| rfc8314v1.txt | rfc8314.txt | |||
|---|---|---|---|---|
| Internet Engineering Task Force (IETF) K. Moore | Internet Engineering Task Force (IETF) K. Moore | |||
| Request for Comments: 8314 Windrock, Inc. | Request for Comments: 8314 Windrock, Inc. | |||
| Updates: 1939, 2595, 3464, 3501, 5068, C. Newman | Updates: 1939, 2595, 3501, 5068, 6186, C. Newman | |||
| 6186, 6409 Oracle | 6409 Oracle | |||
| Category: Standards Track January 2018 | Category: Standards Track January 2018 | |||
| ISSN: 2070-1721 | ISSN: 2070-1721 | |||
| Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) | Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) | |||
| for Email Submission and Access | for Email Submission and Access | |||
| Abstract | Abstract | |||
| This specification outlines current recommendations for the use of | This specification outlines current recommendations for the use of | |||
| Transport Layer Security (TLS) to provide confidentiality of email | Transport Layer Security (TLS) to provide confidentiality of email | |||
| traffic between a Mail User Agent (MUA) and a mail submission server | traffic between a Mail User Agent (MUA) and a mail submission server | |||
| or mail access server. This document updates RFCs 1939, 2595, 3464, | or mail access server. This document updates RFCs 1939, 2595, 3501, | |||
| 3501, 5068, 6186, and 6409. | 5068, 6186, and 6409. | |||
| Status of This Memo | Status of This Memo | |||
| This is an Internet Standards Track document. | This is an Internet Standards Track document. | |||
| This document is a product of the Internet Engineering Task Force | This document is a product of the Internet Engineering Task Force | |||
| (IETF). It represents the consensus of the IETF community. It has | (IETF). It represents the consensus of the IETF community. It has | |||
| received public review and has been approved for publication by the | received public review and has been approved for publication by the | |||
| Internet Engineering Steering Group (IESG). Further information on | Internet Engineering Steering Group (IESG). Further information on | |||
| Internet Standards is available in Section 2 of RFC 7841. | Internet Standards is available in Section 2 of RFC 7841. | |||
| skipping to change at page 2, line 8 | skipping to change at page 2, line 8 | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Conventions and Terminology Used in This Document . . . . . . 3 | 1.1. How This Document Updates Previous RFCs . . . . . . . . . 3 | |||
| 3. Implicit TLS . . . . . . . . . . . . . . . . . . . . . . . . 4 | 2. Conventions and Terminology Used in This Document . . . . . . 4 | |||
| 3. Implicit TLS . . . . . . . . . . . . . . . . . . . . . . . . 5 | ||||
| 3.1. Implicit TLS for POP . . . . . . . . . . . . . . . . . . 5 | 3.1. Implicit TLS for POP . . . . . . . . . . . . . . . . . . 5 | |||
| 3.2. Implicit TLS for IMAP . . . . . . . . . . . . . . . . . . 5 | 3.2. Implicit TLS for IMAP . . . . . . . . . . . . . . . . . . 5 | |||
| 3.3. Implicit TLS for SMTP Submission . . . . . . . . . . . . 5 | 3.3. Implicit TLS for SMTP Submission . . . . . . . . . . . . 6 | |||
| 3.4. Implicit TLS Connection Closure for POP, IMAP, and SMTP | 3.4. Implicit TLS Connection Closure for POP, IMAP, and SMTP | |||
| Submission . . . . . . . . . . . . . . . . . . . . . . . 6 | Submission . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4. Use of TLS by Mail Access Services and Message Submission | 4. Use of TLS by Mail Access Servers and Message Submission | |||
| Services . . . . . . . . . . . . . . . . . . . . . . . . . . 6 | Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.1. Deprecation of Services Using Cleartext and TLS Versions | 4.1. Deprecation of Services Using Cleartext and TLS Versions | |||
| Less Than 1.1 . . . . . . . . . . . . . . . . . . . . . . 8 | Less Than 1.1 . . . . . . . . . . . . . . . . . . . . . . 8 | |||
| 4.2. Mail Server Use of Client Certificate Authentication . . 9 | 4.2. Mail Server Use of Client Certificate Authentication . . 9 | |||
| 4.3. Recording TLS Cipher Suite in "Received" Header . . . . . 9 | 4.3. Recording TLS Ciphersuite in "Received" Header Field . . 9 | |||
| 4.4. TLS Server Certificate Requirements . . . . . . . . . . . 10 | 4.4. TLS Server Certificate Requirements . . . . . . . . . . . 10 | |||
| 4.5. Recommended DNS Records for Mail Protocol Servers . . . . 10 | 4.5. Recommended DNS Records for Mail Protocol Servers . . . . 11 | |||
| 4.5.1. MX Records . . . . . . . . . . . . . . . . . . . . . 10 | 4.5.1. MX Records . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.5.2. SRV Records . . . . . . . . . . . . . . . . . . . . . 10 | 4.5.2. SRV Records . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.5.3. DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 11 | 4.5.3. DNSSEC . . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.5.4. TLSA Records . . . . . . . . . . . . . . . . . . . . 11 | 4.5.4. TLSA Records . . . . . . . . . . . . . . . . . . . . 11 | |||
| 4.6. Changes to Internet-Facing Servers . . . . . . . . . . . 11 | 4.6. Changes to Internet-Facing Servers . . . . . . . . . . . 11 | |||
| 5. Use of TLS by Mail User Agents . . . . . . . . . . . . . . . 11 | 5. Use of TLS by Mail User Agents . . . . . . . . . . . . . . . 11 | |||
| 5.1. Use of SRV Records in Establishing Configuration . . . . 12 | 5.1. Use of SRV Records in Establishing Configuration . . . . 13 | |||
| 5.2. Minimum Confidentiality Level . . . . . . . . . . . . . . 13 | 5.2. Minimum Confidentiality Level . . . . . . . . . . . . . . 14 | |||
| 5.3. Certificate Validation . . . . . . . . . . . . . . . . . 14 | 5.3. Certificate Validation . . . . . . . . . . . . . . . . . 15 | |||
| 5.4. Certificate Pinning . . . . . . . . . . . . . . . . . . . 15 | 5.4. Certificate Pinning . . . . . . . . . . . . . . . . . . . 15 | |||
| 5.5. Client Certificate Authentication . . . . . . . . . . . . 15 | 5.5. Client Certificate Authentication . . . . . . . . . . . . 16 | |||
| 6. Considerations Related to Antivirus/Antispam Software and | 6. Considerations Related to Antivirus/Antispam Software and | |||
| Services . . . . . . . . . . . . . . . . . . . . . . . . . . 16 | Services . . . . . . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 17 | |||
| 7.1. POP3S Port Registration Update . . . . . . . . . . . . . 17 | 7.1. POP3S Port Registration Update . . . . . . . . . . . . . 17 | |||
| 7.2. IMAPS Port Registration Update . . . . . . . . . . . . . 17 | 7.2. IMAPS Port Registration Update . . . . . . . . . . . . . 17 | |||
| 7.3. Submissions Port Registration . . . . . . . . . . . . . . 17 | 7.3. Submissions Port Registration . . . . . . . . . . . . . . 18 | |||
| 7.4. Additional Registered Clauses for "Received" Fields . . . 18 | 7.4. Additional Registered Clauses for "Received" Fields . . . 19 | |||
| 8. Security Considerations . . . . . . . . . . . . . . . . . . . 18 | 8. Security Considerations . . . . . . . . . . . . . . . . . . . 19 | |||
| 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | 9. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 9.1. Normative References . . . . . . . . . . . . . . . . . . 19 | 9.1. Normative References . . . . . . . . . . . . . . . . . . 19 | |||
| 9.2. Informative References . . . . . . . . . . . . . . . . . 21 | 9.2. Informative References . . . . . . . . . . . . . . . . . 21 | |||
| Appendix A. Design Considerations . . . . . . . . . . . . . . . 22 | Appendix A. Design Considerations . . . . . . . . . . . . . . . 23 | |||
| Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 24 | Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 25 | |||
| 1. Introduction | 1. Introduction | |||
| Software that provides email service via the Internet Message Access | Software that provides email service via the Internet Message Access | |||
| Protocol (IMAP) [RFC3501], the Post Office Protocol (POP) [RFC1939], | Protocol (IMAP) [RFC3501], the Post Office Protocol (POP) [RFC1939], | |||
| and/or Simple Mail Transfer Protocol (SMTP) Submission [RFC6409] | and/or Simple Mail Transfer Protocol (SMTP) Submission [RFC6409] | |||
| usually has Transport Layer Security (TLS) [RFC5246] support but | usually has Transport Layer Security (TLS) [RFC5246] support but | |||
| often does not use it in a way that maximizes end-user | often does not use it in a way that maximizes end-user | |||
| confidentiality. This specification describes current | confidentiality. This specification describes current | |||
| recommendations for the use of TLS in interactions between Mail User | recommendations for the use of TLS in interactions between Mail User | |||
| skipping to change at page 3, line 42 | skipping to change at page 3, line 42 | |||
| This memo does not address the use of TLS with SMTP for message relay | This memo does not address the use of TLS with SMTP for message relay | |||
| (where Message Submission [RFC6409] does not apply). Improving the | (where Message Submission [RFC6409] does not apply). Improving the | |||
| use of TLS with SMTP for message relay requires a different approach. | use of TLS with SMTP for message relay requires a different approach. | |||
| One approach to address that topic is described in [RFC7672]; another | One approach to address that topic is described in [RFC7672]; another | |||
| is provided in [MTA-STS]. | is provided in [MTA-STS]. | |||
| The recommendations in this memo do not replace the functionality of, | The recommendations in this memo do not replace the functionality of, | |||
| and are not intended as a substitute for, end-to-end encryption of | and are not intended as a substitute for, end-to-end encryption of | |||
| electronic mail. | electronic mail. | |||
| 1.1. How This Document Updates Previous RFCs | ||||
| This document updates POP (RFC 1939), IMAP (RFC 3501), and Submission | ||||
| (RFC 6409, RFC 5068) in two ways: | ||||
| 1. By adding Implicit TLS ports as Standards Track ports for these | ||||
| protocols as described in Section 3. | ||||
