Telechat Review of draft-ietf-uta-mta-sts-15

Request Review of draft-ietf-uta-mta-sts
Requested rev. no specific revision (document currently at 21)
Type Telechat Review
Team Security Area Directorate (secdir)
Deadline 2018-05-08
Requested 2018-03-21
Authors Daniel Margolis, Mark Risher, Binu Ramakrishnan, Alexander Brotman, Janet Jones
Draft last updated 2018-04-19
Completed reviews Secdir Telechat review of -15 by Paul Hoffman (diff)
Genart Telechat review of -15 by Christer Holmberg (diff)
Assignment Reviewer Paul Hoffman
State Completed
Review review-ietf-uta-mta-sts-15-secdir-telechat-hoffman-2018-04-19
Reviewed rev. 15 (document currently at 21)
Review result Ready
Review completed: 2018-04-19


This document is an ambitious attempt to add STS (strict transport 
security) to SMTP. It carefully deals with all the traps and pitfalls 
that were found in developing STS for HTTP, DANE, and so on. I believe 
that it has hit all the obvious security issues how a determined 
attacker might cause a downgrade; in so doing, it has become a very 
complex protocol. However, the authors make a good argument for each of 
the complexities, which is admirable.

--Paul Hoffman