Browse Prior Art Database

SMTP Service Extension for Secure SMTP over Transport Layer Security (RFC3207)

IP.com Disclosure Number: IPCOM000006949D
Original Publication Date: 2002-Feb-01
Included in the Prior Art Database: 2002-Feb-12
Document File: 10 page(s) / 19K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

P. Hoffman: AUTHOR

Abstract

This document describes an extension to the SMTP (Simple Mail Transfer Protocol) service that allows an SMTP server and client to use TLS (Transport Layer Security) to provide private, authenticated communication over the Internet. This gives SMTP agents the ability to protect some or all of their communications from eavesdroppers and attackers.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 18% of the total text.

Network Working Group                                         P. Hoffman

Request for Comments: 3207                      Internet Mail Consortium

Obsoletes: 2487                                            February 2002

Category: Standards Track

                      SMTP Service Extension for

               Secure SMTP over Transport Layer Security

Status of this Memo

   This document specifies an Internet standards track protocol for the

   Internet community, and requests discussion and suggestions for

   improvements.  Please refer to the current edition of the "Internet

   Official Protocol Standards" (STD 1) for the standardization state

   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document describes an extension to the SMTP (Simple Mail

   Transfer Protocol) service that allows an SMTP server and client to

   use TLS (Transport Layer Security) to provide private, authenticated

   communication over the Internet.  This gives SMTP agents the ability

   to protect some or all of their communications from eavesdroppers and

   attackers.

1. Introduction

   SMTP [RFC2821] servers and clients normally communicate in the clear

   over the Internet.  In many cases, this communication goes through

   one or more router that is not controlled or trusted by either

   entity.  Such an untrusted router might allow a third party to

   monitor or alter the communications between the server and client.

   Further, there is often a desire for two SMTP agents to be able to

   authenticate each others' identities.  For example, a secure SMTP

   server might only allow communications from other SMTP agents it

   knows, or it might act differently for messages received from an

   agent it knows than from one it doesn't know.

Hoffman                     Standards Track                     [Page 1]

RFC 3207     SMTP Service Extension - Secure SMTP over TLS February 2002

   TLS [TLS], more commonly known as SSL, is a popular mechanism for

   enhancing TCP communications with privacy and authentication.  TLS is

   in wide use with the HTTP protocol, and is also being used for adding

   security to many other common protocols that run over TCP.

   This document obsoletes RFC 2487.

1.1 Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",

   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this

   document are to be interpreted as described in [RFC2119].

2. STARTTLS Extension

   The STARTTLS extension to SMTP is laid out as follows:

   (1) the name of the SMTP service defined here is STARTTLS;

   (2) the EHLO keyword value associated with the extension is STARTTLS;

   (3) the STARTTLS keyword has no parameters;

   (4) a new SMTP verb, "STARTTLS", is defined;

   (5) no additional parameters are added to any SMTP command.

3. The STARTTLS Keyword

   The STARTTLS keyword is used to tell the SMTP client that the SMTP

   server is currently able to negotiate the use of TLS.  It takes no

   parameters.

4. The STARTTLS Command

   The format for the STARTTLS command is:

   STARTTLS

   with no parameters.

   After the client gives the STARTTLS command, the server responds with

   one of the following reply codes:

   220 Ready...