[Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

[Eric Rescorla <ekr@rtfm.com>]

Eric Rescorla has entered the following ballot position for
draft-ietf-uta-smtp-require-tls-07: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-uta-smtp-require-tls/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

I support Benjamin's DISCUSS.

To elaborate on one point a bit: it seems to me that it's harmful to
security to allow the sender to unilaterally override the recipient's
preferences that something be encrypted. To forestall one argument,
yes, the sender knows the contents of the message, but the recipient
knows their own circumstances, and they may be at particular risk


       The choices of key lengths and algorithms change over time, so a
       specific requirement is not presented here.

This is not a verifiable conformance requirement. You
either need to not have a 8174 SHOULD here, or actually specify what
"meaningfully secure" means.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

   email by giving the originator of a message an expectation that it
   will be transmitted in an encrypted form "over the wire".  When used,
   REQUIRETLS changes the traditional behavior of email transmission,

This does not seem to accurately describe "RequireTLS: NO"