draft-ietf-uta-smtp-tlsrpt-21.txt   draft-ietf-uta-smtp-tlsrpt-22.txt 
Using TLS in Applications D. Margolis Using TLS in Applications D. Margolis
Internet-Draft Google, Inc Internet-Draft Google, Inc
Intended status: Standards Track A. Brotman Intended status: Standards Track A. Brotman
Expires: November 21, 2018 Comcast, Inc Expires: November 24, 2018 Comcast, Inc
B. Ramakrishnan B. Ramakrishnan
Yahoo!, Inc Yahoo!, Inc
J. Jones J. Jones
Microsoft, Inc Microsoft, Inc
M. Risher M. Risher
Google, Inc Google, Inc
May 20, 2018 May 23, 2018
SMTP TLS Reporting SMTP TLS Reporting
draft-ietf-uta-smtp-tlsrpt-21 draft-ietf-uta-smtp-tlsrpt-22
Abstract Abstract
A number of protocols exist for establishing encrypted channels A number of protocols exist for establishing encrypted channels
between SMTP Mail Transfer Agents, including STARTTLS, DANE TLSA, and between SMTP Mail Transfer Agents, including STARTTLS, DANE TLSA, and
MTA-STS. These protocols can fail due to misconfiguration or active MTA-STS. These protocols can fail due to misconfiguration or active
attack, leading to undelivered messages or delivery over unencrypted attack, leading to undelivered messages or delivery over unencrypted
or unauthenticated channels. This document describes a reporting or unauthenticated channels. This document describes a reporting
mechanism and format by which sending systems can share statistics mechanism and format by which sending systems can share statistics
and specific information about potential failures with recipient and specific information about potential failures with recipient
skipping to change at page 1, line 46 skipping to change at page 1, line 46
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on November 21, 2018. This Internet-Draft will expire on November 24, 2018.
Copyright Notice Copyright Notice
Copyright (c) 2018 IETF Trust and the persons identified as the Copyright (c) 2018 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 3, line 5 skipping to change at page 3, line 5
5.3. Email Transport . . . . . . . . . . . . . . . . . . . . . 16 5.3. Email Transport . . . . . . . . . . . . . . . . . . . . . 16
5.3.1. Example Report . . . . . . . . . . . . . . . . . . . 17 5.3.1. Example Report . . . . . . . . . . . . . . . . . . . 17
5.4. HTTPS Transport . . . . . . . . . . . . . . . . . . . . . 18 5.4. HTTPS Transport . . . . . . . . . . . . . . . . . . . . . 18
5.5. Delivery Retry . . . . . . . . . . . . . . . . . . . . . 19 5.5. Delivery Retry . . . . . . . . . . . . . . . . . . . . . 19
5.6. Metadata Variances . . . . . . . . . . . . . . . . . . . 19 5.6. Metadata Variances . . . . . . . . . . . . . . . . . . . 19
6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 19
6.1. Message headers . . . . . . . . . . . . . . . . . . . . . 19 6.1. Message headers . . . . . . . . . . . . . . . . . . . . . 19
6.2. Report Type . . . . . . . . . . . . . . . . . . . . . . . 19 6.2. Report Type . . . . . . . . . . . . . . . . . . . . . . . 19
6.3. +gzip Media Type Suffix . . . . . . . . . . . . . . . . . 20 6.3. +gzip Media Type Suffix . . . . . . . . . . . . . . . . . 20
6.4. application/tlsrpt+json Media Type . . . . . . . . . . . 21 6.4. application/tlsrpt+json Media Type . . . . . . . . . . . 21
6.5. application/tlsrpt+gzip Media Type . . . . . . . . . . . 23 6.5. application/tlsrpt+gzip Media Type . . . . . . . . . . . 22
6.6. STARTTLS Validation Result Types . . . . . . . . . . . . 24 6.6. STARTTLS Validation Result Types . . . . . . . . . . . . 24
7. Security Considerations . . . . . . . . . . . . . . . . . . . 24 7. Security Considerations . . . . . . . . . . . . . . . . . . . 24
8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 26 8. Privacy Considerations . . . . . . . . . . . . . . . . . . . 26
9. References . . . . . . . . . . . . . . . . . . . . . . . . . 26 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 26
9.1. Normative References . . . . . . . . . . . . . . . . . . 26 9.1. Normative References . . . . . . . . . . . . . . . . . . 26
9.2. Informative References . . . . . . . . . . . . . . . . . 28 9.2. Informative References . . . . . . . . . . . . . . . . . 28
9.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 29 9.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Appendix A. Example Reporting Policy . . . . . . . . . . . . . . 29 Appendix A. Example Reporting Policy . . . . . . . . . . . . . . 30
