On 03/25/2016 06:45 AM, Jeremy Harris wrote: > On 25/03/16 12:09, Aaron Zauner wrote: >>> On 25 Mar 2016, at 03:12, Jim Fenton <fen...@bluepopcorn.net> wrote: >>> REQUIRETLS is an SMTP service extension that allows an SMTP client to >>> specify (via a MAIL FROM option) that a given message must be sent over >>> a TLS protected session with specified security characteristics. Options >>> allow the specification of allowable methods of server certificate >>> verification, including web-PKI and DANE. In advertising its support for >>> REQUIRETLS, the SMTP server is promising to honor that requirement. >> This sounds very similar to what DEEP is trying to achieve, can you >> highlight important differences? > As I read them: > > REQUIRETLS covers an entire chain of to-MTA hops (by requiring not only > TLS but also REQUIRETLS on a forwarding hop, or bounce). It would > presumably cover the MUA-MSA hop (as DEEP does) when SMTP was used > there. It SHOULD's secure access by the destination MUA (though that > will be hard, in many implementations, as it requires implementation > in a separate lump of software). It works on a per-message basis. > > DEEP talks in terms of per-mail-account configuration. It deals with > both submission and access, It talks about UI presentation of > security status. It does not cover beyond the MSA or MDA.
That's basically correct. REQUIRETLS is strictly an SMTP mechanism; it's mostly about MTA-MTA hops but since message submission sometimes (often?) happens via SMTP, it's usable for MUA-MSA hops using SMTP as well. I haven't dug into DEEP very far yet, but it is primarily about MUA-MSA and MUA access of the message store and about UI. They may be complementary in emphasizing different parts of the mail path. -Jim _______________________________________________ Uta mailing list Uta@ietf.org https://www.ietf.org/mailman/listinfo/uta
