Protocol Action: 'SMTP MTA Strict Transport Security (MTA-STS)' to Proposed Standard (draft-ietf-uta-mta-sts-21.txt)

The IESG <> Mon, 18 June 2018 03:17 UTC

Return-Path: <>
Received: from (localhost [IPv6:::1]) by (Postfix) with ESMTP id 5D539124D68; Sun, 17 Jun 2018 20:17:51 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: The IESG <>
To: IETF-Announce <>
Subject: Protocol Action: 'SMTP MTA Strict Transport Security (MTA-STS)' to Proposed Standard (draft-ietf-uta-mta-sts-21.txt)
X-Test-IDTracker: no
X-IETF-IDTracker: 6.81.2
Auto-Submitted: auto-generated
Precedence: bulk
Cc:, The IESG <>,,, Leif Johansson <>,,,
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
Message-ID: <>
Date: Sun, 17 Jun 2018 20:17:51 -0700
Archived-At: <>
X-Mailman-Version: 2.1.26
List-Id: "IETF announcement list. No discussions." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 18 Jun 2018 03:17:52 -0000

The IESG has approved the following document:
- 'SMTP MTA Strict Transport Security (MTA-STS)'
  (draft-ietf-uta-mta-sts-21.txt) as Proposed Standard

This document is the product of the Using TLS in Applications Working Group.

The IESG contact persons are Adam Roach, Alexey Melnikov and Ben Campbell.

A URL of this Internet Draft is:

Technical Summary

   SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a
   mechanism enabling mail service providers to declare their ability to
   receive Transport Layer Security (TLS) secure SMTP connections, and
   to specify whether sending SMTP servers should refuse to deliver to
   MX hosts that do not offer TLS with a trusted server certificate.

Working Group Summary

   The WG had a hard time aligning on the format of MTA-STS policy
   and initially had chosen JSON as the format. Strong push-back from
   parts of the opensource community led to a change to key-value text
   based format. The consensus is strong on the new format but the path
   there was a bit rough. There is still too little understanding of 
   how SNI is deployed in the email domain to warrant clear normative
   language on the use of SNI. Security directorate review may change
   this a bit but probably not much. The WG consensus is to leave the
   language as is in the draft.

Document Quality

   There are multiple implementations on the protocol and major email-
   providers (eg google) are already deploying the protocol as specified.  
   There are indications that major opensource implementations of MTAs
   will implement the protocol.


  Who is the Document Shepherd? Who is the Responsible Area

  Leif Johansson (document shepherd)
  Alexei Melnikov (AD)

RFC Editor Note

In Section 3.2, in the ABNF:

sts-policy-field         = sts-policy-version /      ; required once
                           sts-policy-mode    /      ; required once
                           sts-policy-max-age /      ; required once

                           sts-policy-term /
                           ; required at least once, except when
                           ; mode is "none"

                           sts-policy-extension      ; other fields

Please change "sts-policy-term" to "sts-policy-mx"

In the same section, also change:


sts-policy-mx-value      = ["."] Domain


sts-policy-mx-value      = ["*."] Domain

In Section 3.4:

OLD:  This specification does not provide a means of associating
      policies with addresses that employ Address Literals [RFC5321].

NEW: s/with addresses/with email addresses/