Difference between revisions of "RFC6186"
| Line 20: | Line 20: | ||
received public review and has been approved for publication by the | received public review and has been approved for publication by the | ||
Internet Engineering Steering Group (IESG). Further information on | Internet Engineering Steering Group (IESG). Further information on | ||
| − | Internet Standards is available in Section 2 of RFC 5741. | + | Internet Standards is available in Section 2 of [[RFC5741|RFC 5741]]. |
Information about the current status of this document, any errata, | Information about the current status of this document, any errata, | ||
| Line 31: | Line 31: | ||
document authors. All rights reserved. | document authors. All rights reserved. | ||
| − | This document is subject to BCP 78 and the IETF Trust's Legal | + | This document is subject to [[BCP78|BCP 78]] and the IETF Trust's Legal |
Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | ||
(http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | ||
| Line 43: | Line 43: | ||
== Introduction == | == Introduction == | ||
| − | Internet email protocols include SMTP | + | Internet email protocols include SMTP [[RFC5321]], IMAP [[RFC3501]], and |
| − | POP3 | + | POP3 [[RFC1939]]. IMAP and POP3 are both message store access |
protocols used by message store user agents (MUAs) to manipulate | protocols used by message store user agents (MUAs) to manipulate | ||
| − | email messages after delivery. | + | email messages after delivery. [[RFC4409]] defines a "profile" of the |
SMTP service that is specifically used for message submission. MUAs | SMTP service that is specifically used for message submission. MUAs | ||
are expected to submit messages to mail submission agents (MSAs) | are expected to submit messages to mail submission agents (MSAs) | ||
using this approach. | using this approach. | ||
| − | + | [[RFC2782]] defines a DNS-based service discovery protocol that has | |
been widely adopted as a means of locating particular services within | been widely adopted as a means of locating particular services within | ||
a local area network and beyond, using DNS SRV resource records | a local area network and beyond, using DNS SRV resource records | ||
(RRs). | (RRs). | ||
| − | + | [[RFC5321]] specifies how to use DNS MX RRs to locate SMTP services for | |
a domain. However, MUAs are expected to use the submission protocol | a domain. However, MUAs are expected to use the submission protocol | ||
| − | defined in | + | defined in [[RFC4409]], which does not use MX records. |
Typically MUAs have required users to enter a fully qualified domain | Typically MUAs have required users to enter a fully qualified domain | ||
| Line 82: | Line 82: | ||
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | ||
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | ||
| − | document are to be interpreted as described in | + | document are to be interpreted as described in [[RFC2119]]. |
| − | Email-related terminology from | + | Email-related terminology from [[RFC5598]] is used. |
== SRV Service Labels == | == SRV Service Labels == | ||
| Line 91: | Line 91: | ||
This specification adds one SRV service label for message submission | This specification adds one SRV service label for message submission | ||
| − | + | [[RFC4409]]: | |
| − | submission: Identifies an MSA using | + | submission: Identifies an MSA using [[RFC4409]]. Note that this |
covers connections both with and without Transport Layer Security | covers connections both with and without Transport Layer Security | ||
| − | (TLS) | + | (TLS) [[RFC5246]] as defined for SMTP in [[RFC3207]]. |
Example: service record | Example: service record | ||
| Line 103: | Line 103: | ||
=== IMAP === | === IMAP === | ||
| − | This specification adds two SRV service labels for IMAP | + | This specification adds two SRV service labels for IMAP [[RFC3501]]: |
_imap: Identifies an IMAP server that MAY advertise the | _imap: Identifies an IMAP server that MAY advertise the | ||
| Line 111: | Line 111: | ||
servers, they are not mandatory-to-use by service providers. | servers, they are not mandatory-to-use by service providers. | ||
| − | _imaps: Identifies an IMAP server where TLS | + | _imaps: Identifies an IMAP server where TLS [[RFC5246]] is initiated |
directly upon connection to the IMAP server. | directly upon connection to the IMAP server. | ||
| Line 124: | Line 124: | ||