| 2. By updating TLS best practices that apply to these protocols as | ||||
| described in Sections 4 and 5. | ||||
| This document updates RFC 2595 by replacing Section 7 of RFC 2595 | ||||
| with the preference for Implicit TLS as described in Sections 1 and 3 | ||||
| of this document, as well as by updating TLS best practices that | ||||
| apply to the protocols in RFC 2595 as described in Sections 4 and 5 | ||||
| of this document. | ||||
| This document updates RFC 6186 as described herein, in Section 5.1. | ||||
| 2. Conventions and Terminology Used in This Document | 2. Conventions and Terminology Used in This Document | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| The term "Implicit TLS" refers to the automatic negotiation of TLS | The term "Implicit TLS" refers to the automatic negotiation of TLS | |||
| whenever a TCP connection is made on a particular TCP port that is | whenever a TCP connection is made on a particular TCP port that is | |||
| used exclusively by that server for TLS connections. The term | used exclusively by that server for TLS connections. The term | |||
| "Implicit TLS" is intended to contrast with the use of STARTTLS and | "Implicit TLS" is intended to contrast with the use of STARTTLS and | |||
| similar commands in POP, IMAP, SMTP message submission, and other | similar commands in POP, IMAP, SMTP Message Submission, and other | |||
| protocols, that are used by the client and the server to explicitly | protocols, that are used by the client and the server to explicitly | |||
| negotiate TLS on an established cleartext TCP connection. | negotiate TLS on an established cleartext TCP connection. | |||
| The term "Mail Access Services" includes POP, IMAP, and any other | The term "Mail Access Server" refers to a server for POP, IMAP, and | |||
| protocol used to access or modify received messages, or to access or | any other protocol used to access or modify received messages, or to | |||
| modify a mail user's account configuration. | access or modify a mail user's account configuration. | |||
| The term "Mail Submission Service" refers to the use of the protocol | The term "Mail Submission Server" refers to a server for the protocol | |||
| specified in [RFC6409] (or one of its predecessors or successors) for | specified in [RFC6409] (or one of its predecessors or successors) for | |||
| submission of outgoing messages for delivery to recipients. | submission of outgoing messages for delivery to recipients. | |||
| The term "Mail Service Provider" (or "MSP") refers to a provider of | The term "Mail Service Provider" (or "MSP") refers to an operator of | |||
| Mail Access Services and/or Mail Submission Services. | Mail Access Servers and/or Mail Submission Servers. | |||
| The term "Mail Account" refers to a user's identity with an MSP, that | The term "Mail Account" refers to a user's identity with an MSP, that | |||
| user's authentication credentials, any user email that is stored by | user's authentication credentials, any user email that is stored by | |||
| the MSP, and any other per-user configuration information maintained | the MSP, and any other per-user configuration information maintained | |||
| by the MSP (for example, instructions for filtering spam). Most MUAs | by the MSP (for example, instructions for filtering spam). Most MUAs | |||
| support the ability to access multiple Mail Accounts. | support the ability to access multiple Mail Accounts. | |||
| For each account that an MUA accesses on its user's behalf, it must | For each account that an MUA accesses on its user's behalf, it must | |||
| have the server names, ports, authentication credentials, and other | have the server names, ports, authentication credentials, and other | |||
| configuration information specified by the user. This information, | configuration information specified by the user. This information, | |||
| skipping to change at page 5, line 5 | skipping to change at page 5, line 25 | |||
| determines whether to issue a STARTTLS command based on server | determines whether to issue a STARTTLS command based on server | |||
| capabilities and client configuration. If the client issues a | capabilities and client configuration. If the client issues a | |||
| STARTTLS command, a TLS handshake follows that can upgrade the | STARTTLS command, a TLS handshake follows that can upgrade the | |||
| connection. Although this mechanism has been deployed, an alternate | connection. Although this mechanism has been deployed, an alternate | |||
| mechanism where TLS is negotiated immediately at connection start on | mechanism where TLS is negotiated immediately at connection start on | |||
| a separate port (referred to in this document as "Implicit TLS") has | a separate port (referred to in this document as "Implicit TLS") has | |||
| been deployed more successfully. To encourage more widespread use of | been deployed more successfully. To encourage more widespread use of | |||
| TLS and to also encourage greater consistency regarding how TLS is | TLS and to also encourage greater consistency regarding how TLS is | |||
| used, this specification now recommends the use of Implicit TLS for | used, this specification now recommends the use of Implicit TLS for | |||
| POP, IMAP, SMTP Submission, and all other protocols used between an | POP, IMAP, SMTP Submission, and all other protocols used between an | |||
| MUA and a mail service. | MUA and an MSP. | |||
| 3.1. Implicit TLS for POP | 3.1. Implicit TLS for POP | |||
| When a TCP connection is established for the "pop3s" service (default | When a TCP connection is established for the "pop3s" service (default | |||
| port 995), a TLS handshake begins immediately. Clients MUST | port 995), a TLS handshake begins immediately. Clients MUST | |||
| implement the certificate validation mechanism described in | implement the certificate validation mechanism described in | |||
| [RFC7817]. Once the TLS session is established, POP3 [RFC1939] | [RFC7817]. Once the TLS session is established, POP3 [RFC1939] | |||
| protocol messages are exchanged as TLS application data for the | protocol messages are exchanged as TLS application data for the | |||
| remainder of the TCP connection. After the server sends a +OK | remainder of the TCP connection. After the server sends an +OK | |||
| greeting, the server and client MUST enter the AUTHORIZATION state, | greeting, the server and client MUST enter the AUTHORIZATION state, | |||
| even if a client certificate was supplied during the TLS handshake. | even if a client certificate was supplied during the TLS handshake. | |||
| See Sections 5.5 and 4.2 for additional information on client | See Sections 5.5 and 4.2 for additional information on client | |||
| certificate authentication. See Section 7.1 for port registration | certificate authentication. See Section 7.1 for port registration | |||
| information. | information. | |||
| 3.2. Implicit TLS for IMAP | 3.2. Implicit TLS for IMAP | |||
| When a TCP connection is established for the "imaps" service (default | When a TCP connection is established for the "imaps" service (default | |||
| port 993), a TLS handshake begins immediately. Clients MUST | port 993), a TLS handshake begins immediately. Clients MUST | |||
| implement the certificate validation mechanism described in | implement the certificate validation mechanism described in | |||
| [RFC7817]. Once the TLS session is established, IMAP [RFC3501] | [RFC7817]. Once the TLS session is established, IMAP [RFC3501] | |||
| protocol messages are exchanged as TLS application data for the | protocol messages are exchanged as TLS application data for the | |||
| remainder of the TCP connection. If a client certificate was | remainder of the TCP connection. If a client certificate was | |||
| provided during the TLS handshake that the server finds acceptable, | provided during the TLS handshake that the server finds acceptable, | |||
| the server MAY issue a PREAUTH greeting, in which case both the | the server MAY issue a PREAUTH greeting, in which case both the | |||
| server and the client enter the AUTHENTICATED state. If the server | server and the client enter the AUTHENTICATED state. If the server | |||
| issues an OK greeting, then both the server and the client enter the | issues an +OK greeting, then both the server and the client enter the | |||
| NOT AUTHENTICATED state. | NOT AUTHENTICATED state. | |||
| See Sections 5.5 and 4.2 for additional information on client | See Sections 5.5 and 4.2 for additional information on client | |||
| certificate authentication. See Section 7.2 for port registration | certificate authentication. See Section 7.2 for port registration | |||
| information. | information. | |||
| 3.3. Implicit TLS for SMTP Submission | 3.3. Implicit TLS for SMTP Submission | |||
| When a TCP connection is established for the "submissions" service | When a TCP connection is established for the "submissions" service | |||
| (default port 465), a TLS handshake begins immediately. Clients MUST | (default port 465), a TLS handshake begins immediately. Clients MUST | |||
| implement the certificate validation mechanism described in | implement the certificate validation mechanism described in | |||
| [RFC7817]. Once the TLS session is established, message submission | [RFC7817]. Once the TLS session is established, Message Submission | |||
| protocol data [RFC6409] is exchanged as TLS application data for the | protocol data [RFC6409] is exchanged as TLS application data for the | |||
| remainder of the TCP connection. (Note: The "submissions" service | remainder of the TCP connection. (Note: The "submissions" service | |||
| name is defined in Section 7.3 of this document and follows the usual | name is defined in Section 7.3 of this document and follows the usual | |||
| convention that the name of a service layered on top of Implicit TLS | convention that the name of a service layered on top of Implicit TLS | |||