A.1. Report using MAILTO . . . . . . . . . . . . . . . . . . . 29 A.1. Report using MAILTO . . . . . . . . . . . . . . . . . . . 30
A.2. Report using HTTPS . . . . . . . . . . . . . . . . . . . 29 A.2. Report using HTTPS . . . . . . . . . . . . . . . . . . . 30
Appendix B. Example JSON Report . . . . . . . . . . . . . . . . 30 Appendix B. Example JSON Report . . . . . . . . . . . . . . . . 30
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 32
1. Introduction 1. Introduction
The STARTTLS extension to SMTP [RFC3207] allows SMTP clients and The STARTTLS extension to SMTP [RFC3207] allows SMTP clients and
hosts to establish secure SMTP sessions over TLS. The protocol hosts to establish secure SMTP sessions over TLS. The protocol
design uses an approach that has come to be known as "Opportunistic design uses an approach that has come to be known as "Opportunistic
Security" (OS) [RFC7435]. This method maintains interoperability Security" (OS) [RFC7435]. This method maintains interoperability
with clients that do not support STARTTLS, but means that any with clients that do not support STARTTLS, but means that any
skipping to change at page 20, line 21 skipping to change at page 20, line 21
o one or more registered media-types that can be used with this o one or more registered media-types that can be used with this
report-type report-type
o the document containing the registration action o the document containing the registration action
o an optional comment o an optional comment
The initial entries are: The initial entries are:
Report-Type: tlsrpt Report-Type: tlsrpt
Media Type: application/tlsrpt+gzip, application/tlsrpt+json Media Type: application/tlsrpt+gzip, application/tlsrpt+json
Registered By: [RFCXXXX] Registered By: [I-D.ietf-uta-smtp-tlsrpt]
Comment: Media types suitable for use with this report-type are defined in Sections 6.4 and 6.5 of [RFCXXXX] Comment: Media types suitable for use with this report-type are
defined in Sections 6.4 and 6.5 of [I-D.ietf-uta-smtp-tlsrpt]
Report-Type: disposition-notification Report-Type: disposition-notification
Media Type: message/disposition-notification Media Type: message/disposition-notification
Registered By: [@?RFC8098] Registered By: [RFC8098] Section 10
Report-Type: disposition-notification Report-Type: disposition-notification
Media Type: message/global-disposition-notification Media Type: message/global-disposition-notification
Registered By: [@?RFC6533] Registered By: [RFC6533] Section 6
Report-Type: delivery-status Report-Type: delivery-status
Media Type: message/delivery-status Media Type: message/delivery-status
Registered By: [@?RFC3464] Registered By: [RFC3464] Appendix D
Report-Type: delivery-status Report-Type: delivery-status
Media Type: message/global-delivery-status Media Type: message/global-delivery-status
Registered By: [@?RFC6533] Registered By: [RFC6533] Section 6
6.3. +gzip Media Type Suffix 6.3. +gzip Media Type Suffix
This document registers a new media type suffix "+gzip". The GZIP This document registers a new media type suffix "+gzip". The GZIP
format is a public domain, cross-platform, interoperable file storage format is a public domain, cross-platform, interoperable file storage
and transfer format, specified in [RFC1952]; it supports compression and transfer format, specified in [RFC1952]; it supports compression
and is used as the underlying representation by a variety of file and is used as the underlying representation by a variety of file
formats. The media type "application/gzip" has been registered for formats. The media type "application/gzip" has been registered for
such files. The suffix "+gzip" MAY be used with any media type whose such files. The suffix "+gzip" MAY be used with any media type whose
representation follows that established for "application/gzip". The representation follows that established for "application/gzip". The
skipping to change at page 22, line 25 skipping to change at page 22, line 15
Required parameters: n/a Required parameters: n/a
Optional parameters: n/a Optional parameters: n/a
Encoding considerations: Encoding considerations are identical to Encoding considerations: Encoding considerations are identical to
those specified for the "application/json" media type. See those specified for the "application/json" media type. See
[RFC7493]. [RFC7493].