=== POP3 === | === POP3 === | ||
| − | This specification adds two SRV service labels for POP3 | + | This specification adds two SRV service labels for POP3 [[RFC1939]]: |
_pop3: Identifies a POP3 server that MAY require the MUA to use the | _pop3: Identifies a POP3 server that MAY require the MUA to use the | ||
| − | "STLS" extension command | + | "STLS" extension command [[RFC2595]] prior to authentication. |
| − | _pop3s: Identifies a POP3 server where TLS | + | _pop3s: Identifies a POP3 server where TLS [[RFC5246]] is initiated |
directly upon connection to the POP3 server. | directly upon connection to the POP3 server. | ||
| Line 167: | Line 167: | ||
intends to use, then perform the weight selection algorithm given in | intends to use, then perform the weight selection algorithm given in | ||
| − | + | [[RFC2782]] on the records associated with the selected protocol. | |
Example: service records for both IMAP and POP3, with IMAP having a | Example: service records for both IMAP and POP3, with IMAP having a | ||
| Line 200: | Line 200: | ||
By using SRV records as above, MUAs need initially only to prompt the | By using SRV records as above, MUAs need initially only to prompt the | ||
| − | user for their email address | + | user for their email address [[RFC5322]]. The "local-part" and |
"domain" portions are then extracted from the email address by the | "domain" portions are then extracted from the email address by the | ||
MUA. The MUA uses the "domain" portion as the service domain to | MUA. The MUA uses the "domain" portion as the service domain to | ||
| Line 210: | Line 210: | ||
In the case of multiple SRV records returned for a particular | In the case of multiple SRV records returned for a particular | ||
service, the MUA MUST use the priority and weight fields in the | service, the MUA MUST use the priority and weight fields in the | ||
| − | record to determine which one to use (as per | + | record to determine which one to use (as per [[RFC2782]]). |
MUAs that support both POP3 and IMAP use the procedure in Section 3.4 | MUAs that support both POP3 and IMAP use the procedure in Section 3.4 | ||
| Line 216: | Line 216: | ||
Subsequent to configuration, the MUA will connect to the service. | Subsequent to configuration, the MUA will connect to the service. | ||
| − | When using "imaps" or "pop3s" services, a TLS | + | When using "imaps" or "pop3s" services, a TLS [[RFC5246]] negotiation |
is done immediately upon connection. With "imap", "pop3", and | is done immediately upon connection. With "imap", "pop3", and | ||
"submission" services, the "STARTTLS", "STLS", and "STARTTLS" | "submission" services, the "STARTTLS", "STLS", and "STARTTLS" | ||
commands respectively are used to initiate a protected connection | commands respectively are used to initiate a protected connection | ||
| − | using TLS | + | using TLS [[RFC5246]]. When using TLS in this way, MUAs SHOULD use the |
| − | TLS Server Name Indication | + | TLS Server Name Indication [[RFC6066]]. Certificate verification MUST |
| − | use the procedure outlined in Section 6 of | + | use the procedure outlined in Section 6 of [[RFC6125]] in regard to |
verification with an SRV RR as the starting point. | verification with an SRV RR as the starting point. | ||
| Line 263: | Line 263: | ||
MUST NOT conflict with any login name on the server. | MUST NOT conflict with any login name on the server. | ||
| − | b. If the service provider uses TLS | + | b. If the service provider uses TLS [[RFC5246]], the service provider |
MUST ensure a certificate is installed that can be verified by | MUST ensure a certificate is installed that can be verified by | ||
| − | MUAs using the procedure outlined in Section 6 of | + | MUAs using the procedure outlined in Section 6 of [[RFC6125]] in |
regard to verification with an SRV RR as the starting point. If | regard to verification with an SRV RR as the starting point. If | ||
the service provider hosts multiple domains on the same IP | the service provider hosts multiple domains on the same IP | ||
address, then the service provider MUST enable support for the | address, then the service provider MUST enable support for the | ||
| − | TLS Server Name Indication | + | TLS Server Name Indication [[RFC6066]]. |
c. Install the appropriate SRV records for the offered services. | c. Install the appropriate SRV records for the offered services. | ||
| Line 292: | Line 292: | ||
