idnits 2.17.1 

draft-newman-esmtpsa-01.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

  ** Looks like you're using RFC 2026 boilerplate.  This must be updated to
     follow RFC 3978/3979, as updated by RFC 4748.


  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

  == No 'Intended status' indicated for this document; assuming Proposed
     Standard


  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  ** The document seems to lack an Introduction section.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not
     match the current year

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (August 18, 2003) is 7109 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Unused Reference: '5' is defined on line 128, but no explicit reference
     was found in the text

  ** Obsolete normative reference: RFC 2821 (ref. '2') (Obsoleted by RFC 5321)

  ** Obsolete normative reference: RFC 2554 (ref. '3') (Obsoleted by RFC 4954)

  ** Downref: Normative reference to an Informational RFC: RFC 2033 (ref. '4')

  -- Obsolete informational reference (is this intentional?): RFC 1869 (ref.
     '5') (Obsoleted by RFC 2821)

  -- Obsolete informational reference (is this intentional?): RFC  821 (ref.
     '6') (Obsoleted by RFC 2821)


     Summary: 5 errors (**), 0 flaws (~~), 3 warnings (==), 4 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.

--------------------------------------------------------------------------------


2	Network Working Group                                          C. Newman
3	Internet-Draft                                          Sun Microsystems
4	Expires: February 16, 2004                               August 18, 2003

6	             ESMTP and LMTP Transmission Types Registration
7	                      draft-newman-esmtpsa-01.txt

9	Status of this Memo

11	   This document is an Internet-Draft and is in full conformance with
12	   all provisions of Section 10 of RFC2026.

14	   Internet-Drafts are working documents of the Internet Engineering
15	   Task Force (IETF), its areas, and its working groups. Note that other
16	   groups may also distribute working documents as Internet-Drafts.

18	   Internet-Drafts are draft documents valid for a maximum of six months
19	   and may be updated, replaced, or obsoleted by other documents at any
20	   time. It is inappropriate to use Internet-Drafts as reference
21	   material or to cite them other than as "work in progress."

23	   The list of current Internet-Drafts can be accessed at http://
24	   www.ietf.org/ietf/1id-abstracts.txt.

26	   The list of Internet-Draft Shadow Directories can be accessed at
27	   http://www.ietf.org/shadow.html.

29	   This Internet-Draft will expire on February 16, 2004.

31	Copyright Notice

33	   Copyright (C) The Internet Society (2003). All Rights Reserved.

35	Abstract

37	   This registers seven new mail transmission types (ESMTPA, ESMTPS,
38	   ESMTPSA, LMTP, LMTPA, LMTPS, LMTPSA) for use in the "with" clause of
39	   a Received header in an Internet message.

41	1. IANA Considerations

43	   As directed by SMTP [2], IANA maintains a registry [7] of "WITH
44	   protocol types" for use in the "with" clause of the Received header
45	   in an Internet message.  This registry presently includes SMTP [6],
46	   and ESMTP [2]. This specification updates the registry as follows:

48	   o  The new keyword "ESMTPA" indicates the use of ESMTP when the SMTP
49	      AUTH [3] extension is also used and authentication is successfully
50	      achieved.

52	   o  The new keyword "ESMTPS" indicates the use of ESMTP when STARTTLS
53	      [1] is also successfully negotiated to provide a strong transport
54	      encryption layer.

56	   o  The new keyword "ESMTPSA" indicates the use of ESMTP when both
57	      STARTTLS and SMTP AUTH are successfully negotiated (the
58	      combination of ESMTPS and ESMTPA).

60	   o  The new keyword "LMTP" indicates the use of LMTP [4].

62	   o  The new keyword "LMTPA" indicates the use of LMTP when the SMTP
63	      AUTH extension is also used and authentication is successfully
64	      achieved.

66	   o  The new keyword "LMTPS" indicates the use of LMTP when STARTTLS is
67	      also successfully negotiated to provide a strong transport
68	      encryption layer.

70	   o  The new keyword "LMTPSA" indicates the use of LMTP when both
71	      STARTTLS and SMTP AUTH are successfully negotiated (the
72	      combination of LSMTPS and LSMTPA).

74	   o  The references for the ESMTP and SMTP entries in the registry
75	      should be updated to the latest specification [2] since both RFC
76	      821 and RFC 1869 are obsoleted by RFC 2821.

78	2. Implementation Experience

80	   The ESMTPA, ESMTPS and ESMTPSA keywords have been implemented in
81	   deployed email server software for several years and no problems have
82	   been reported with their use.