| consists of the name of the service as used without TLS, with an "s" | consists of the name of the service as used without TLS, with an "s" | |||
| appended.) | appended.) | |||
| The STARTTLS mechanism on port 587 is relatively widely deployed due | The STARTTLS mechanism on port 587 is relatively widely deployed due | |||
| to the situation with port 465 (discussed in Section 7.3). This | to the situation with port 465 (discussed in Section 7.3). This | |||
| differs from IMAP and POP services where Implicit TLS is more widely | differs from IMAP and POP services where Implicit TLS is more widely | |||
| deployed on servers than STARTTLS. It is desirable to migrate core | deployed on servers than STARTTLS. It is desirable to migrate core | |||
| protocols used by MUA software to Implicit TLS over time, for | protocols used by MUA software to Implicit TLS over time, for | |||
| consistency as well as for the additional reasons discussed in | consistency as well as for the additional reasons discussed in | |||
| Appendix A. However, to maximize the use of encryption for | Appendix A. However, to maximize the use of encryption for | |||
| submission, it is desirable to support both mechanisms for Message | submission, it is desirable to support both mechanisms for Message | |||
| Submission over TLS for a transition period of several years. As a | Submission over TLS for a transition period of several years. As a | |||
| result, clients and servers SHOULD implement both STARTTLS on | result, clients and servers SHOULD implement both STARTTLS on | |||
| skipping to change at page 6, line 19 | skipping to change at page 6, line 39 | |||
| consistency as well as for the additional reasons discussed in | consistency as well as for the additional reasons discussed in | |||
| Appendix A. However, to maximize the use of encryption for | Appendix A. However, to maximize the use of encryption for | |||
| submission, it is desirable to support both mechanisms for Message | submission, it is desirable to support both mechanisms for Message | |||
| Submission over TLS for a transition period of several years. As a | Submission over TLS for a transition period of several years. As a | |||
| result, clients and servers SHOULD implement both STARTTLS on | result, clients and servers SHOULD implement both STARTTLS on | |||
| port 587 and Implicit TLS on port 465 for this transition period. | port 587 and Implicit TLS on port 465 for this transition period. | |||
| Note that there is no significant difference between the security | Note that there is no significant difference between the security | |||
| properties of STARTTLS on port 587 and Implicit TLS on port 465 if | properties of STARTTLS on port 587 and Implicit TLS on port 465 if | |||
| the implementations are correct and if both the client and the server | the implementations are correct and if both the client and the server | |||
| are configured to require successful negotiation of TLS prior to | are configured to require successful negotiation of TLS prior to | |||
| message submission. | Message Submission. | |||
| Note that the "submissions" port provides access to a Message | Note that the "submissions" port provides access to a Message | |||
| Submission Agent (MSA) as defined in [RFC6409], so requirements and | Submission Agent (MSA) as defined in [RFC6409], so requirements and | |||
| recommendations for MSAs in that document, including the requirement | recommendations for MSAs in that document, including the requirement | |||
| to implement SMTP AUTH [RFC4954], also apply to the submissions port. | to implement SMTP AUTH [RFC4954] and the requirements of Email | |||
| Submission Operations [RFC5068], also apply to the submissions port. | ||||
| See Sections 5.5 and 4.2 for additional information on client | See Sections 5.5 and 4.2 for additional information on client | |||
| certificate authentication. See Section 7.3 for port registration | certificate authentication. See Section 7.3 for port registration | |||
| information. | information. | |||
| 3.4. Implicit TLS Connection Closure for POP, IMAP, and SMTP Submission | 3.4. Implicit TLS Connection Closure for POP, IMAP, and SMTP Submission | |||
| When a client or server wishes to close the connection, it SHOULD | When a client or server wishes to close the connection, it SHOULD | |||
| initiate the exchange of TLS close alerts before TCP connection | initiate the exchange of TLS close alerts before TCP connection | |||
| termination. The client MAY, after sending a TLS close alert, | termination. The client MAY, after sending a TLS close alert, | |||
| gracefully close the TCP connection (e.g., call the close() function | gracefully close the TCP connection (e.g., call the close() function | |||
| on the TCP socket or otherwise issue a TCP CLOSE ([RFC793], | on the TCP socket or otherwise issue a TCP CLOSE ([RFC793], | |||
| Section 3.5)) without waiting for a TLS response from the server. | Section 3.5)) without waiting for a TLS response from the server. | |||
| 4. Use of TLS by Mail Access Services and Message Submission Services | 4. Use of TLS by Mail Access Servers and Message Submission Servers | |||
| The following requirements and recommendations apply to Mail Access | The following requirements and recommendations apply to Mail Access | |||
| Services and Mail Submission Services: | Servers and Mail Submission Servers, or, if indicated, to MSPs: | |||
| o MSPs that support POP, IMAP, and/or Message Submission MUST | o MSPs that support POP, IMAP, and/or Message Submission MUST | |||
| support TLS access for those services. | support TLS access for those protocol servers. | |||
| o Services other than POP, IMAP, and/or Message Submission provided | o Servers provided by MSPs other than POP, IMAP, and/or Message | |||
| by MSPs SHOULD support TLS access and MUST support TLS access for | Submission SHOULD support TLS access and MUST support TLS access | |||
| those services that support authentication via username and | for those servers that support authentication via username and | |||
| password. | password. | |||
| o MSPs that support POP, IMAP, and/or Message Submission SHOULD | o MSPs that support POP, IMAP, and/or Message Submission SHOULD | |||
| provide and support instances of those services that use Implicit | provide and support instances of those services that use Implicit | |||
| TLS. (See Section 3.) | TLS. (See Section 3.) | |||
| o For compatibility with existing MUAs and existing MUA | o For compatibility with existing MUAs and existing MUA | |||
| configurations, MSPs SHOULD also, in the near term, provide | configurations, MSPs SHOULD also, in the near term, provide | |||
| instances of these services which support STARTTLS. This will | instances of these services that support STARTTLS. This will | |||
| permit legacy MUAs to discover new availability of TLS capability | permit legacy MUAs to discover new availability of TLS capability | |||
| on servers and may increase the use of TLS by such MUAs. However, | on servers and may increase the use of TLS by such MUAs. However, | |||
| servers SHOULD NOT advertise STARTTLS if the use of the STARTTLS | servers SHOULD NOT advertise STARTTLS if the use of the STARTTLS | |||
| command by a client is likely to fail (for example, if the server | command by a client is likely to fail (for example, if the server | |||
| has no server certificate configured). | has no server certificate configured). | |||
| o MSPs SHOULD advertise their Mail Access Services and Mail | o MSPs SHOULD advertise their Mail Access Servers and Mail | |||
| Submission Services, using DNS SRV records according to [RFC6186]. | Submission Servers, using DNS SRV records according to [RFC6186]. | |||
| (In addition to making correct configuration easier for MUAs, this | (In addition to making correct configuration easier for MUAs, this | |||
| provides a way by which MUAs can discover when an MSP begins to | provides a way by which MUAs can discover when an MSP begins to | |||
| offer TLS-based services.) Services supporting TLS SHOULD be | offer TLS-based services.) Servers supporting TLS SHOULD be | |||
| advertised in preference to cleartext services (if offered). In | advertised in preference to cleartext servers (if offered). In | |||
| addition, services using Implicit TLS SHOULD be advertised in | addition, servers using Implicit TLS SHOULD be advertised in | |||
| preference to services supporting STARTTLS (if offered). (See | preference to servers supporting STARTTLS (if offered). (See also | |||
| also Section 4.5.) | Section 4.5.) | |||
| o MSPs SHOULD deprecate the use of cleartext Mail Access Services | o MSPs SHOULD deprecate the use of cleartext Mail Access Servers and | |||
| and Mail Submission Services as soon as practicable. (See | Mail Submission Servers as soon as practicable. (See | |||
| Section 4.1.) | Section 4.1.) | |||
| o MSPs currently supporting such use of cleartext SMTP (on port 25) | o MSPs currently supporting such use of cleartext SMTP (on port 25) | |||
| as a means of message submission by their users (whether or not | as a means of Message Submission by their users (whether or not | |||
| requiring authentication) SHOULD transition their users to using | requiring authentication) SHOULD transition their users to using | |||
| TLS (either Implicit TLS or STARTTLS) as soon as practicable. | TLS (either Implicit TLS or STARTTLS) as soon as practicable. | |||
| o Mail services MUST support TLS 1.2 or later. | o Mail Access Servers and Mail Submission Servers MUST support | |||
| TLS 1.2 or later. | ||||
| o All Mail services SHOULD implement the recommended TLS cipher | o All Mail Access Servers and Mail Submission Servers SHOULD | |||
| suites described in [RFC7525] or a future BCP or Standards Track | implement the recommended TLS ciphersuites described in [RFC7525] | |||
| revision of that document. | or a future BCP or Standards Track revision of that document. | |||
