in the Abstract and Introduction, explain why, and point to the
part of the document where the relationship of this document to the
other RFCs is discussed. If this information is not in the document,
explain why the WG considers it unnecessary.

  No

(17) Describe the Document Shepherd's review of the IANA considerations
section, especially with regard to its consistency with the body of the
document. Confirm that all protocol extensions that the document makes
are associated with the appropriate reservations in IANA registries.
Confirm that any referenced IANA registries have been clearly
identified. Confirm that newly created IANA registries include a
detailed specification of the initial contents for the registry, that
allocations procedures for future registrations are defined, and a
reasonable name for the new registry has been suggested (see RFC 5226).

  Two new registry is created ("STS Policy Fields" and "MTA STS TXT
  Record Fields"). The registries are created using the expert review
  policy and is consistent with the document and clearly defined.
 
  One item is registered in the .well-known URI registry. The requirements
  for that registry are fulfilled.

(18) List any new IANA registries that require Expert Review for future
allocations. Provide any public guidance that the IESG would find
useful in selecting the IANA Experts for these new registries.

  "STS Policy Fields" and "MTA STS TXT Record Fields"

  Pick experts that have a solid history and knowledge about email
  deployment. One possible name is Viktor Dukhovni

(19) Describe reviews and automated checks performed by the Document
Shepherd to validate sections of the document written in a formal
language, such as XML code, BNF rules, MIB definitions, etc.

  Bill Fenners ABNF checker shows no errors on the MTA-STS policy format
  definition.


2018-03-06
14 Leif Johansson Responsible AD changed to Alexey Melnikov
2018-03-06
14 Leif Johansson IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2018-03-06
14 Leif Johansson IESG state changed to Publication Requested
2018-03-06
14 Leif Johansson IESG process started in state Publication Requested
2018-03-06
14 Leif Johansson Changed document writeup
2018-01-16
14 Daniel Margolis New version available: draft-ietf-uta-mta-sts-14.txt
2018-01-16
14 (System) New version approved
2018-01-16
14 (System) Request for posting confirmation emailed to previous authors: uta-chairs@ietf.org, Binu Ramakrishnan , Alexander Brotman , Mark Risher , Janet Jones , Daniel Margolis
2018-01-16
14 Daniel Margolis Uploaded new revision
2017-12-04
13 Daniel Margolis New version available: draft-ietf-uta-mta-sts-13.txt
2017-12-04
13 (System) New version approved
2017-12-04
13 (System) Request for posting confirmation emailed to previous authors: uta-chairs@ietf.org, Binu Ramakrishnan , Alexander Brotman , Mark Risher , Janet Jones , Daniel Margolis
2017-12-04
13 Daniel Margolis Uploaded new revision
2017-12-04
12 Daniel Margolis New version available: draft-ietf-uta-mta-sts-12.txt
2017-12-04
12 (System) New version approved
2017-12-04
12 (System) Request for posting confirmation emailed to previous authors: uta-chairs@ietf.org, Binu Ramakrishnan , Alexander Brotman , Mark Risher , Janet Jones , Daniel Margolis
2017-12-04
12 Daniel Margolis Uploaded new revision
2017-11-16
11 Leif Johansson Changed consensus to Yes from Unknown
2017-11-16
11 Leif Johansson Intended Status changed to Proposed Standard from None
2017-11-16
11 Leif Johansson Notification list changed to Leif Johansson <leifj@sunet.se>
2017-11-16
11 Leif Johansson Document shepherd changed to Leif Johansson
2017-11-16
11 Leif Johansson IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document
2017-11-09
11 Cindy Morgan New version available: draft-ietf-uta-mta-sts-11.txt
2017-11-09
11 (System) Secretariat manually posting. Approvals already received
2017-11-09
11 Cindy Morgan Uploaded new revision
2017-09-28
10 Alex Brotman New version available: draft-ietf-uta-mta-sts-10.txt
2017-09-28
10 (System) New version approved
2017-09-28
10 (System) Request for posting confirmation emailed to previous authors: Alexander Brotman , Binu Ramakrishnan , Mark Risher , uta-chairs@ietf.org, Janet Jones , Daniel Margolis
2017-09-28
10 Alex Brotman Uploaded new revision
2017-09-05
09 Alex Brotman New version available: draft-ietf-uta-mta-sts-09.txt
2017-09-05
09 (System) New version approved
2017-09-05
09 (System) Request for posting confirmation emailed to previous authors: Alexander Brotman , Binu Ramakrishnan , Mark Risher , uta-chairs@ietf.org, Janet Jones , Daniel Margolis
2017-09-05
09 Alex Brotman Uploaded new revision
2017-08-15
08 Alex Brotman New version available: draft-ietf-uta-mta-sts-08.txt
2017-08-15
08 (System) New version approved
2017-08-15
08 (System) Request for posting confirmation emailed to previous authors: Alexander Brotman , Binu Ramakrishnan , Mark Risher , uta-chairs@ietf.org, Janet Jones , Daniel Margolis
2017-08-15
08 Alex Brotman Uploaded new revision
2017-06-29
07 Alex Brotman New version available: draft-ietf-uta-mta-sts-07.txt
2017-06-29
07 (System) New version approved
2017-06-29
07 (System) Request for posting confirmation emailed to previous authors: Alexander Brotman , Daniel Margolis
2017-06-29
07 Alex Brotman Uploaded new revision
2017-05-31
06 Alex Brotman New version available: draft-ietf-uta-mta-sts-06.txt
2017-05-31
06 (System) New version approved
2017-05-31
06 (System) Request for posting confirmation emailed to previous authors: Alexander Brotman , Daniel Margolis , uta-chairs@ietf.org
2017-05-31
06 Alex Brotman Uploaded new revision
2017-05-04
05 Alexey Melnikov
Updated my early AD review as per -05:

