idnits 2.17.1 

draft-levine-additional-registered-clauses-02.txt:

  Checking boilerplate required by RFC 5378 and the IETF Trust (see
  https://trustee.ietf.org/license-info):
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt:
  ----------------------------------------------------------------------------

     No issues found here.

  Checking nits according to https://www.ietf.org/id-info/checklist :
  ----------------------------------------------------------------------------

  -- The draft header indicates that this document updates RFC5321, but the
     abstract doesn't seem to mention this, which it should.


  Miscellaneous warnings:
  ----------------------------------------------------------------------------

  == The copyright year in the IETF Trust and authors Copyright Line does not
     match the current year

     (Using the creation date from RFC5321, updated by this document, for
     RFC5378 checks: 2005-07-11)

  -- The document seems to lack a disclaimer for pre-RFC5378 work, but may
     have content which was first submitted before 10 November 2008.  If you
     have contacted all the original authors and they are all willing to grant
     the BCP78 rights to the IETF Trust, then this is fine, and you can ignore
     this comment.  If not, you may need to add the pre-RFC5378 disclaimer. 
     (See the Legal Provisions document at
     https://trustee.ietf.org/license-info for more information.)

  -- The document date (January 26, 2019) is 1907 days in the past.  Is this
     intentional?


  Checking references for intended status: Proposed Standard
  ----------------------------------------------------------------------------

     (See RFCs 3967 and 4897 for information about using normative references
     to lower-maturity documents in RFCs)

  == Missing Reference: 'RFC7817' is mentioned on line 142, but not defined

  == Missing Reference: 'RFC8461' is mentioned on line 147, but not defined


     Summary: 0 errors (**), 0 flaws (~~), 3 warnings (==), 3 comments (--).

     Run idnits with the --verbose option for more detailed information about
     the items above.
--------------------------------------------------------------------------------


2	Network Working Group                                          J. Levine
3	Internet-Draft                                      Taughannock Networks
4	Updates: 5321 (if approved)                             January 26, 2019
5	Intended status: Standards Track
6	Expires: July 30, 2019

8	    Update to Additional Registered Clauses in SMTP Received Headers
9	             draft-levine-additional-registered-clauses-02

11	Abstract

13	   SMTP servers add Received: trace headers to mail messages to track
14	   their progress This document updates the registration criteria for
15	   Additional Registered Clauses in those headers to Expert Review, and
16	   adds a new clause for Server Name Indication (SNI).

18	Status of This Memo

20	   This Internet-Draft is submitted in full conformance with the
21	   provisions of BCP 78 and BCP 79.

23	   Internet-Drafts are working documents of the Internet Engineering
24	   Task Force (IETF).  Note that other groups may also distribute
25	   working documents as Internet-Drafts.  The list of current Internet-
26	   Drafts is at https://datatracker.ietf.org/drafts/current/.

28	   Internet-Drafts are draft documents valid for a maximum of six months
29	   and may be updated, replaced, or obsoleted by other documents at any
30	   time.  It is inappropriate to use Internet-Drafts as reference
31	   material or to cite them other than as "work in progress."

33	   This Internet-Draft will expire on July 30, 2019.

35	Copyright Notice

37	   Copyright (c) 2019 IETF Trust and the persons identified as the
38	   document authors.  All rights reserved.

40	   This document is subject to BCP 78 and the IETF Trust's Legal
41	   Provisions Relating to IETF Documents
42	   (https://trustee.ietf.org/license-info) in effect on the date of
43	   publication of this document.  Please review these documents
44	   carefully, as they describe your rights and restrictions with respect
45	   to this document.  Code Components extracted from this document must
46	   include Simplified BSD License text as described in Section 4.e of
47	   the Trust Legal Provisions and are provided without warranty as
48	   described in the Simplified BSD License.

50	Table of Contents

52	   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . .   2
53	   2.  The Server Name Indication clause . . . . . . . . . . . . . .   2
54	   3.  IANA Considerations . . . . . . . . . . . . . . . . . . . . .   3
55	     3.1.  Guidance for Designated Expert  . . . . . . . . . . . . .   3
56	   4.  Security Considerations . . . . . . . . . . . . . . . . . . .   3
57	   5.  References  . . . . . . . . . . . . . . . . . . . . . . . . .   3
58	     5.1.  Normative References  . . . . . . . . . . . . . . . . . .   3
59	     5.2.  Uninformative References  . . . . . . . . . . . . . . . .   4
60	   Appendix A.  Change history . . . . . . . . . . . . . . . . . . .   4
61	   Author's Address  . . . . . . . . . . . . . . . . . . . . . . . .   4

63	1.  Introduction

65	   SMTP servers add Received: trace headers to mail messages to track
66	   their progress.  The syntax of those headers is defined in [RFC5321].
67	   Each header can include optional Additional Registered Clauses that
68	   log information related to optional SMTP features.

