<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc rfcedstyle="yes"?>
<?rfc subcompact="no"?>
<?rfc symrefs="yes"?>
<?rfc comments="yes" ?>
<?rfc inline="yes" ?>

<rfc ipr="trust200902" category="info" docName='draft-ietf-acme-email-tls-05'>
  <front>
    <title abbrev="ACME for email TLS services">
      Extensions to Automatic Certificate Management Environment for email TLS
    </title>
    <author initials="A." surname="Melnikov" fullname="Alexey Melnikov">
      <organization>Isode Ltd</organization>
      <address>
	<postal>
	  <street>14 Castle Mews</street>
	  <city>Hampton</city>
	  <region>Middlesex</region>
	  <code>TW12 2NP</code>
	  <country>UK</country>
	</postal>
	<email>Alexey.Melnikov@isode.com</email>
      </address>
    </author>
      
    <date year="2018" />
    
    <keyword>ACME</keyword>
    <keyword>IMAP</keyword>
    <keyword>SMTP</keyword>
    <keyword>POP3</keyword>

    <abstract>

    <t>
    This document specifies identifiers and challenges required to enable
    the Automated Certificate Management Environment (ACME) to issue
    certificates for use by TLS email services.
    </t>
	
    </abstract>
    
  </front>
  <middle>

    <section title="Introduction">

        <t>
        <xref target="I-D.ietf-acme-acme"/> is a mechanism for automating certificate
        management on the Internet.  It enables administrative entities to
        prove effective control over resources like domain names, and
        automates the process of generating and issuing certificates.
        </t>
      
        <t>
        This document describes extensions to ACME for use by email services.
        <xref target="tls"/> defines extensions for how email services
        (such as SMTP, IMAP and POP3) can get certificates for use with TLS.
        </t>

      <!--
        <t>
        </t>
        -->
      
    </section>
    
    <section title="Conventions Used in This Document">
      
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
	    this document are to be interpreted as described in
	    <xref target="RFC2119"/>.</t>

    </section>

    
    <section title="Use of ACME for use by TLS-protected SMTP, IMAP and POP3 services" anchor="tls">

      <t>SMTP <xref target="RFC5321"/> (including SMTP Submission <xref target="RFC6409"/>), IMAP <xref target="RFC3501"/> and
      POP3 <xref target="RFC2449"/> servers
      use TLS <xref target="RFC5246"/><!--TLS 1.2--> to provide server identity authentication, data confidentiality and integrity services.
      Such TLS protected email services either use STARTTLS command or run on a separate TLS-protected port
      <xref target="RFC8314"/>.
      </t>
      
      <t>
      <xref target="I-D.ietf-acme-acme"/> defines several challenge types that can be extended for use by email services.
      This document also defines some new challenge types specific to SMTP, IMAP and POP3.
      </t>

      <t>In order to use these challenges JWS <xref target="RFC7515"/> object used by <xref target="I-D.ietf-acme-acme"/>
      is extended. The following extra requirements are in addition to requirements on JWS objects sent in ACME
      defined in Section 6.2 of <xref target="I-D.ietf-acme-acme"/>:

        <list style='numbers'>

          <t>
          "service" JWS header parameter MUST be included. See <xref target="service"/> for more details.
          </t>

          <t>
          "port" JWS header parameter SHOULD be included. See <xref target="port"/> for more details.
          If this JWS header parameter is not included, the default assigned IANA port for the corresponding
          "service" is assumed.
          </t>

        </list>

      </t>
      
      <figure title="Figure 1">
          <preamble>
   For example, if the ACME client were to respond to the "dns-email-00" challenge,
   it would send the following request:
          </preamble>
<artwork><![CDATA[
   POST /acme/authz/asdf/0 HTTP/1.1
   Host: example.com
   Content-Type: application/jose+json

   {
     "protected": base64url({
       "alg": "ES256",
       "kid": "https://example.com/acme/acct/1",
       "nonce": "Q_s3MWoqT05TrdkM2MTDcw",
       "url": "https://example.com/acme/authz/asdf/0"
     }),
     "payload": base64url({
       "type": "dns-email-00",
       "service": "smtp",
       "port": 25,
       "keyAuthorization": "IlirfxKKXA...vb29HhjjLPSggQiE"
     }),
     "signature": "7cbg5JO1Gf5YLjjF...SpkUfcdPai9uVYYU"
   }
]]></artwork>
      <postamble></postamble>
      </figure>
      

      <section title='"service" field in JSON payload' anchor="service">

        <t>The "service" field in JSON payload specifies the service for which TLS server certificate should be issued.
        Valid values come from "Service Names and Transport Protocol Port Numbers" IANA registry
        &lt;https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml&gt;.
        </t>
        
        <t>
        ACME servers compliant with this specification MUST support <xref target="RFC7817"/> (in particular see Section 4 of that document).
        </t>

