Markdown Version | Session Recording

Session Date/Time: 20 Mar 2025 08:00

emailcore

Summary

The emailcore working group held a session focused primarily on reviewing open issues for the AS (Applicability Statement) document, which is currently at version 16. The session covered administrative updates, including a change in Area Director from Alexei Melnikov to Andy Newton, and document status updates. The group discussed various technical issues related to SMTP security, particularly around START TLS requirements and authentication mechanisms. Several issues were resolved or had proposed text changes presented for review.

Key Discussion Points

• Document Status Updates:

  • Email format document is in RFC Editor's queue
  • SMTP document was pulled back from RFC Editor's queue to conduct a second IETF last call specifically for security considerations
  • The group hopes to secure RFC numbers 9821, 9822, and 9823 for the three core documents

• AS Document Issues Resolved (Issues 86, 87, 88, 89, 90):

  • Added text about empty quoted strings in local parts
  • Added example of empty display name
  • Updated authentication section (6.4) with bulleted list format
  • Added descriptions for SPF and DKIM
  • Added fifth bullet mentioning S/MIME, OpenPGP, and header protection

• Issue 94 - Generation of Fold Clauses:

  • Changed from "MUST NOT" to "SHOULD NOT" to maintain consistency with base specification (RFC 5321)

• Issue 113 - Terminology Changes:

  • Proposal to rename sections 6.2 and 6.3
  • Change "optional" to "opportunistic" and "required" to "enforced" throughout document
  • Added new paragraph about configuration requirements for START TLS

• START TLS Requirements Discussion:

  • Extensive debate about mandatory implementation vs. configuration flexibility
  • Discussion centered on requirement that implementations must be able to accept connections without START TLS for interoperability
  • Concerns raised about protected vs. non-protected environments
  • Agreement on need for confidentiality while maintaining interoperability

• Security Considerations:

  • Need to address firewall interference with START TLS negotiation
  • Discussion of MTA-STS and other solutions for enforcing TLS
  • Clarification needed on hop-by-hop vs. end-to-end confidentiality and authentication

Decisions and Action Items

• Pete Resnick will revise the START TLS configuration text to clarify requirements for confidentiality implementation while allowing interoperability without confidentiality
• John Klensin will provide text for Issue 92 (CNAME-related clarifications) after RFC 5321 work is completed
• Ken Murchison will collaborate with Alexei Melnikov on two newly created issues regarding email address syntax and identity protection clarification
• Pete Resnick will add text to security considerations addressing firewall interference with START TLS
• Pete Resnick will create new issue and add text discussing end-to-end vs. hop-by-hop confidentiality and authentication limitations

Next Steps

• Second IETF last call for SMTP document will proceed (full two weeks) focusing specifically on security considerations
• New revision of AS document (version 17) expected within two weeks
• Continue work on remaining open issues, particularly Issue 92 pending John Klensin's input
• SMTP IANA cleanup work will likely be transferred to mailmaint working group rather than handled in emailcore due to charter constraints