rfc3207.txt

来自「RFC 的详细文档！」· 文本 代码 · 共 508 行 · 第 1/2 页

Network Working Group                                         P. Hoffman
Request for Comments: 3207                      Internet Mail Consortium
Obsoletes: 2487                                            February 2002
Category: Standards Track


                      SMTP Service Extension for
               Secure SMTP over Transport Layer Security

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2002).  All Rights Reserved.

Abstract

   This document describes an extension to the SMTP (Simple Mail
   Transfer Protocol) service that allows an SMTP server and client to
   use TLS (Transport Layer Security) to provide private, authenticated
   communication over the Internet.  This gives SMTP agents the ability
   to protect some or all of their communications from eavesdroppers and
   attackers.

1. Introduction

   SMTP [RFC2821] servers and clients normally communicate in the clear
   over the Internet.  In many cases, this communication goes through
   one or more router that is not controlled or trusted by either
   entity.  Such an untrusted router might allow a third party to
   monitor or alter the communications between the server and client.

   Further, there is often a desire for two SMTP agents to be able to
   authenticate each others' identities.  For example, a secure SMTP
   server might only allow communications from other SMTP agents it
   knows, or it might act differently for messages received from an
   agent it knows than from one it doesn't know.








Hoffman                     Standards Track                     [Page 1]

RFC 3207     SMTP Service Extension - Secure SMTP over TLS February 2002


   TLS [TLS], more commonly known as SSL, is a popular mechanism for
   enhancing TCP communications with privacy and authentication.  TLS is
   in wide use with the HTTP protocol, and is also being used for adding
   security to many other common protocols that run over TCP.

   This document obsoletes RFC 2487.

1.1 Terminology

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].

2. STARTTLS Extension

   The STARTTLS extension to SMTP is laid out as follows:

   (1) the name of the SMTP service defined here is STARTTLS;

   (2) the EHLO keyword value associated with the extension is STARTTLS;

   (3) the STARTTLS keyword has no parameters;

   (4) a new SMTP verb, "STARTTLS", is defined;

   (5) no additional parameters are added to any SMTP command.

3. The STARTTLS Keyword

   The STARTTLS keyword is used to tell the SMTP client that the SMTP
   server is currently able to negotiate the use of TLS.  It takes no
   parameters.

4. The STARTTLS Command

   The format for the STARTTLS command is:

   STARTTLS

   with no parameters.

   After the client gives the STARTTLS command, the server responds with
   one of the following reply codes:

   220 Ready to start TLS
   501 Syntax error (no parameters allowed)
   454 TLS not available due to temporary reason




Hoffman                     Standards Track                     [Page 2]

RFC 3207     SMTP Service Extension - Secure SMTP over TLS February 2002


   If the client receives the 454 response, the client must decide
   whether or not to continue the SMTP session.  Such a decision is
   based on local policy.  For instance, if TLS was being used for
   client authentication, the client might try to continue the session,
   in case the server allows it even with no authentication.  However,
   if TLS was being negotiated for encryption, a client that gets a 454
   response needs to decide whether to send the message anyway with no
   TLS encryption, whether to wait and try again later, or whether to
   give up and notify the sender of the error.

   A publicly-referenced SMTP server MUST NOT require use of the
   STARTTLS extension in order to deliver mail locally.  This rule
   prevents the STARTTLS extension from damaging the interoperability of
   the Internet's SMTP infrastructure.  A publicly-referenced SMTP
   server is an SMTP server which runs on port 25 of an Internet host
   listed in the MX record (or A record if an MX record is not present)
   for the domain name on the right hand side of an Internet mail
   address.

   Any SMTP server may refuse to accept messages for relay based on
   authentication supplied during the TLS negotiation.  An SMTP server
   that is not publicly referenced may refuse to accept any messages for
   relay or local delivery based on authentication supplied during the
   TLS negotiation.