        <t>[[This parameter might have applicability beyond email services.]]</t>

      </section>
      
      <section title='"port" field in JSON payload' anchor="port">

        <t>The "port" field in JSON payload specifies the TCP port number where the corresponding
        service is running. ACME server MAY check that the TCP port corresponds to the requested
        "service", for example that the port is the assigned default IANA port for the service.
        <!--////Alexey: Some services can allow non default ports, e.g. 389, 19389, 29389 for LDAP.-->
        </t>

        <t>[[This parameter might have applicability beyond email services.]]</t>
        
      </section>
      
      <section title="DNS challenge for email services">

        <t>"dns-email-00" is very similar to "dns-01" defined in Section 8.4 of <xref target="I-D.ietf-acme-acme"/>.</t>

        <t>The difference between processing of "dns-email-00" and "dns-01" are listed below:

          <list style='numbers'>

            <t>
            The TXT record used to validate this challenge is _&lt;port&gt;._&lt;service&gt;._acme-challenge.&lt;domain&gt;.
            For example, for domain "example.com" and IMAPS service running on port 993, the TXT record name is
            _993._imaps._acme-challenge.example.com. For domain "example.net" and IMAP service running on port 143,
            the TXT record name is _143._imap._acme-challenge.example.next.
            </t>

            <!--This is true automatically, because service name and port number are included in the "payload" field,
            which is covered by the signature.
            <t>
            [[Make sure that both service name and port number are incorporated into the hash]]
            </t>
            -->

          </list>

        </t>

      </section>

      <section title="CAPABILITY challenge for email services">

        <t>For "capability-smtp-00" challenge, ACME client (== SMTP server)
        constructs a key authorization from the "token" value provided in the challenge
        and the client's account key.  The client then computes the SHA-256
        digest <xref target="FIPS180-4"/> of the key authorization. SMTP server than
        returns the base64url encoding of this digest as a value of the "ACME" EHLO capability. For example:
        </t>

        <figure title="Figure 2">
          <preamble>
          </preamble>
<artwork><![CDATA[
250-smtp.example.com
250-SIZE
250-8BITMIME
250-BINARYMIME
250-PIPELINING
250-HELP
250-DSN
250-CHUNKING
250-AUTH SCRAM-SHA-1
250-AUTH=SCRAM-SHA-1
250-STARTTLS
250-ACME gfj9Xq...Rg85nM
250-MT-PRIORITY
250 ENHANCEDSTATUSCODES
]]></artwork>
          <postamble>
          Note that in the above example only presence of the ACME <!--the challenge is not secret, right? and possibly STARTTLS-->
          is relevant as far as this document is concerned.
          </postamble>
        </figure>

        <t>The ACME SMTP extension is formerly defined in <xref target="smtp-acme-reg"/>.</t>

        <t>Similarly, "capability-imap-00" challenge, ACME client (== IMAP server)
        constructs a key authorization from the "token" value provided in the challenge
        and the client's account key.  The client then computes the SHA-256
        digest <xref target="FIPS180-4"/> of the key authorization. IMAP server than
        returns the base64url encoding of this digest as a value of the "ACME" capability:
        </t>

        <figure title="Figure 3">
          <preamble>
          </preamble>
<artwork><![CDATA[
* OK [CAPABILITY IMAP4rev1 LOGINDISABLED LITERAL+ ENABLE STARTTLS ACME=gfj9Xq...Rg85nM] Example IMAP4rev1 server ready

 or

* CAPABILITY IMAP4rev1 LOGINDISABLED LITERAL+ ENABLE STARTTLS ACME=gfj9Xq...Rg85nM
]]></artwork>
          <postamble>
            Note that in the above example only presence of the ACME <!--the challenge is not secret, right? and possibly STARTTLS-->
            capability token is relevant as far as this document is concerned.
          </postamble>
        </figure>

        <t>Similarly, "capability-pop-00" challenge, ACME client (== POP3 server)
        constructs a key authorization from the "token" value provided in the challenge
        and the client's account key.  The client then computes the SHA-256
        digest <xref target="FIPS180-4"/> of the key authorization. POP3 server than
        returns the base64url encoding of this digest as a value of the "ACME" capability
        in response to CAPA command <xref target="RFC2449"/>:
        </t>

        <figure title="Figure 3">
          <preamble>
          </preamble>
<artwork><![CDATA[
C: CAPA
S: +OK Capability list follows
S: TOP
S: SASL CRAM-MD5 KERBEROS_V4
S: UIDL
S: ACME gfj9Xq...Rg85nM             
S: IMPLEMENTATION Shlemazle-Plotz-v915
S: .
]]></artwork>
          <postamble>
            Note that in the above example only presence of the ACME <!--the challenge is not secret, right? and possibly STARTTLS-->
            capability token is relevant as far as this document is concerned.
          </postamble>
        </figure>

        <section title="Registration of the ACME SMTP extension" anchor="smtp-acme-reg">
          <t>
            The ACME SMTP service extension is defined as follows:

            <list style="numbers">

              <t>The textual name of this extension is "ACME for SMTP".</t>

              <t>
                The EHLO keyword value associated with this extension is "ACME".
              </t>