in the queried domain, MUAs SHOULD verify with the user that the SRV | in the queried domain, MUAs SHOULD verify with the user that the SRV | ||
target FQDN is suitable for use before executing any connections to | target FQDN is suitable for use before executing any connections to | ||
| − | the host. Alternatively, if TLS | + | the host. Alternatively, if TLS [[RFC5246]] is being used for the |
email service, MUAs MUST use the procedure outlined in Section 6 of | email service, MUAs MUST use the procedure outlined in Section 6 of | ||
| − | + | [[RFC6125]] to verify the service. | |
| − | Implementations of TLS | + | Implementations of TLS [[RFC5246]] typically support multiple versions |
of the protocol as well as the older Secure Sockets Layer (SSL) | of the protocol as well as the older Secure Sockets Layer (SSL) | ||
protocol. Because of known security vulnerabilities, email clients | protocol. Because of known security vulnerabilities, email clients | ||
and email servers MUST NOT request, offer, or use SSL 2.0. See | and email servers MUST NOT request, offer, or use SSL 2.0. See | ||
| − | Appendix E.2 of | + | Appendix E.2 of [[RFC5246]] for further details. |
== Acknowledgments == | == Acknowledgments == | ||
| Line 313: | Line 313: | ||
=== Normative References === | === Normative References === | ||
| − | + | [[RFC1939]] Myers, J. and M. Rose, "Post Office Protocol - Version 3", | |
| − | STD 53, RFC 1939, May 1996. | + | [[STD53|STD 53]], [[RFC1939|RFC 1939]], May 1996. |
| − | + | [[RFC2119]] Bradner, S., "Key words for use in RFCs to Indicate | |
| − | Requirement Levels", BCP 14, RFC 2119, March 1997. | + | Requirement Levels", [[BCP14|BCP 14]], [[RFC2119|RFC 2119]], March 1997. |
| − | + | [[RFC2595]] Newman, C., "Using TLS with IMAP, POP3 and ACAP", | |
| − | RFC 2595, June 1999. | + | [[RFC2595|RFC 2595]], June 1999. |
| − | + | [[RFC2782]] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for | |
| − | specifying the location of services (DNS SRV)", RFC 2782, | + | specifying the location of services (DNS SRV)", [[RFC2782|RFC 2782]], |
February 2000. | February 2000. | ||
| − | + | [[RFC3207]] Hoffman, P., "SMTP Service Extension for Secure SMTP over | |
| − | Transport Layer Security", RFC 3207, February 2002. | + | Transport Layer Security", [[RFC3207|RFC 3207]], February 2002. |
| − | + | [[RFC3501]] Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION | |
| − | 4rev1", RFC 3501, March 2003. | + | 4rev1", [[RFC3501|RFC 3501]], March 2003. |
| − | + | [[RFC4409]] Gellens, R. and J. Klensin, "Message Submission for Mail", | |
| − | RFC 4409, April 2006. | + | [[RFC4409|RFC 4409]], April 2006. |
| − | + | [[RFC5246]] Dierks, T. and E. Rescorla, "The Transport Layer Security | |
| − | (TLS) Protocol Version 1.2", RFC 5246, August 2008. | + | (TLS) Protocol Version 1.2", [[RFC5246|RFC 5246]], August 2008. |
| − | + | [[RFC5321]] Klensin, J., "Simple Mail Transfer Protocol", [[RFC5321|RFC 5321]], | |
October 2008. | October 2008. | ||
| − | + | [[RFC5322]] Resnick, P., Ed., "Internet Message Format", [[RFC5322|RFC 5322]], | |
October 2008. | October 2008. | ||
| − | + | [[RFC6066]] Eastlake, D., "Transport Layer Security (TLS) Extensions: | |
| − | Extension Definitions", RFC 6066, January 2011. | + | Extension Definitions", [[RFC6066|RFC 6066]], January 2011. |
| − | + | [[RFC6125]] Saint-Andre, P. and J. Hodges, "Representation and | |
Verification of Domain-Based Application Service Identity | Verification of Domain-Based Application Service Identity | ||
within Internet Public Key Infrastructure Using X.509 | within Internet Public Key Infrastructure Using X.509 | ||
(PKIX) Certificates in the Context of Transport Layer | (PKIX) Certificates in the Context of Transport Layer | ||
| − | Security (TLS)", RFC 6125, March 2011. | + | Security (TLS)", [[RFC6125|RFC 6125]], March 2011. |
=== Informative References === | === Informative References === | ||
| − | + | [[RFC5598]] Crocker, D., "Internet Mail Architecture", [[RFC5598|RFC 5598]], | |
July 2009. | July 2009. | ||
Latest revision as of 04:52, 22 October 2020
Internet Engineering Task Force (IETF) C. Daboo Request for Comments: 6186 Apple Inc. Updates: 1939, 3501 March 2011 Category: Standards Track ISSN: 2070-1721
Use of SRV Records for Locating Email Submission/Access Services
Abstract
This specification describes how SRV records can be used to locate email services.