| o As soon as practicable, mail services currently supporting Secure | o As soon as practicable, MSPs currently supporting Secure Sockets | |||
| Sockets Layer (SSL) 2.x, SSL 3.0, or TLS 1.0 SHOULD transition | Layer (SSL) 2.x, SSL 3.0, or TLS 1.0 SHOULD transition their users | |||
| their users to later versions of TLS and discontinue support for | to TLS 1.1 or later and discontinue support for those earlier | |||
| those versions of SSL and TLS. | versions of SSL and TLS. | |||
| o Mail Submission Servers accepting mail using TLS SHOULD include in | o Mail Submission Servers accepting mail using TLS SHOULD include in | |||
| the Received field of the outgoing message the TLS ciphersuite of | the Received field of the outgoing message the TLS ciphersuite of | |||
| the session in which the mail was received. (See Section 4.3.) | the session in which the mail was received. (See Section 4.3.) | |||
| o All Mail services implementing TLS SHOULD log TLS cipher | o All Mail Access Servers and Mail Submission Servers implementing | |||
| information along with any connection or authentication logs that | TLS SHOULD log TLS cipher information along with any connection or | |||
| they maintain. | authentication logs that they maintain. | |||
| Additional considerations and details appear below. | Additional considerations and details appear below. | |||
| 4.1. Deprecation of Services Using Cleartext and TLS Versions | 4.1. Deprecation of Services Using Cleartext and TLS Versions | |||
| Less Than 1.1 | Less Than 1.1 | |||
| The specific means employed for deprecation of cleartext Mail Access | The specific means employed for deprecation of cleartext Mail Access | |||
| Services and Mail Submission Services MAY vary from one MSP to the | Servers and Mail Submission Servers MAY vary from one MSP to the next | |||
| next in light of their user communities' needs and constraints. For | in light of their user communities' needs and constraints. For | |||
| example, an MSP MAY implement a gradual transition in which, over | example, an MSP MAY implement a gradual transition in which, over | |||
| time, more and more users are forbidden to authenticate to cleartext | time, more and more users are forbidden to authenticate to cleartext | |||
| instances of these services, thus encouraging those users to migrate | instances of these servers, thus encouraging those users to migrate | |||
| to Implicit TLS. Access to cleartext services should eventually be | to Implicit TLS. Access to cleartext servers should eventually be | |||
| either (a) disabled or (b) limited strictly for use by legacy systems | either (a) disabled or (b) limited strictly for use by legacy systems | |||
| that cannot be upgraded. | that cannot be upgraded. | |||
| After a user's ability to authenticate to a service using cleartext | After a user's ability to authenticate to a server using cleartext is | |||
| is revoked, the server denying such access MUST NOT provide any | revoked, the server denying such access MUST NOT provide any | |||
| indication over a cleartext channel of whether the user's | indication over a cleartext channel of whether the user's | |||
| authentication credentials were valid. An attempt to authenticate as | authentication credentials were valid. An attempt to authenticate as | |||
| such a user using either invalid credentials or valid credentials | such a user using either invalid credentials or valid credentials | |||
| MUST both result in the same indication of access being denied. | MUST both result in the same indication of access being denied. | |||
| Also, users previously authenticating with passwords sent as | Also, users previously authenticating with passwords sent as | |||
| cleartext SHOULD be required to change those passwords when migrating | cleartext SHOULD be required to change those passwords when migrating | |||
| to TLS, if the old passwords were likely to have been compromised. | to TLS, if the old passwords were likely to have been compromised. | |||
| (For any large community of users using the public Internet to access | (For any large community of users using the public Internet to access | |||
| mail without encryption, the compromise of at least some of those | mail without encryption, the compromise of at least some of those | |||
| skipping to change at page 9, line 9 | skipping to change at page 9, line 32 | |||
| authentication used) may also risk exposure of the user's password | authentication used) may also risk exposure of the user's password | |||
| over a channel that is known to not provide adequate confidentiality. | over a channel that is known to not provide adequate confidentiality. | |||
| It is RECOMMENDED that new users be required to use TLS version 1.1 | It is RECOMMENDED that new users be required to use TLS version 1.1 | |||
| or greater from the start. However, an MSP may find it necessary to | or greater from the start. However, an MSP may find it necessary to | |||
| make exceptions to accommodate some legacy systems that support only | make exceptions to accommodate some legacy systems that support only | |||
| earlier versions of TLS or only cleartext. | earlier versions of TLS or only cleartext. | |||
| 4.2. Mail Server Use of Client Certificate Authentication | 4.2. Mail Server Use of Client Certificate Authentication | |||
| Mail servers MAY implement client certificate authentication on the | Mail Submission Servers and Mail Access Servers MAY implement client | |||
| Implicit TLS port. Servers MUST NOT request a client certificate | certificate authentication on the Implicit TLS port. Such servers | |||
| during the TLS handshake unless the server is configured to accept | MUST NOT request a client certificate during the TLS handshake unless | |||
| some client certificates as sufficient for authentication and the | the server is configured to accept some client certificates as | |||
| server has the ability to determine a mail server authorization | sufficient for authentication and the server has the ability to | |||
| identity matching such certificates. How to make this determination | determine a mail server authorization identity matching such | |||
| is presently implementation specific. | certificates. How to make this determination is presently | |||
| implementation specific. | ||||
| If the server accepts the client's certificate as sufficient for | If the server accepts the client's certificate as sufficient for | |||
| authorization, it MUST enable the Simple Authentication and Security | authorization, it MUST enable the Simple Authentication and Security | |||
| Layer (SASL) EXTERNAL mechanism [RFC4422]. An IMAPS server MAY issue | Layer (SASL) EXTERNAL mechanism [RFC4422]. An IMAPS server MAY issue | |||
| a PREAUTH greeting instead of enabling SASL EXTERNAL. | a PREAUTH greeting instead of enabling SASL EXTERNAL. | |||
| 4.3. Recording TLS Cipher Suite in "Received" Header | 4.3. Recording TLS Ciphersuite in "Received" Header Field | |||
| The ESMTPS transmission type [RFC3848] provides trace information | The ESMTPS transmission type [RFC3848] provides trace information | |||
| that can indicate that TLS was used when transferring mail. However, | that can indicate that TLS was used when transferring mail. However, | |||
| TLS usage by itself is not a guarantee of confidentiality or | TLS usage by itself is not a guarantee of confidentiality or | |||
| security. The TLS cipher suite provides additional information about | security. The TLS ciphersuite provides additional information about | |||
| the level of security made available for a connection. This document | the level of security made available for a connection. This section | |||
| defines a new SMTP "tls" Received header additional-registered-clause | defines a new SMTP "tls" Received header additional-registered-clause | |||
| that is used to record the TLS cipher suite that was negotiated for | that is used to record the TLS ciphersuite that was negotiated for | |||
| the connection. This clause SHOULD be included whenever a Submission | the connection. This clause SHOULD be included whenever a Submission | |||
| server generates a Received header field for a message received via | server generates a Received header field for a message received via | |||
| TLS. The value included in this additional clause SHOULD be the | TLS. The value included in this additional clause SHOULD be the | |||
| registered cipher suite name (e.g., | registered ciphersuite name (e.g., | |||
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) included in the "TLS Cipher | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) included in the "TLS Cipher | |||
| Suite Registry". In the event that the implementation does not know | Suite Registry". In the event that the implementation does not know | |||
| the name of the cipher suite (a situation that should be remedied | the name of the ciphersuite (a situation that should be remedied | |||
| promptly), a four-digit hexadecimal cipher suite identifier MAY be | promptly), a four-digit hexadecimal ciphersuite identifier MAY be | |||
| used. In addition, the Diffie-Hellman group name associated with the | used. In addition, the Diffie-Hellman group name associated with the | |||
| ciphersuite MAY be included (when applicable and known) following the | ciphersuite MAY be included (when applicable and known) following the | |||
| ciphersuite name. The ABNF for the field follows: | ciphersuite name. The ABNF for the field follows: | |||
| tls-cipher-clause = CFWS "tls" FWS tls-cipher | tls-cipher-clause = CFWS "tls" FWS tls-cipher | |||
| [ CFWS "group" FWS dh-group ] | [ CFWS "group" FWS dh-group ] | |||
| tls-cipher = tls-cipher-name / tls-cipher-hex | tls-cipher = tls-cipher-name / tls-cipher-hex | |||
| tls-cipher-name = ALPHA *(ALPHA / DIGIT / "_") | tls-cipher-name = ALPHA *(ALPHA / DIGIT / "_") | |||
