Re: [Uta] Revised wording on security consideration re TLS-Required

[Benjamin Kaduk <kaduk@mit.edu>]

[sorry about the broekn threading; I get uta@ in digest form and can't dig
out a proper message-id ATM from the archives]

On Wed, Mar 27, 2019 at 12:00:16PM -0700, uta-request@ietf.org wrote:
> Date: Wed, 27 Mar 2019 09:34:14 +0100
> From: Jim Fenton <fenton@bluepopcorn.net>
> To: "uta@ietf.org" <uta@ietf.org>
> Subject: [Uta] Revised wording on security consideration re TLS-Required
> 
> Thanks for the feedback on my proposed language for a new security
> consideration regarding conflicts between the TLS-Required header field
> and DANE and MTA-STS recipient policies. Here's another stab at it:
> 
> =====
> 
> 8.4. Policy Conflicts
> 
> 
> In some cases, the use of the TLS-Required header field may conflict
> with a recipient domain policy expressed through the DANE [RFC7672] or
> MTA-STS [RFC8461] protocols. Although these protocols encourage the use
> of TLS transport by advertising availability of TLS, the use of
> ”TLS-Required: No” header field represents an explicit decision on the
> part of the sender not to require the use of TLS, such as to overcome a
> configuration error. The recipient domain has the ultimate ability to
> require TLS by not accepting messages when STARTTLS has not been
> negotiated; otherwise, "TLS-Required: No" is effectively directing the
> client MTA to behave as if it does not support DANE nor MTA-STS.
> 
> 
> =====
> 
> 
> Comments welcome.

This doesn't really say anything about or give guidance to intermediate
MTAs.  (Do we want to differentiate between initial and intermediate MTAs,
too?)

-Ben