Security considerations: Security considerations relating to SMTP TLS Security considerations: Security considerations relating to SMTP TLS
Reporting are discussed in Section 7. Security considerations Reporting are discussed in Section 7.
related to zlib compression are discussed in [RFC6713].
Interoperability considerations: This document specifies format of Interoperability considerations: This document specifies format of
conforming messages and the interpretation thereof. conforming messages and the interpretation thereof.
Published specification: Section 5.3 of this document. Published specification: Section 5.3 of this document.
Applications that use this media type: Mail User Agents (MUA) and Applications that use this media type: Mail User Agents (MUA) and
Mail Transfer Agents. Mail Transfer Agents.
Additional information: Additional information:
Magic number(s): The first two bytes are 0x1f, 0x8b. Magic number(s): n/a
File extension(s): ".json" File extension(s): ".json"
Macintosh file type code(s): n/a Macintosh file type code(s): n/a
Person & email address to contact for further information: See Person & email address to contact for further information: See
Authors' Addresses section. Authors' Addresses section.
Intended usage: COMMON Intended usage: COMMON
Restrictions on usage: n/a Restrictions on usage: n/a
Author: See Authors' Addresses section. Author: See Authors' Addresses section.
skipping to change at page 23, line 28 skipping to change at page 23, line 22
Subtype name: tlsrpt+gzip Subtype name: tlsrpt+gzip
Required parameters: n/a Required parameters: n/a
Optional parameters: n/a Optional parameters: n/a
Encoding considerations: Binary Encoding considerations: Binary
Security considerations: Security considerations relating to SMTP TLS Security considerations: Security considerations relating to SMTP TLS
Reporting are discussed in Section 7. Reporting are discussed in Section 7. Security considerations
related to gzip compression are discussed in [RFC6713].
Interoperability considerations: This document specifies format of Interoperability considerations: This document specifies format of
conforming messages and the interpretation thereof. conforming messages and the interpretation thereof.
Published specification: Section 5.3 of this document. Published specification: Section 5.3 of this document.
Applications that use this media type: Mail User Agents (MUA) and Applications that use this media type: Mail User Agents (MUA) and
Mail Transfer Agents. Mail Transfer Agents.
Additional information: Additional information:
Magic number(s): n/a Magic number(s): The first two bytes are 0x1f, 0x8b.
File extension(s): ".gz" File extension(s): ".gz"
Macintosh file type code(s): n/a Macintosh file type code(s): n/a
Person & email address to contact for further information: See Person & email address to contact for further information: See
Authors' Addresses section. Authors' Addresses section.
Intended usage: COMMON Intended usage: COMMON
Restrictions on usage: n/a Restrictions on usage: n/a
Author: See Authors' Addresses section. Author: See Authors' Addresses section.
Change controller: Internet Engineering Task Force Change controller: Internet Engineering Task Force
(mailto:iesg@ietf.org). (mailto:iesg@ietf.org).
6.6. STARTTLS Validation Result Types 6.6. STARTTLS Validation Result Types
This document creates a new registry, "STARTTLS Validation Result This document creates a new registry, "STARTTLS Validation Result
Types". The initial entries in the registry are: Types". The initial entries in the registry are:
skipping to change at page 29, line 5 skipping to change at page 29, line 5
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC
2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174,
May 2017, <https://www.rfc-editor.org/info/rfc8174>. May 2017, <https://www.rfc-editor.org/info/rfc8174>.