| ; as registered in the IANA "TLS Cipher Suite Registry" | ; as registered in the IANA "TLS Cipher Suite Registry" | |||
| ; <http://www.iana.org/assignments/tls-parameters> | ||||
| tls-cipher-hex = "0x" 4HEXDIG | tls-cipher-hex = "0x" 4HEXDIG | |||
| dh-group = ALPHA *(ALPHA / DIGIT / "_" / "-") | dh-group = ALPHA *(ALPHA / DIGIT / "_" / "-") | |||
| ; as registered in the IANA "TLS Supported Groups Registry" | ; as registered in the IANA "TLS Supported Groups Registry" | |||
| ; <http://www.iana.org/assignments/tls-parameters> | ||||
| 4.4. TLS Server Certificate Requirements | 4.4. TLS Server Certificate Requirements | |||
| MSPs MUST maintain valid server certificates for all servers. See | MSPs MUST maintain valid server certificates for all servers. See | |||
| [RFC7817] for the recommendations and requirements necessary to | [RFC7817] for the recommendations and requirements necessary to | |||
| achieve this. | achieve this. | |||
| If a protocol server provides service for more than one mail domain, | If a protocol server provides service for more than one mail domain, | |||
| it MAY use a separate IP address for each domain and/or a server | it MAY use a separate IP address for each domain and/or a server | |||
| certificate that advertises multiple domains. This will generally be | certificate that advertises multiple domains. This will generally be | |||
| skipping to change at page 11, line 23 | skipping to change at page 11, line 42 | |||
| 4.5.4. TLSA Records | 4.5.4. TLSA Records | |||
| MSPs SHOULD advertise TLSA records to provide an additional trust | MSPs SHOULD advertise TLSA records to provide an additional trust | |||
| anchor for public keys used in TLS server certificates. However, | anchor for public keys used in TLS server certificates. However, | |||
| TLSA records MUST NOT be advertised unless they are signed using | TLSA records MUST NOT be advertised unless they are signed using | |||
| DNSSEC. | DNSSEC. | |||
| 4.6. Changes to Internet-Facing Servers | 4.6. Changes to Internet-Facing Servers | |||
| When an MSP changes the Internet-facing servers providing mail access | When an MSP changes the Internet-facing Mail Access Servers and Mail | |||
| and mail submission services, including SMTP-based spam/virus | Submission Servers, including SMTP-based spam/virus filters, it is | |||
| filters, it is generally necessary to support the same and/or a newer | generally necessary to support the same and/or a newer version of TLS | |||
| version of TLS and the same security directives that were previously | and the same security directives that were previously advertised. | |||
| advertised. | ||||
| 5. Use of TLS by Mail User Agents | 5. Use of TLS by Mail User Agents | |||
| The following requirements and recommendations apply to MUAs: | The following requirements and recommendations apply to MUAs: | |||
| o MUAs SHOULD be capable of using DNS SRV records to discover Mail | o MUAs SHOULD be capable of using DNS SRV records to discover Mail | |||
| Access Services and Mail Submission Services that are advertised | Access Servers and Mail Submission Servers that are advertised by | |||
| by a MSP for an account being configured. Other means of | an MSP for an account being configured. Other means of | |||
| discovering server configuration information (e.g., a database | discovering server configuration information (e.g., a database | |||
| maintained by the MUA vendor) MAY also be supported. (See | maintained by the MUA vendor) MAY also be supported. (See | |||
| Section 5.1 for more information.) | Section 5.1 for more information.) | |||
| o MUAs SHOULD be configurable to require a minimum level of | o MUAs SHOULD be configurable to require a minimum level of | |||
| confidentiality for any particular Mail Account and refuse to | confidentiality for any particular Mail Account and refuse to | |||
| exchange information via any service associated with that Mail | exchange information via any service associated with that Mail | |||
| Account if the session does not provide that minimum level of | Account if the session does not provide that minimum level of | |||
| confidentiality. (See Section 5.2.) | confidentiality. (See Section 5.2.) | |||
| skipping to change at page 12, line 29 | skipping to change at page 12, line 47 | |||
| MUST NOT indicate confidentiality for any connection that does not | MUST NOT indicate confidentiality for any connection that does not | |||
| at least use TLS 1.1 with certificate verification and also meet | at least use TLS 1.1 with certificate verification and also meet | |||
| the minimum confidentiality requirements associated with that | the minimum confidentiality requirements associated with that | |||
| account. | account. | |||
| o MUAs MUST implement TLS 1.2 [RFC5246] or later. Earlier TLS and | o MUAs MUST implement TLS 1.2 [RFC5246] or later. Earlier TLS and | |||
| SSL versions MAY also be supported, so long as the MUA requires at | SSL versions MAY also be supported, so long as the MUA requires at | |||
| least TLS 1.1 [RFC4346] when accessing accounts that are | least TLS 1.1 [RFC4346] when accessing accounts that are | |||
| configured to impose minimum confidentiality requirements. | configured to impose minimum confidentiality requirements. | |||
| o All MUAs SHOULD implement the recommended TLS cipher suites | o All MUAs SHOULD implement the recommended TLS ciphersuites | |||
| described in [RFC7525] or a future BCP or Standards Track revision | described in [RFC7525] or a future BCP or Standards Track revision | |||
| of that document. | of that document. | |||
| o MUAs that are configured to not require minimum confidentiality | o MUAs that are configured to not require minimum confidentiality | |||
| for one or more accounts SHOULD detect when TLS becomes available | for one or more accounts SHOULD detect when TLS becomes available | |||
| on those accounts (using [RFC6186] or other means) and offer to | on those accounts (using [RFC6186] or other means) and offer to | |||
| upgrade the account to require TLS. | upgrade the account to require TLS. | |||
| Additional considerations and details appear below. | Additional considerations and details appear below. | |||
| skipping to change at page 13, line 11 | skipping to change at page 13, line 32 | |||
| has explicitly requested reduced confidentiality. This will have the | has explicitly requested reduced confidentiality. This will have the | |||
| effect of causing the MUA to default to ignoring advertised | effect of causing the MUA to default to ignoring advertised | |||
| configurations that do not support TLS, even when those advertised | configurations that do not support TLS, even when those advertised | |||
| configurations have a higher priority than other advertised | configurations have a higher priority than other advertised | |||
| configurations. | configurations. | |||
| When using configuration information per [RFC6186], MUAs SHOULD NOT | When using configuration information per [RFC6186], MUAs SHOULD NOT | |||
| automatically establish new configurations that do not require TLS | automatically establish new configurations that do not require TLS | |||
| for all servers, unless there are no advertised configurations using | for all servers, unless there are no advertised configurations using | |||
| TLS. If such a configuration is chosen, prior to attempting to | TLS. If such a configuration is chosen, prior to attempting to | |||
| authenticate to the server or use the server for message submission, | authenticate to the server or use the server for Message Submission, | |||
| the MUA SHOULD warn the user that traffic to that server will not be | the MUA SHOULD warn the user that traffic to that server will not be | |||
| encrypted and that it will therefore likely be intercepted by | encrypted and that it will therefore likely be intercepted by | |||
| unauthorized parties. The specific wording is to be determined by | unauthorized parties. The specific wording is to be determined by | |||
| the implementation, but it should adequately capture the sense of | the implementation, but it should adequately capture the sense of | |||
| risk, given the widespread incidence of mass surveillance of email | risk, given the widespread incidence of mass surveillance of email | |||
| traffic. | traffic. | |||
| Similarly, an MUA MUST NOT attempt to "test" a particular mail | Similarly, an MUA MUST NOT attempt to "test" a particular Mail | |||
| account configuration by submitting the user's authentication | Account configuration by submitting the user's authentication | |||
| credentials to a server, unless a TLS session meeting minimum | credentials to a server, unless a TLS session meeting minimum | |||
| confidentiality levels has been established with that server. If | confidentiality levels has been established with that server. If | |||
| minimum confidentiality requirements have not been satisfied, the MUA | minimum confidentiality requirements have not been satisfied, the MUA | |||
| must explicitly warn the user that his password may be exposed to | must explicitly warn that the user's password may be exposed to | |||
| attackers before testing the new configuration. | attackers before testing the new configuration. | |||
| When establishing a new configuration for connecting to an IMAP, POP, | When establishing a new configuration for connecting to an IMAP, POP, | |||
| or SMTP submission server, based on SRV records, an MUA SHOULD verify | or SMTP submission server, based on SRV records, an MUA SHOULD verify | |||
| that either (a) the SRV records are signed using DNSSEC or (b) the | that either (a) the SRV records are signed using DNSSEC or (b) the | |||
| target Fully Qualified Domain Name (FQDN) of the SRV record matches | target Fully Qualified Domain Name (FQDN) of the SRV record matches | |||
| the original server FQDN for which the SRV queries were made. If the | the original server FQDN for which the SRV queries were made. If the | |||