70	   This document updates the registration criteria for Additional
71	   Registered Clauses in those headers to Expert Review, and adds a new
72	   clause for Server Name Indication (SNI).  The headers can include
73	   Additional Registered Clauses that add information about optional
74	   SMTP features.

76	2.  The Server Name Indication clause

78	   Server Name Indication or SNI [RFC6066] is an optional TLS feature
79	   that a TLS client can use to advise a server the name it expects the
80	   server to have.  When used in the initial negotiation for a STARTTLS
81	   [RFC3207] session it enables the server to use a certificate with the
82	   identity that the client expects, as is recommended in [RFC7817] and
83	   is required for SMTP MTA-STS [RFC8461].  When a client presents a
84	   name using SNI, the server can log the name using the "sni"
85	   additional-registered-clause.

87	   IANA is requested to add one new entry to the additional-registered-
88	   clauses registry:

90	      "sni" - indicates the Server Name Indication was used.

92	      "name" - the name provided by SNI.  It has the syntax of a Domain
93	      Name.

95	3.  IANA Considerations

97	   IANA is requested to update the Registration Procedure for the
98	   Additional-registered-clauses registry to Expert Review.  The IESG
99	   will appoint the expert(s).

101	3.1.  Guidance for Designated Expert

103	   The Designated Expert is expected to check that a proposed
104	   Additional-registered-clause has a specification that is stable and
105	   detailed enough to implement the clause and interoperate.  The Expert
106	   should ensure that the clause name is reasonably related to the
107	   information it represents, that the contents of the clause are well-
108	   defined, and that any external references it depends on, e.g., a
109	   vocabulary of keywords, are stable and well-defined.

111	4.  Security Considerations

113	   E-mail is subject to a vast range of threats and abuses.  In a few
114	   circumstances, a new Additional-registered-clause might disclose
115	   information to a recipient that was otherwise unavailable.  On the
116	   other hand, better logging usually makes it easier to diagnose
117	   failures and attacks.

119	   If the SNI information in a STARTTLS negotiation is logged, it may
120	   make it easier to determine the recipient(s) of the message if they
121	   are not already logged in trace headers.

123	5.  References

125	5.1.  Normative References

127	   [RFC3207]  Hoffman, P., "SMTP Service Extension for Secure SMTP over
128	              Transport Layer Security", RFC 3207, DOI 10.17487/RFC3207,
129	              February 2002, <https://www.rfc-editor.org/info/rfc3207>.

131	   [RFC5321]  Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
132	              DOI 10.17487/RFC5321, October 2008,
133	              <https://www.rfc-editor.org/info/rfc5321>.

135	   [RFC6066]  Eastlake 3rd, D., "Transport Layer Security (TLS)
136	              Extensions: Extension Definitions", RFC 6066,
137	              DOI 10.17487/RFC6066, January 2011,
138	              <https://www.rfc-editor.org/info/rfc6066>.

140	5.2.  Uninformative References

142	   [RFC7817]  Melnikov, A., "Updated Transport Layer Security (TLS)
143	              Server Identity Check Procedure for Email-Related
144	              Protocols", RFC 7817, DOI 10.17487/RFC7817, March 2016,
145	              <https://www.rfc-editor.org/info/rfc7817>.

147	   [RFC8461]  Margolis, D., Risher, M., Ramakrishnan, B., Brotman, A.,
148	              and J. Jones, "SMTP MTA Strict Transport Security (MTA-
149	              STS)", RFC 8461, DOI 10.17487/RFC8461, September 2018,
150	              <https://www.rfc-editor.org/info/rfc8461>.

152	Appendix A.  Change history

154	   02 to 02  Take out ESNI clause to prevent downref.

156	   00 to 01  Add new ESNI clause.  Fix many typos.

158	   00 New draft

160	Author's Address

162	   John Levine
163	   Taughannock Networks
164	   PO Box 727
165	   Trumansburg, NY  14886

167	   Phone: +1 831 480 2300
168	   Email: standards@taugh.com
169	   URI:   http://jl.ly