1) In 1.1:

  o  Policy Domain: The domain for which an MTA-STS Policy is defined.
  …
Updated my early AD review as per -05:

1) In 1.1:

  o  Policy Domain: The domain for which an MTA-STS Policy is defined.
      This is the next-hop domain; when sending mail to
      "alice@example.com" this would ordinarly be "example.com", but
      this may be overriden by explicit routing rules (as described in
      "Policy Selection for Smart Hosts").

Nit: This needs an internal section reference.
I think there was another place in the document when an internal section number is not mentioned.

2) In 5.1:
  3.  A message delivery MUST NOT be permanently failed until the
      sender has first checked for the presence of a new policy (as
      indicated by the "id" field in the "_mta-sts" TXT record).  If a
      new policy is not found, senders SHOULD apply existing rules for

I don't think SHOULD is appropriate here, as you might have to explain why it is not a MUST.
Just change "SHOULD apply" to "applies"

      the case of temporary message delivery failures (as discussed in
      [RFC5321] section 4.5.4.1).

3) If you want to allow for extensibility, you probably need an IANA registry of fields allowed, so that developers can find them easily. I can help with some text.

4) As per other discussions: need to settle on JSON versa alternative key=value format.
2017-05-04
05 Alex Brotman New version available: draft-ietf-uta-mta-sts-05.txt
2017-05-04
05 (System) New version approved
2017-05-04
05 (System) Request for posting confirmation emailed to previous authors: Alexander Brotman , Daniel Margolis , uta-chairs@ietf.org
2017-05-04
05 Alex Brotman Uploaded new revision
2017-04-05
04 Alex Brotman New version available: draft-ietf-uta-mta-sts-04.txt
2017-04-05
04 (System) New version approved
2017-04-05
04 (System) Request for posting confirmation emailed to previous authors: Alexander Brotman , Daniel Margolis , uta-chairs@ietf.org
2017-04-05
04 Alex Brotman Uploaded new revision
2017-02-15
03 Alex Brotman New version available: draft-ietf-uta-mta-sts-03.txt
2017-02-15
03 (System) New version approved
2017-02-15
03 (System) Request for posting confirmation emailed to previous authors: "Daniel Margolis" , uta-chairs@ietf.org, "Alexander Brotman"
2017-02-15
03 Alex Brotman Uploaded new revision
2016-12-15
02 Alex Brotman New version available: draft-ietf-uta-mta-sts-02.txt
2016-12-15
02 (System) New version approved
2016-12-15
02 (System)
Request for posting confirmation emailed to previous authors: "Klaus Umbach (at dot de)" , uta-chairs@ietf.org, "Janet Jones" , "Markus Laber (at dot de)" , …
Request for posting confirmation emailed to previous authors: "Klaus Umbach (at dot de)" , uta-chairs@ietf.org, "Janet Jones" , "Markus Laber (at dot de)" , "Wei Chuang (at dot com)" , "Nicolas Lidzborski" , "Binu Ramakrishnan" , "Alexander Brotman" , "Brandon Long (at dot com)" , "Daniel Margolis" , "Franck Martin (at dot com)" , "Mark Risher"
2016-12-15
02 Alex Brotman Uploaded new revision
2016-07-18
01 Orit Levin Added to session: IETF-96: uta  Tue-1620
2016-07-08
01 Mark Risher New version available: draft-ietf-uta-mta-sts-01.txt
2016-05-16
00 Naveen Khan This document now replaces draft-brotman-mta-sts instead of None
2016-05-16
00 Alex Brotman New version available: draft-ietf-uta-mta-sts-00.txt