Status of This Memo
This is an Internet Standards Track document.
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc6186.
Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
Contents
Introduction
Internet email protocols include SMTP RFC5321, IMAP RFC3501, and POP3 RFC1939. IMAP and POP3 are both message store access protocols used by message store user agents (MUAs) to manipulate email messages after delivery. RFC4409 defines a "profile" of the SMTP service that is specifically used for message submission. MUAs are expected to submit messages to mail submission agents (MSAs) using this approach.
RFC2782 defines a DNS-based service discovery protocol that has been widely adopted as a means of locating particular services within a local area network and beyond, using DNS SRV resource records (RRs).
RFC5321 specifies how to use DNS MX RRs to locate SMTP services for a domain. However, MUAs are expected to use the submission protocol defined in RFC4409, which does not use MX records.
Typically MUAs have required users to enter a fully qualified domain name (FQDN) and port information for the services they need. This is not ideal as the way in which server configuration information is specified can differ from MUA to MUA, and can be confusing to users, leading to errors when inputting the details. Alternatively, some MUAs have adopted a complex "auto-discovery" process involving probing a domain to see what services might be available. A better approach to all this would be to require minimal information to be entered by a user that would result in automatic configuration of appropriate services for that user. The minimal information entered would be the user's email address.
This specification defines new SRV service types for the message submission, IMAP, and POP3 services, to enable simple auto- configuration of MUAs. The priority field of the SRV record can also be used to indicate a preference for one message store access protocol over another.
Conventions Used in This Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC2119.
Email-related terminology from RFC5598 is used.
SRV Service Labels
Email Submission
This specification adds one SRV service label for message submission RFC4409:
submission: Identifies an MSA using RFC4409. Note that this
covers connections both with and without Transport Layer Security (TLS) RFC5246 as defined for SMTP in RFC3207.
Example: service record
_submission._tcp SRV 0 1 587 mail.example.com.
IMAP
This specification adds two SRV service labels for IMAP RFC3501:
_imap: Identifies an IMAP server that MAY advertise the
"LOGINDISABLED" capability and MAY require the MUA to use the "STARTTLS" command prior to authentication. Although these two extensions are mandatory-to-implement for both MUAs and IMAP servers, they are not mandatory-to-use by service providers.
_imaps: Identifies an IMAP server where TLS RFC5246 is initiated
directly upon connection to the IMAP server.
Example: service record
_imap._tcp SRV 0 1 143 imap.example.com.
Example: service record
_imaps._tcp SRV 0 1 993 imap.example.com.
POP3
This specification adds two SRV service labels for POP3 RFC1939:
_pop3: Identifies a POP3 server that MAY require the MUA to use the
"STLS" extension command RFC2595 prior to authentication.
_pop3s: Identifies a POP3 server where TLS RFC5246 is initiated
directly upon connection to the POP3 server.
Example: service record
_pop3._tcp SRV 0 1 110 pop3.example.com.
Example: service record
_pop3s._tcp SRV 0 1 995 pop3.example.com.
Priority for Domain Preferences
The priority field in the SRV RR allows a domain to indicate that some records have a higher preference than others in the DNS query results (determined by those records having a lower-numbered priority value). Typically, this is used for choosing a record from a set for a single service label; however, it is not restricted to choice within only one service.