84	3. Security Considerations

86	   Use of these additional keywords provides trace information to
87	   indicate when various high-level security framing protocols are used
88	   for hop-to-hop transport of email without exposing details of the
89	   specifics of the security mechanism.  This trace information provides
90	   an informal way to track the deployment of these mechanisms on the
91	   Internet and can assist after-the-fact diagnosis of email abuse.

93	   These keywords are not normally protected in transport which means
94	   they can be modified by an active attacker.  They also do not
95	   indicate the specifics of the mechanism used, and therefore do not
96	   provide any real-world security assurance.  As they are both cryptic
97	   and hidden in trace headers used primarily to diagnose email
98	   problems, it is not expected they will mislead end users with a false
99	   sense of security. Information with a higher degree of reliability
100	   can be obtained by correlating the Received headers with the logs of
101	   the various Mail Transfer Agents through which the message passed.

103	   The trace information provided by these keywords and other parts of
104	   the Received header provide a significant benefit when doing
105	   after-the-fact diagnosis of email abuse or problems.  Unfortunately,
106	   some people in a misguided attempt to hide information about their
107	   internal servers will strip Received headers of useful information
108	   and reduce their ability to correct security abuses after they
109	   happen.  The result of such misguided efforts is usually a reduction
110	   of the overall security of the systems.

112	Normative References

114	   [1]  Hoffman, P., "SMTP Service Extension for Secure SMTP over
115	        Transport Layer Security", RFC 3207, February 2002.

117	   [2]  Klensin, J., "Simple Mail Transfer Protocol", RFC 2821, April
118	        2001.

120	   [3]  Myers, J., "SMTP Service Extension for Authentication", RFC
121	        2554, March 1999.

123	   [4]  Myers, J., "Local Mail Transfer Protocol", RFC 2033, October
124	        1996.

126	Informative References

128	   [5]  Klensin, J., Freed, N., Rose, M., Stefferud, E. and D. Crocker,
129	        "SMTP Service Extensions", STD 10, RFC 1869, November 1995.

131	   [6]  Postel, J., "Simple Mail Transfer Protocol", STD 10, RFC 821,
132	        August 1982.

134	URIs

136	   [7]  <http://www.iana.org/assignments/mail-parameters>

138	Author's Address

140	   Chris Newman
141	   Sun Microsystems
142	   1050 Lakes Drive
143	   West Covina, CA  91790
144	   US

146	   EMail: chris.newman@sun.com

148	Intellectual Property Statement

150	   The IETF takes no position regarding the validity or scope of any
151	   intellectual property or other rights that might be claimed to
152	   pertain to the implementation or use of the technology described in
153	   this document or the extent to which any license under such rights
154	   might or might not be available; neither does it represent that it
155	   has made any effort to identify any such rights. Information on the
156	   IETF's procedures with respect to rights in standards-track and
157	   standards-related documentation can be found in BCP-11. Copies of
158	   claims of rights made available for publication and any assurances of
159	   licenses to be made available, or the result of an attempt made to
160	   obtain a general license or permission for the use of such
161	   proprietary rights by implementors or users of this specification can
162	   be obtained from the IETF Secretariat.

164	   The IETF invites any interested party to bring to its attention any
165	   copyrights, patents or patent applications, or other proprietary
166	   rights which may cover technology that may be required to practice
167	   this standard. Please address the information to the IETF Executive
168	   Director.

170	Full Copyright Statement

172	   Copyright (C) The Internet Society (2003). All Rights Reserved.

174	   This document and translations of it may be copied and furnished to
175	   others, and derivative works that comment on or otherwise explain it
176	   or assist in its implementation may be prepared, copied, published
177	   and distributed, in whole or in part, without restriction of any
178	   kind, provided that the above copyright notice and this paragraph are
179	   included on all such copies and derivative works. However, this
180	   document itself may not be modified in any way, such as by removing
181	   the copyright notice or references to the Internet Society or other
182	   Internet organizations, except as needed for the purpose of
183	   developing Internet standards in which case the procedures for
184	   copyrights defined in the Internet Standards process must be
185	   followed, or as required to translate it into languages other than
186	   English.

188	   The limited permissions granted above are perpetual and will not be
189	   revoked by the Internet Society or its successors or assignees.

191	   This document and the information contained herein is provided on an
192	   "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
193	   TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
194	   BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
195	   HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
196	   MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

198	Acknowledgment

200	   Funding for the RFC Editor function is currently provided by the
201	   Internet Society.