9.2. Informative References 9.2. Informative References
[RFC3207] Hoffman, P., "SMTP Service Extension for Secure SMTP over [RFC3207] Hoffman, P., "SMTP Service Extension for Secure SMTP over
Transport Layer Security", RFC 3207, DOI 10.17487/RFC3207, Transport Layer Security", RFC 3207, DOI 10.17487/RFC3207,
February 2002, <https://www.rfc-editor.org/info/rfc3207>. February 2002, <https://www.rfc-editor.org/info/rfc3207>.
[RFC3464] Moore, K. and G. Vaudreuil, "An Extensible Message Format
for Delivery Status Notifications", RFC 3464,
DOI 10.17487/RFC3464, January 2003, <https://www.rfc-
editor.org/info/rfc3464>.
[RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION [RFC3501] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
4rev1", RFC 3501, DOI 10.17487/RFC3501, March 2003, 4rev1", RFC 3501, DOI 10.17487/RFC3501, March 2003,
<https://www.rfc-editor.org/info/rfc3501>. <https://www.rfc-editor.org/info/rfc3501>.
[RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration [RFC3864] Klyne, G., Nottingham, M., and J. Mogul, "Registration
Procedures for Message Header Fields", BCP 90, RFC 3864, Procedures for Message Header Fields", BCP 90, RFC 3864,
DOI 10.17487/RFC3864, September 2004, <https://www.rfc- DOI 10.17487/RFC3864, September 2004, <https://www.rfc-
editor.org/info/rfc3864>. editor.org/info/rfc3864>.
[RFC6533] Hansen, T., Ed., Newman, C., and A. Melnikov,
"Internationalized Delivery Status and Disposition
Notifications", RFC 6533, DOI 10.17487/RFC6533, February
2012, <https://www.rfc-editor.org/info/rfc6533>.
[RFC7321] McGrew, D. and P. Hoffman, "Cryptographic Algorithm [RFC7321] McGrew, D. and P. Hoffman, "Cryptographic Algorithm
Implementation Requirements and Usage Guidance for Implementation Requirements and Usage Guidance for
Encapsulating Security Payload (ESP) and Authentication Encapsulating Security Payload (ESP) and Authentication
Header (AH)", RFC 7321, DOI 10.17487/RFC7321, August 2014, Header (AH)", RFC 7321, DOI 10.17487/RFC7321, August 2014,
<https://www.rfc-editor.org/info/rfc7321>. <https://www.rfc-editor.org/info/rfc7321>.
[RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection [RFC7435] Dukhovni, V., "Opportunistic Security: Some Protection
Most of the Time", RFC 7435, DOI 10.17487/RFC7435, Most of the Time", RFC 7435, DOI 10.17487/RFC7435,
December 2014, <https://www.rfc-editor.org/info/rfc7435>. December 2014, <https://www.rfc-editor.org/info/rfc7435>.
[RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning [RFC7469] Evans, C., Palmer, C., and R. Sleevi, "Public Key Pinning
Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April Extension for HTTP", RFC 7469, DOI 10.17487/RFC7469, April
2015, <https://www.rfc-editor.org/info/rfc7469>. 2015, <https://www.rfc-editor.org/info/rfc7469>.
[RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based [RFC7489] Kucherawy, M., Ed. and E. Zwicky, Ed., "Domain-based
Message Authentication, Reporting, and Conformance Message Authentication, Reporting, and Conformance
(DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015, (DMARC)", RFC 7489, DOI 10.17487/RFC7489, March 2015,
<https://www.rfc-editor.org/info/rfc7489>. <https://www.rfc-editor.org/info/rfc7489>.
[RFC8098] Hansen, T., Ed. and A. Melnikov, Ed., "Message Disposition
Notification", STD 85, RFC 8098, DOI 10.17487/RFC8098,
February 2017, <https://www.rfc-editor.org/info/rfc8098>.
9.3. URIs 9.3. URIs
[1] Section 2.2.3 [1] Section 2.2.3
[2] Section 3 [2] Section 3
Appendix A. Example Reporting Policy Appendix A. Example Reporting Policy
A.1. Report using MAILTO A.1. Report using MAILTO
 End of changes. 23 change blocks. 
33 lines changed or deleted 49 lines changed or added

This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/