| target FQDN is not in the queried domain, the MUA SHOULD verify with | target FQDN is not in the queried domain, the MUA SHOULD verify with | |||
| the user that the SRV target FQDN is suitable for use, before | the user that the SRV target FQDN is suitable for use, before | |||
| executing any connections to the host. (See Section 6 of [RFC6186].) | executing any connections to the host. (See Section 6 of [RFC6186].) | |||
| skipping to change at page 13, line 49 | skipping to change at page 14, line 21 | |||
| records from time to time to determine if an MSP's server | records from time to time to determine if an MSP's server | |||
| configuration has changed and alert the user if it appears that this | configuration has changed and alert the user if it appears that this | |||
| has happened. This can also serve as a means to encourage users to | has happened. This can also serve as a means to encourage users to | |||
| upgrade their configurations to require TLS if and when their MSPs | upgrade their configurations to require TLS if and when their MSPs | |||
| support it. | support it. | |||
| 5.2. Minimum Confidentiality Level | 5.2. Minimum Confidentiality Level | |||
| MUAs SHOULD, by default, require a minimum level of confidentiality | MUAs SHOULD, by default, require a minimum level of confidentiality | |||
| for services accessed by each account. For MUAs supporting the | for services accessed by each account. For MUAs supporting the | |||
| ability to access multiple mail accounts, this requirement SHOULD be | ability to access multiple Mail Accounts, this requirement SHOULD be | |||
| configurable on a per-account basis. | configurable on a per-account basis. | |||
| The default minimum expected level of confidentiality for all new | The default minimum expected level of confidentiality for all new | |||
| accounts MUST require successful validation of the server's | accounts MUST require successful validation of the server's | |||
| certificate and SHOULD require negotiation of TLS version 1.1 or | certificate and SHOULD require negotiation of TLS version 1.1 or | |||
| greater. (Future revisions to this specification may raise these | greater. (Future revisions to this specification may raise these | |||
| requirements or impose additional requirements to address newly | requirements or impose additional requirements to address newly | |||
| discovered weaknesses in protocols or cryptographic algorithms.) | discovered weaknesses in protocols or cryptographic algorithms.) | |||
| MUAs MAY permit the user to disable this minimum confidentiality | MUAs MAY permit the user to disable this minimum confidentiality | |||
| requirement during initial account configuration or when subsequently | requirement during initial account configuration or when subsequently | |||
| editing an account configuration but MUST warn users that such a | editing an account configuration but MUST warn users that such a | |||
| configuration will not assure privacy for either passwords or | configuration will not assure privacy for either passwords or | |||
| messages. | messages. | |||
| An MUA that is configured to require a minimum level of | An MUA that is configured to require a minimum level of | |||
| confidentiality for a mail account MUST NOT attempt to perform any | confidentiality for a Mail Account MUST NOT attempt to perform any | |||
| operation other than capability discovery, or STARTTLS for servers | operation other than capability discovery, or STARTTLS for servers | |||
| not using Implicit TLS, unless the minimum level of confidentiality | not using Implicit TLS, unless the minimum level of confidentiality | |||
| is provided by that connection. | is provided by that connection. | |||
| MUAs SHOULD NOT allow users to easily access or send mail via a | MUAs SHOULD NOT allow users to easily access or send mail via a | |||
| connection, or authenticate to any service using a password, if that | connection, or authenticate to any service using a password, if that | |||
| account is configured to impose minimum confidentiality requirements | account is configured to impose minimum confidentiality requirements | |||
| and that connection does not meet all of those requirements. An | and that connection does not meet all of those requirements. An | |||
| example of "easy access" would be to display a dialog informing the | example of "easy access" would be to display a dialog informing the | |||
| user that the security requirements of the account were not met by | user that the security requirements of the account were not met by | |||
| the connection but allowing the user to "click through" to send mail | the connection but allowing the user to "click through" to send mail | |||
| or access the service anyway. Experience indicates that users | or access the service anyway. Experience indicates that users | |||
| presented with such an option often "click through" without | presented with such an option often "click through" without | |||
| understanding the risks that they're accepting by doing so. | understanding the risks that they're accepting by doing so. | |||
| Furthermore, users who frequently find the need to "click through" to | Furthermore, users who frequently find the need to "click through" to | |||
| use an insecure connection may become conditioned to do so as a | use an insecure connection may become conditioned to do so as a | |||
| matter of habit, before considering whether the risks are reasonable | matter of habit, before considering whether the risks are reasonable | |||
| in each specific instance. | in each specific instance. | |||
| An MUA that is not configured to require a minimum level of | An MUA that is not configured to require a minimum level of | |||
| confidentiality for a mail account SHOULD still attempt to connect to | confidentiality for a Mail Account SHOULD still attempt to connect to | |||
| the services associated with that account using the most secure means | the services associated with that account using the most secure means | |||
| available, e.g., by using Implicit TLS or STARTTLS. | available, e.g., by using Implicit TLS or STARTTLS. | |||
| 5.3. Certificate Validation | 5.3. Certificate Validation | |||
| MUAs MUST validate TLS server certificates according to [RFC7817] and | MUAs MUST validate TLS server certificates according to [RFC7817] and | |||
| PKIX [RFC5280]. | PKIX [RFC5280]. | |||
| MUAs MAY also support DNS-Based Authentication of Named Entities | MUAs MAY also support DNS-Based Authentication of Named Entities | |||
| (DANE) [RFC6698] as a means of validating server certificates in | (DANE) [RFC6698] as a means of validating server certificates in | |||
| order to meet minimum confidentiality requirements. | order to meet minimum confidentiality requirements. | |||
| MUAs MAY support the use of certificate pinning but MUST NOT consider | MUAs MAY support the use of certificate pinning but MUST NOT consider | |||
| a connection in which the server's authenticity relies on certificate | a connection in which the server's authenticity relies on certificate | |||
| pinning as providing the minimum level of confidentiality. (See | pinning as providing the minimum level of confidentiality. (See | |||
| Section 5.4.) | Section 5.4.) | |||
| 5.4. Certificate Pinning | 5.4. Certificate Pinning | |||
| During account setup, the MUA will identify servers that provide | During account setup, the MUA will identify servers that provide | |||
| account services such as mail access and mail submission (the | account services such as mail access and mail submission (Section 5.1 | |||
| previous section describes one way to do this). The certificates for | describes one way to do this). The certificates for these servers | |||
| these servers are verified using the rules described in [RFC7817] and | are verified using the rules described in [RFC7817] and PKIX | |||
| PKIX [RFC5280]. In the event that the certificate does not validate | [RFC5280]. In the event that the certificate does not validate due | |||
| due to an expired certificate, a lack of an appropriate chain of | to an expired certificate, a lack of an appropriate chain of trust, | |||
| trust, or a lack of an identifier match, the MUA MAY offer to create | or a lack of an identifier match, the MUA MAY offer to create a | |||
| a persistent binding between that certificate and the saved hostname | persistent binding between that certificate and the saved hostname | |||
| for the server, for use when accessing that account's servers. This | for the server, for use when accessing that account's servers. This | |||
| is called "certificate pinning". | is called "certificate pinning". | |||
| (Note: This use of the term "certificate pinning" means something | (Note: This use of the term "certificate pinning" means something | |||
| subtly different than HTTP Public Key Pinning as described in | subtly different than HTTP Public Key Pinning as described in | |||
| [RFC7469]. The dual use of the same term is confusing, but | [RFC7469]. The dual use of the same term is confusing, but | |||
| unfortunately both uses are well established.) | unfortunately both uses are well established.) | |||
| Certificate pinning is only appropriate during mail account setup and | Certificate pinning is only appropriate during Mail Account setup and | |||
| MUST NOT be offered as an option in response to a failed certificate | MUST NOT be offered as an option in response to a failed certificate | |||
| validation for an existing mail account. An MUA that allows | validation for an existing Mail Account. An MUA that allows | |||
| certificate pinning MUST NOT allow a certificate pinned for one | certificate pinning MUST NOT allow a certificate pinned for one | |||
| account to validate connections for other accounts. An MUA that | account to validate connections for other accounts. An MUA that | |||