              <t>
                The EHLO keyword has a single required parameter which is a base64url encoded SHA-256 hash, which is 44 octets in length.
              </t>

              <t>
                This extension doesn't define any new SMTP verbs.
              </t>

              <t>
                This extension doesn't add any new parameters to
                MAIL FROM or RCPT TO commands.
              </t>

              <t>
                The ACME extension is valid for the submission service
                <xref target="RFC6409"/> (default port number 587) or its version running directly over TLS
                <xref target="RFC8314"/> ("submissions" service, default port number 465)
                <!--See the open issue about LMTP below: and LMTP <xref target="RFC2033"/>-->.
              </t>

            </list>
          </t>

        </section>

      </section>
    
    </section>

    <section title="Open Issues">

      <t>
        [[This section should be empty before publication]]
        
        <list style='numbers'>

          <t>Should the same certificate be allowed to be used on both IMAP (143) and IMAPS (993) ports?
          (These ports have different service names associated with them.
          Is 1 service/port per ACME certificate a restriction imposed by this document?)
          Maybe if the ACME server sees a request for port 143 (or 993), it can include SRV-ID for the
          other port, if it can verify that both are running? (How can this be done reliably?)
          Many email servers don't allow different certificates
          to be configured for different ports they are listening on.
        
          The cleanest way is to change "service" to "services", change "port" to "ports" and make both of them arrays.</t>
          
          <t>Add support for LMTP (RFC 2033)? <!--////Alexey: There is no specific port assigned and "lmtp"
          is not registered as a service name!
          Just register at least the service name in this document?
          -->
            </t>

          <!--
          <t>
          </t>
          -->

          <!--
          <t>
          One possible alternative for issuing TLS certificates for email services is to define
          a new Identifier Type that specifies service@domain.
          The current version of the document just reuses "dns".
          </t>
          -->

        </list>
      </t>

    </section>
    
      
    <section title="IANA Considerations">

      <t>
        IANA is requested to register the following ACME challenge types that are used with Identifier Type "dns":
        "dns-email", "capability-smtp", "capability-imap" and "capability-pop". The reference for all of them is this document.
      </t>
    
    </section>

    <section title="Security Considerations" anchor="seccons">

      <t>Security Considerations from <xref target="I-D.ietf-acme-acme"/> relevant to the DNS challenge type are also relevant to "dns-email".</t>

      <!--////What about SMTP/IMAP mechanism? <t></t>-->

    </section>
    
  </middle>
  <back>
    <references title="Normative References">
      <?rfc include="reference.RFC.2119"?> <!-- Keywords -->
      <?rfc include="reference.RFC.5246"?> <!-- TLS 1.2 -->
      <?rfc include="reference.RFC.5321"?> <!-- SMTP -->
      <?rfc include="reference.RFC.6409"?> <!-- SMTP Submission -->
      <?rfc include="reference.RFC.3501"?> <!-- IMAP -->
      <?rfc include="reference.RFC.2449"?> <!-- POP3 Extension Mechanism -->
      <?rfc include="reference.RFC.7515"?> <!-- JSON Web Signature (JWS) -->
      <?rfc include="reference.RFC.6125"?> <!-- TLS Server Identity Verification -->
      <?rfc include="reference.RFC.7817"?> <!-- Updated TLS Server Identity Check Procedure for Email-Related Protocols -->
      <?rfc include="reference.RFC.8314"?> <!-- Submissions service, etc -->

      <reference anchor="I-D.ietf-acme-acme">
<front>
<title>
Automatic Certificate Management Environment (ACME)
</title>
<author initials="R" surname="Barnes" fullname="Richard Barnes">
<organization/>
</author>
<author initials="J" surname="Hoffman-Andrews" fullname="Jacob Hoffman-Andrews">
<organization/>
</author>
<author initials="D" surname="McCarney" fullname="Daniel McCarney">
<organization/>
</author>
<author initials="J" surname="Kasten" fullname="James Kasten">
<organization/>
</author>
<date month="April" day="24" year="2018"/>
<abstract>
<t>
Certificates in PKI using X.509 (PKIX) are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certificate authorities in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. Today, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a certification authority (CA) and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-acme-acme-12"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-ietf-acme-acme-12.txt"/>
</reference>

      <reference anchor="FIPS180-4" target="https://csrc.nist.gov/publications/detail/fips/180/4/final">
        <front>
          <title>Secure Hash Standard (SHS)</title>
          <author>
            <organization>National Institute of Standards and Technology</organization>
          </author>
          <date month="August" year="2015"/>
        </front>
        <seriesInfo name="FIPS" value="PUB 180-4"/>
      </reference>

    </references>

<!--    
    <references title="Informative References">
    </references>
-->

<!--
    <section title="Acknowledgements">
	
      <t>Thank you to Steve Kille and David Wilson for suggestions, comments and corrections on this document.</t>

      <t>David Wilson came up with the idea of defining a new Content-Type header field parameter to distinguish
      forwarded messages from inner header field protection constructs.</t>
      
    </section>
-->    
    
  </back>
</rfc>