   A SMTP server that is not publicly referenced may choose to require
   that the client perform a TLS negotiation before accepting any
   commands.  In this case, the server SHOULD return the reply code:

   530 Must issue a STARTTLS command first

   to every command other than NOOP, EHLO, STARTTLS, or QUIT.  If the
   client and server are using the ENHANCEDSTATUSCODES ESMTP extension
   [RFC2034], the status code to be returned SHOULD be 5.7.0.

   After receiving a 220 response to a STARTTLS command, the client MUST
   start the TLS negotiation before giving any other SMTP commands.  If,
   after having issued the STARTTLS command, the client finds out that
   some failure prevents it from actually starting a TLS handshake, then
   it SHOULD abort the connection.

   If the SMTP client is using pipelining as defined in RFC 2920, the
   STARTTLS command must be the last command in a group.








Hoffman                     Standards Track                     [Page 3]

RFC 3207     SMTP Service Extension - Secure SMTP over TLS February 2002


4.1 Processing After the STARTTLS Command

   After the TLS handshake has been completed, both parties MUST
   immediately decide whether or not to continue based on the
   authentication and privacy achieved.  The SMTP client and server may
   decide to move ahead even if the TLS negotiation ended with no
   authentication and/or no privacy because most SMTP services are
   performed with no authentication and no privacy, but some SMTP
   clients or servers may want to continue only if a particular level of
   authentication and/or privacy was achieved.

   If the SMTP client decides that the level of authentication or
   privacy is not high enough for it to continue, it SHOULD issue an
   SMTP QUIT command immediately after the TLS negotiation is complete.
   If the SMTP server decides that the level of authentication or
   privacy is not high enough for it to continue, it SHOULD reply to
   every SMTP command from the client (other than a QUIT command) with
   the 554 reply code (with a possible text string such as "Command
   refused due to lack of security").

   The decision of whether or not to believe the authenticity of the
   other party in a TLS negotiation is a local matter.  However, some
   general rules for the decisions are:

   -  A SMTP client would probably only want to authenticate an SMTP
      server whose server certificate has a domain name that is the
      domain name that the client thought it was connecting to.
   -  A publicly-referenced  SMTP server would probably want to accept
      any verifiable certificate from an SMTP client, and would possibly
      want to put distinguishing information about the certificate in
      the Received header of messages that were relayed or submitted
      from the client.

4.2 Result of the STARTTLS Command

   Upon completion of the TLS handshake, the SMTP protocol is reset to
   the initial state (the state in SMTP after a server issues a 220
   service ready greeting).  The server MUST discard any knowledge
   obtained from the client, such as the argument to the EHLO command,
   which was not obtained from the TLS negotiation itself.  The client
   MUST discard any knowledge obtained from the server, such as the list
   of SMTP service extensions, which was not obtained from the TLS
   negotiation itself.  The client SHOULD send an EHLO command as the
   first command after a successful TLS negotiation.

   The list of SMTP service extensions returned in response to an EHLO
   command received after the TLS handshake MAY be different than the
   list returned before the TLS handshake.  For example, an SMTP server



Hoffman                     Standards Track                     [Page 4]

RFC 3207     SMTP Service Extension - Secure SMTP over TLS February 2002


   might not want to advertise support for a particular SASL mechanism
   [SASL] unless a client has sent an appropriate client certificate
   during a TLS handshake.

   Both the client and the server MUST know if there is a TLS session
   active.  A client MUST NOT attempt to start a TLS session if a TLS
   session is already active.  A server MUST NOT return the STARTTLS
   extension in response to an EHLO command received after a TLS
   handshake has completed.

4.3 STARTTLS on the Submission Port

   STARTTLS is a valid ESMTP extension when used on the Submission port,
   as defined in [RFC2476].  In fact, since the submission port is by
   definition not a publicly referenced SMTP server, the STARTTLS
   extension can be particularly useful by providing security and
   authentication for this service.

5. Usage Example

   The following dialog illustrates how a client and server can start a
   TLS session:

   S: <waits for connection on TCP port 25>