| allows certificate pinning MUST also allow a user to undo the | allows certificate pinning MUST also allow a user to undo the | |||
| pinning, i.e., to revoke trust in a certificate that has previously | pinning, i.e., to revoke trust in a certificate that has previously | |||
| been pinned. | been pinned. | |||
| A pinned certificate is subject to a man-in-the-middle attack at | A pinned certificate is subject to a man-in-the-middle attack at | |||
| account setup time and typically lacks a mechanism to automatically | account setup time and typically lacks a mechanism to automatically | |||
| revoke or securely refresh the certificate. Note also that a man-in- | revoke or securely refresh the certificate. Note also that a man-in- | |||
| the-middle attack at account setup time will expose the user's | the-middle attack at account setup time will expose the user's | |||
| skipping to change at page 16, line 33 | skipping to change at page 17, line 9 | |||
| A client supporting client certificate authentication with Implicit | A client supporting client certificate authentication with Implicit | |||
| TLS MUST implement the SASL EXTERNAL mechanism [RFC4422], using the | TLS MUST implement the SASL EXTERNAL mechanism [RFC4422], using the | |||
| appropriate authentication command (AUTH for POP3 [RFC5034], AUTH for | appropriate authentication command (AUTH for POP3 [RFC5034], AUTH for | |||
| SMTP Submission [RFC4954], or AUTHENTICATE for IMAP [RFC3501]). | SMTP Submission [RFC4954], or AUTHENTICATE for IMAP [RFC3501]). | |||
| 6. Considerations Related to Antivirus/Antispam Software and Services | 6. Considerations Related to Antivirus/Antispam Software and Services | |||
| There are multiple ways to connect an AVAS service (e.g., "Antivirus | There are multiple ways to connect an AVAS service (e.g., "Antivirus | |||
| & Antispam") to a mail server. Some mechanisms, such as the de facto | & Antispam") to a mail server. Some mechanisms, such as the de facto | |||
| filter protocol, are out of scope for this specification. However, | "milter" protocol, are out of scope for this specification. However, | |||
| some services use an SMTP relay proxy that intercepts mail at the | some services use an SMTP relay proxy that intercepts mail at the | |||
| application layer to perform a scan and proxy or forward to another | application layer to perform a scan and proxy or forward to another | |||
| Mail Transfer Agent (MTA). Deploying AVAS services in this way can | Mail Transfer Agent (MTA). Deploying AVAS services in this way can | |||
| cause many problems [RFC2979], including direct interference with | cause many problems [RFC2979], including direct interference with | |||
| this specification, and other forms of confidentiality or security | this specification, and other forms of confidentiality or security | |||
| reduction. An AVAS product or service is considered compatible with | reduction. An AVAS product or service is considered compatible with | |||
| this specification if all IMAP, POP, and SMTP-related software | this specification if all IMAP, POP, and SMTP-related software | |||
| (including proxies) it includes are compliant with this | (including proxies) it includes are compliant with this | |||
| specification. | specification. | |||
| skipping to change at page 18, line 4 | skipping to change at page 18, line 33 | |||
| Assignee: IESG <iesg@ietf.org> | Assignee: IESG <iesg@ietf.org> | |||
| Contact: IETF Chair <chair@ietf.org> | Contact: IETF Chair <chair@ietf.org> | |||
| Description: Message Submission over TLS protocol | Description: Message Submission over TLS protocol | |||
| Reference: RFC 8314 | Reference: RFC 8314 | |||
| Port Number: 465 | Port Number: 465 | |||
| This is a one-time procedural exception to the rules in [RFC6335]. | This is a one-time procedural exception to the rules in [RFC6335]. | |||
| This requires explicit IESG approval and does not set a precedent. | This requires explicit IESG approval and does not set a precedent. | |||
| Note: Since the purpose of this alternate usage assignment is to | Note: Since the purpose of this alternate usage assignment is to | |||
| align with widespread existing practice and there is no known usage | align with widespread existing practice and there is no known usage | |||
| of UDP port 465 for message submission over TLS, IANA has not | of UDP port 465 for Message Submission over TLS, IANA has not | |||
| assigned an alternate usage of UDP port 465. | assigned an alternate usage of UDP port 465. | |||
| Historically, port 465 was briefly registered as the "smtps" port. | Historically, port 465 was briefly registered as the "smtps" port. | |||
| This registration made no sense, as the SMTP transport MX | This registration made no sense, as the SMTP transport MX | |||
| infrastructure has no way to specify a port, so port 25 is always | infrastructure has no way to specify a port, so port 25 is always | |||
| used. As a result, the registration was revoked and was subsequently | used. As a result, the registration was revoked and was subsequently | |||
| reassigned to a different service. In hindsight, the "smtps" | reassigned to a different service. In hindsight, the "smtps" | |||
| registration should have been renamed or reserved rather than | registration should have been renamed or reserved rather than | |||
| revoked. Unfortunately, some widely deployed mail software | revoked. Unfortunately, some widely deployed mail software | |||
| interpreted "smtps" as "submissions" [RFC6409] and used that port for | interpreted "smtps" as "submissions" [RFC6409] and used that port for | |||
| email submission by default when an end user requested security | email submission by default when an end user requested security | |||
| during account setup. If a new port is assigned for the submissions | during account setup. If a new port is assigned for the submissions | |||
| service, either (a) email software will continue with unregistered | service, either (a) email software will continue with unregistered | |||
| use of port 465 (leaving the port registry inaccurate relative to | use of port 465 (leaving the port registry inaccurate relative to | |||
| de facto practice and wasting a well-known port) or (b) confusion | de facto practice and wasting a well-known port) or (b) confusion | |||
| between the de facto and registered ports will cause harmful | between the de facto and registered ports will cause harmful | |||
| interoperability problems that will deter the use of TLS for message | interoperability problems that will deter the use of TLS for Message | |||
| submission. The authors of this document believe that both of these | Submission. The authors of this document believe that both of these | |||
| outcomes are less desirable than a "wart" in the registry documenting | outcomes are less desirable than a "wart" in the registry documenting | |||
| real-world usage of a port for two purposes. Although STARTTLS on | real-world usage of a port for two purposes. Although STARTTLS on | |||
| port 587 has been deployed, it has not replaced the deployed use of | port 587 has been deployed, it has not replaced the deployed use of | |||
| Implicit TLS submission on port 465. | Implicit TLS submission on port 465. | |||
| 7.4. Additional Registered Clauses for "Received" Fields | 7.4. Additional Registered Clauses for "Received" Fields | |||
| Per the provisions in [RFC5321], IANA has added two additional- | Per the provisions in [RFC5321], IANA has added two additional- | |||
| registered-clauses for Received fields as defined in Section 4.3 of | registered-clauses for Received fields as defined in Section 4.3 of | |||
| this document: | this document: | |||
| skipping to change at page 19, line 41 | skipping to change at page 20, line 23 | |||
| [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | |||
| Rose, "DNS Security Introduction and Requirements", | Rose, "DNS Security Introduction and Requirements", | |||
| RFC 4033, DOI 10.17487/RFC4033, March 2005, | RFC 4033, DOI 10.17487/RFC4033, March 2005, | |||
| <https://www.rfc-editor.org/info/rfc4033>. | <https://www.rfc-editor.org/info/rfc4033>. | |||
| [RFC5034] Siemborski, R. and A. Menon-Sen, "The Post Office Protocol | [RFC5034] Siemborski, R. and A. Menon-Sen, "The Post Office Protocol | |||
| (POP3) Simple Authentication and Security Layer (SASL) | (POP3) Simple Authentication and Security Layer (SASL) | |||
| Authentication Mechanism", RFC 5034, DOI 10.17487/RFC5034, | Authentication Mechanism", RFC 5034, DOI 10.17487/RFC5034, | |||
| July 2007, <https://www.rfc-editor.org/info/rfc5034>. | July 2007, <https://www.rfc-editor.org/info/rfc5034>. | |||
| [RFC5068] Hutzler, C., Crocker, D., Resnick, P., Allman, E., and T. | ||||
| Finch, "Email Submission Operations: Access and | ||||
| Accountability Requirements", BCP 134, RFC 5068, | ||||
| DOI 10.17487/RFC5068, November 2007, | ||||
| <https://www.rfc-editor.org/info/rfc5068>. | ||||
| [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax | |||
| Specifications: ABNF", STD 68, RFC 5234, | Specifications: ABNF", STD 68, RFC 5234, | |||
| DOI 10.17487/RFC5234, January 2008, | DOI 10.17487/RFC5234, January 2008, | |||
| <https://www.rfc-editor.org/info/rfc5234>. | <https://www.rfc-editor.org/info/rfc5234>. | |||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | |||
| (TLS) Protocol Version 1.2", RFC 5246, | (TLS) Protocol Version 1.2", RFC 5246, | |||
| DOI 10.17487/RFC5246, August 2008, | DOI 10.17487/RFC5246, August 2008, | |||
| <https://www.rfc-editor.org/info/rfc5246>. | <https://www.rfc-editor.org/info/rfc5246>. | |||
| skipping to change at page 21, line 15 | skipping to change at page 21, line 37 | |||
| [RFC793] Postel, J., "Transmission Control Protocol", STD 7, | [RFC793] Postel, J., "Transmission Control Protocol", STD 7, | |||
| RFC 793, DOI 10.17487/RFC0793, September 1981, | RFC 793, DOI 10.17487/RFC0793, September 1981, | |||
| <https://www.rfc-editor.org/info/rfc793>. | <https://www.rfc-editor.org/info/rfc793>. | |||
