The IESG has approved the following document: - 'SMTP MTA Strict Transport Security (MTA-STS)' (draft-ietf-uta-mta-sts-21.txt) as Proposed Standard This document is the product of the Using TLS in Applications Working Group. The IESG contact persons are Adam Roach, Alexey Melnikov and Ben Campbell. A URL of this Internet Draft is: https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/ Technical Summary SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a mechanism enabling mail service providers to declare their ability to receive Transport Layer Security (TLS) secure SMTP connections, and to specify whether sending SMTP servers should refuse to deliver to MX hosts that do not offer TLS with a trusted server certificate. Working Group Summary The WG had a hard time aligning on the format of MTA-STS policy and initially had chosen JSON as the format. Strong push-back from parts of the opensource community led to a change to key-value text based format. The consensus is strong on the new format but the path there was a bit rough. There is still too little understanding of how SNI is deployed in the email domain to warrant clear normative language on the use of SNI. Security directorate review may change this a bit but probably not much. The WG consensus is to leave the language as is in the draft. Document Quality There are multiple implementations on the protocol and major email- providers (eg google) are already deploying the protocol as specified. There are indications that major opensource implementations of MTAs will implement the protocol. Personnel Who is the Document Shepherd? Who is the Responsible Area Director? Leif Johansson (document shepherd) Alexei Melnikov (AD) RFC Editor Note In Section 3.2, in the ABNF: sts-policy-field = sts-policy-version / ; required once sts-policy-mode / ; required once sts-policy-max-age / ; required once sts-policy-term / ; required at least once, except when ; mode is "none" sts-policy-extension ; other fields Please change "sts-policy-term" to "sts-policy-mx" In the same section, also change: OLD: sts-policy-mx-value = ["."] Domain NEW: sts-policy-mx-value = ["*."] Domain In Section 3.4: OLD: This specification does not provide a means of associating policies with addresses that employ Address Literals [RFC5321]. NEW: s/with addresses/with email addresses/
