> On 25 Mar 2016, at 03:12, Jim Fenton <fen...@bluepopcorn.net> wrote: > > Not to distract from the STS discussion, but I thought I'd point out > another approach to SMTP TLS 'encouragement' that I submitted a few > weeks ago: draft-fenton-smtp-require-tls-01. There has been some > discussion of this draft, primarily on the ietf-smtp mailing list and a > little on the perpass list. > > REQUIRETLS is an SMTP service extension that allows an SMTP client to > specify (via a MAIL FROM option) that a given message must be sent over > a TLS protected session with specified security characteristics. Options > allow the specification of allowable methods of server certificate > verification, including web-PKI and DANE. In advertising its support for > REQUIRETLS, the SMTP server is promising to honor that requirement. > > The idea here is that REQUIRETLS allows the SMTP client to override the > default "deliver even if you can't do it securely" behavior of SMTP. The > philosophy is that the sender of the message (SMTP client) is in the > best position to know if a given message should only be sent via TLS, > either based on some information it has about the sensitivity of the > message or based on the client's local policy. > > I plan on giving a short talk on REQUIRETLS (remotely) at the BA UTA > meeting. Questions or comments are of course welcome, either here or on > ietf-smtp.
This sounds very similar to what DEEP is trying to achieve, can you highlight important differences? Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