| [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC | |||
| 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, | |||
| May 2017, <https://www.rfc-editor.org/info/rfc8174>. | May 2017, <https://www.rfc-editor.org/info/rfc8174>. | |||
| 9.2. Informative References | 9.2. Informative References | |||
| [CERT-555316] | ||||
| CERT, "Vulnerability Note VU#555316: STARTTLS plaintext | ||||
| command injection vulnerability", Carnegie Mellon | ||||
| University Software Engineering Institute, September 2011, | ||||
| <https://www.kb.cert.org/vuls/id/555316>. | ||||
| [Email-TLS] | [Email-TLS] | |||
| Moore, K., "Recommendations for use of TLS by Electronic | Moore, K., "Recommendations for use of TLS by Electronic | |||
| Mail Access Protocols", Work in Progress, draft-moore- | Mail Access Protocols", Work in Progress, draft-moore- | |||
| email-tls-00, October 2013. | email-tls-00, October 2013. | |||
| [MTA-STS] Margolis, D., Risher, M., Ramakrishnan, B., Brotman, A., | [MTA-STS] Margolis, D., Risher, M., Ramakrishnan, B., Brotman, A., | |||
| and J. Jones, "SMTP MTA Strict Transport Security (MTA- | and J. Jones, "SMTP MTA Strict Transport Security (MTA- | |||
| STS)", Work in Progress, draft-ietf-uta-mta-sts-13, | STS)", Work in Progress, draft-ietf-uta-mta-sts-13, | |||
| December 2017. | December 2017. | |||
| skipping to change at page 22, line 10 | skipping to change at page 22, line 37 | |||
| [RFC4422] Melnikov, A., Ed. and K. Zeilenga, Ed., "Simple | [RFC4422] Melnikov, A., Ed. and K. Zeilenga, Ed., "Simple | |||
| Authentication and Security Layer (SASL)", RFC 4422, | Authentication and Security Layer (SASL)", RFC 4422, | |||
| DOI 10.17487/RFC4422, June 2006, | DOI 10.17487/RFC4422, June 2006, | |||
| <https://www.rfc-editor.org/info/rfc4422>. | <https://www.rfc-editor.org/info/rfc4422>. | |||
| [RFC4954] Siemborski, R., Ed. and A. Melnikov, Ed., "SMTP Service | [RFC4954] Siemborski, R., Ed. and A. Melnikov, Ed., "SMTP Service | |||
| Extension for Authentication", RFC 4954, | Extension for Authentication", RFC 4954, | |||
| DOI 10.17487/RFC4954, July 2007, | DOI 10.17487/RFC4954, July 2007, | |||
| <https://www.rfc-editor.org/info/rfc4954>. | <https://www.rfc-editor.org/info/rfc4954>. | |||
| [RFC5068] Hutzler, C., Crocker, D., Resnick, P., Allman, E., and T. | ||||
| Finch, "Email Submission Operations: Access and | ||||
| Accountability Requirements", BCP 134, RFC 5068, | ||||
| DOI 10.17487/RFC5068, November 2007, | ||||
| <https://www.rfc-editor.org/info/rfc5068>. | ||||
| [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, | [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, | |||
| DOI 10.17487/RFC5321, October 2008, | DOI 10.17487/RFC5321, October 2008, | |||
| <https://www.rfc-editor.org/info/rfc5321>. | <https://www.rfc-editor.org/info/rfc5321>. | |||
| [RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) | [RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) | |||
| Extensions: Extension Definitions", RFC 6066, | Extensions: Extension Definitions", RFC 6066, | |||
| DOI 10.17487/RFC6066, January 2011, | DOI 10.17487/RFC6066, January 2011, | |||
| <https://www.rfc-editor.org/info/rfc6066>. | <https://www.rfc-editor.org/info/rfc6066>. | |||
| [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | |||
| skipping to change at page 23, line 17 | skipping to change at page 23, line 52 | |||
| protocols always use TLS, leaving no need for a separate port for | protocols always use TLS, leaving no need for a separate port for | |||
| cleartext operation except to support legacy clients while they | cleartext operation except to support legacy clients while they | |||
| continue to be used. The separate-port model for TLS is inherently | continue to be used. The separate-port model for TLS is inherently | |||
| simpler to implement, debug, and deploy. It also enables a "generic | simpler to implement, debug, and deploy. It also enables a "generic | |||
| TLS load-balancer" that accepts secure client connections for | TLS load-balancer" that accepts secure client connections for | |||
| arbitrary foo-over-TLS protocols and forwards them to a server that | arbitrary foo-over-TLS protocols and forwards them to a server that | |||
| may or may not support TLS. Such load-balancers cause many problems | may or may not support TLS. Such load-balancers cause many problems | |||
| because they violate the end-to-end principle and the server loses | because they violate the end-to-end principle and the server loses | |||
| the ability to log security-relevant information about the client | the ability to log security-relevant information about the client | |||
| unless the protocol is designed to forward that information (as this | unless the protocol is designed to forward that information (as this | |||
| specification does for the cipher suite). However, they can result | specification does for the ciphersuite). However, they can result in | |||
| in TLS deployment where it would not otherwise happen, which is a | TLS deployment where it would not otherwise happen, which is a | |||
| sufficiently important goal that it overrides any problems. | sufficiently important goal that it overrides any problems. | |||
| Although STARTTLS appears only slightly more complex than | Although STARTTLS appears only slightly more complex than | |||
| separate-port TLS, we again learned the lesson that complexity is the | separate-port TLS, we again learned the lesson that complexity is the | |||
| enemy of security in the form of the STARTTLS command injection | enemy of security in the form of the STARTTLS command injection | |||
| vulnerability (CERT vulnerability ID #555316). Although there's | vulnerability (Computer Emergency Readiness Team (CERT) vulnerability | |||
| nothing inherently wrong with STARTTLS, the fact that it resulted in | ID #555316 [CERT-555316]). Although there's nothing inherently wrong | |||
| a common implementation error (made independently by multiple | with STARTTLS, the fact that it resulted in a common implementation | |||
| implementers) suggests that it is a less secure architecture than | error (made independently by multiple implementers) suggests that it | |||
| Implicit TLS. | is a less secure architecture than Implicit TLS. | |||
| Section 7 of RFC 2595 critiques the separate-port approach to TLS. | Section 7 of RFC 2595 critiques the separate-port approach to TLS. | |||
| The first bullet was a correct critique. There are proposals in the | The first bullet was a correct critique. There are proposals in the | |||
| HTTP community to address that, and the use of SRV records as | HTTP community to address that, and the use of SRV records as | |||
| described in RFC 6186 resolves that critique for email. The second | described in RFC 6186 resolves that critique for email. The second | |||
| bullet is correct as well but is not very important because useful | bullet is correct as well but is not very important because useful | |||
| deployment of security layers other than TLS in email is small enough | deployment of security layers other than TLS in email is small enough | |||
| to be effectively irrelevant. (Also, it's less correct than it used | to be effectively irrelevant. (Also, it's less correct than it used | |||
| to be because "export" ciphersuites are no longer supported in modern | to be because "export" ciphersuites are no longer supported in modern | |||
| versions of TLS.) The third bullet is incorrect because it misses | versions of TLS.) The third bullet is incorrect because it misses | |||
| the desirable option of "use and latch-on TLS if available". The | the desirable option of "use TLS for all subsequent connections to | |||
| fourth bullet may be correct, but it is not a problem yet with | this server once TLS is successfully negotiated". The fourth bullet | |||
| current port consumption rates. The fundamental error was | may be correct, but it is not a problem yet with current port | |||
| prioritizing a perceived better design based on a mostly valid | consumption rates. The fundamental error was prioritizing a | |||
| critique over real-world deployability. But getting security and | perceived better design based on a mostly valid critique over real- | |||
| confidentiality facilities actually deployed is so important that it | world deployability. But getting security and confidentiality | |||
| should trump design purity considerations. | facilities actually deployed is so important that it should trump | |||
| design purity considerations. | ||||
| Port 465 is presently used for two purposes: for submissions by a | Port 465 is presently used for two purposes: for submissions by a | |||
| large number of clients and service providers and for the "urd" | large number of clients and service providers and for the "urd" | |||
| protocol by one vendor. Actually documenting this current state is | protocol by one vendor. Actually documenting this current state is | |||
| controversial, as discussed in the IANA Considerations section. | controversial, as discussed in the IANA Considerations section. | |||
| However, there is no good alternative. Registering a new port for | However, there is no good alternative. Registering a new port for | |||
| submissions when port 465 is already widely used for that purpose | submissions when port 465 is already widely used for that purpose | |||
| will just create interoperability problems. Registering a port | will just create interoperability problems. Registering a port | |||
| that's only used if advertised by an SRV record (RFC 6186) would not | that's only used if advertised by an SRV record (RFC 6186) would not | |||
| create interoperability problems but would require all client | create interoperability problems but would require all client | |||
| End of changes. 69 change blocks. | ||||
| 134 lines changed or deleted | 166 lines changed or added | |||
This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||