Often a site will offer both IMAP and POP3 message store access services for users. However, the site may have a preference for one over the other that they want to convey to the user to ensure that, when the user has an MUA capable of using both IMAP and POP3, the preferred choice is used.
To aid with this choice, sites SHOULD offer both sets of IMAP (_imap and/or _imaps) and POP3 (_pop3 and/or _pop3s) SRV records in their DNS and set the priority for those sets of records such that the "preferred" service has a lower-numbered priority value than the other. When an MUA supports both IMAP and POP3, it SHOULD retrieve records for both services and then use the service with the lowest priority value. If the priority is the same for both services, MUAs are free to choose whichever one is appropriate. When considering multiple records for different protocols at the same priority but with different weights, the client MUST first select the protocol it
intends to use, then perform the weight selection algorithm given in RFC2782 on the records associated with the selected protocol.
Example: service records for both IMAP and POP3, with IMAP having a lower-numbered priority value (0) than POP3 (10), indicating to the MUA that IMAP is preferred over POP3, when the MUA can support either service.
_imap._tcp SRV 0 1 143 imap.example.com. _pop3._tcp SRV 10 1 110 pop3.example.com.
In addition, with SRV RRs it is possible to indicate that a particular service is not supported at all at a particular domain by setting the target of an SRV RR to ".". If such records are present, clients MUST assume that the specified service is not available, and instead make use of the other SRV RRs for the purposes of determining the domain preference.
Example: service records for IMAP and POP3 with both TLS and non-TLS service types are present. Both IMAP and POP3 non-TLS service types are marked as not available. IMAP (with TLS) has a lower-numbered priority value 0 than POP3 (with TLS) at priority 10, indicating to the MUA that IMAP is preferred over POP3, when the MUA can support either service, and only the TLS versions of the services are available.
_imap._tcp SRV 0 0 0 . _imaps._tcp SRV 0 1 993 imap.example.com. _pop3._tcp SRV 0 0 0 . _pop3s._tcp SRV 10 1 995 pop3.example.com.
Guidance for MUAs
By using SRV records as above, MUAs need initially only to prompt the user for their email address RFC5322. The "local-part" and "domain" portions are then extracted from the email address by the MUA. The MUA uses the "domain" portion as the service domain to perform SRV lookups for the services it wants to configure. If the SRV lookup is successful, the target FQDN and port for the service can be determined and used to complete MUA configuration. If an SRV record is not found, the MUA will need to prompt the user to enter the FQDN and port information directly, or use some other heuristic. In the case of multiple SRV records returned for a particular service, the MUA MUST use the priority and weight fields in the record to determine which one to use (as per RFC2782).
MUAs that support both POP3 and IMAP use the procedure in Section 3.4 to choose between each service when both are offered.
Subsequent to configuration, the MUA will connect to the service. When using "imaps" or "pop3s" services, a TLS RFC5246 negotiation is done immediately upon connection. With "imap", "pop3", and "submission" services, the "STARTTLS", "STLS", and "STARTTLS" commands respectively are used to initiate a protected connection using TLS RFC5246. When using TLS in this way, MUAs SHOULD use the TLS Server Name Indication RFC6066. Certificate verification MUST use the procedure outlined in Section 6 of RFC6125 in regard to verification with an SRV RR as the starting point.
Once a suitable connection has been made, and any required protection set up, the MUA will typically need to authenticate with the IMAP, POP3, or SMTP (submission) server. The details of that are governed by the specific protocols themselves, though often times a "user identifier" is required for some form of user/password authentication. When a user identifier is required, MUAs MUST first use the full email address provided by the user, and if that results in an authentication failure, SHOULD fall back to using the "local- part" extracted from the email address. This is in line with the guidance outlined in Section 5. If both these user identifiers result in authentication failure, the MUA SHOULD prompt the user for a valid identifier.
Once a successful connection and authentication have been done, MUAs SHOULD cache the service details (hostname, port, user identity) that were successfully used, and reuse those when connecting again at a later time.
If a subsequent connection attempt fails, or authentication fails, MUAs SHOULD re-try the SRV lookup to "refresh" the cached data for the same protocol the client had chosen earlier; i.e., this means that the client MUST NOT change from IMAP service to POP3 (or vice versa) due to changes in the corresponding SRV priorities without user interaction.
Guidance for Service Providers
Service providers wanting to offer IMAP, POP3, or SMTP (submission) services that can be configured by MUAs using SRV records need to follow certain guidelines to ensure proper operation.
a. IMAP, POP3, and SMTP (submission) servers SHOULD be configured to
allow authentication with email addresses or email local-parts. In the former case, the email addresses MUST NOT conflict with other forms of permitted user login name. In the latter case, the email local-parts need to be unique across the server and MUST NOT conflict with any login name on the server.
b. If the service provider uses TLS RFC5246, the service provider
MUST ensure a certificate is installed that can be verified by MUAs using the procedure outlined in Section 6 of RFC6125 in regard to verification with an SRV RR as the starting point. If the service provider hosts multiple domains on the same IP address, then the service provider MUST enable support for the TLS Server Name Indication RFC6066.
c. Install the appropriate SRV records for the offered services.
Security Considerations
If a user has explicitly requested a connection with a transport layer security mechanism (user interfaces sometimes present this choice as a "use SSL" or "secure connection" checkbox), the MUA MUST successfully negotiate transport layer security prior to sending an authentication command. For example, the MUA MAY do this with "imaps", "pop3s", "imap" with "STARTTLS", or "pop3" with "STLS". Service providers MAY offer any subset of these four options for the mail service.
A malicious attacker with access to the DNS server data, or able to get spoofed answers cached in a recursive resolver, can potentially cause MUAs to connect to any IMAP, POP3, or submission server chosen by the attacker. In the absence of a secure DNS option, MUAs SHOULD check that the target FQDN returned in the SRV record matches the original service domain that was queried. If the target FQDN is not in the queried domain, MUAs SHOULD verify with the user that the SRV target FQDN is suitable for use before executing any connections to the host. Alternatively, if TLS RFC5246 is being used for the email service, MUAs MUST use the procedure outlined in Section 6 of RFC6125 to verify the service.
Implementations of TLS RFC5246 typically support multiple versions of the protocol as well as the older Secure Sockets Layer (SSL) protocol. Because of known security vulnerabilities, email clients and email servers MUST NOT request, offer, or use SSL 2.0. See Appendix E.2 of RFC5246 for further details.
Acknowledgments
Thanks to Tony Finch, Ned Freed, Alfred Hoenes, Suresh Krishnan, Alexey Melnikov, Chris Newman, and Phil Pennock for feedback and suggestions. Some of this work is based on a previously drafted document by John Klensin and Eric Hall.
References
Normative References
RFC1939 Myers, J. and M. Rose, "Post Office Protocol - Version 3",
STD 53, RFC 1939, May 1996.
RFC2119 Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
RFC2595 Newman, C., "Using TLS with IMAP, POP3 and ACAP",
RFC 2595, June 1999.
RFC2782 Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
specifying the location of services (DNS SRV)", RFC 2782, February 2000.
RFC3207 Hoffman, P., "SMTP Service Extension for Secure SMTP over
Transport Layer Security", RFC 3207, February 2002.
RFC3501 Crispin, M., "INTERNET MESSAGE ACCESS PROTOCOL - VERSION
4rev1", RFC 3501, March 2003.
RFC4409 Gellens, R. and J. Klensin, "Message Submission for Mail",
RFC 4409, April 2006.
RFC5246 Dierks, T. and E. Rescorla, "The Transport Layer Security
(TLS) Protocol Version 1.2", RFC 5246, August 2008.
RFC5321 Klensin, J., "Simple Mail Transfer Protocol", RFC 5321,
October 2008.
RFC5322 Resnick, P., Ed., "Internet Message Format", RFC 5322,
October 2008.
RFC6066 Eastlake, D., "Transport Layer Security (TLS) Extensions:
Extension Definitions", RFC 6066, January 2011.
RFC6125 Saint-Andre, P. and J. Hodges, "Representation and
Verification of Domain-Based Application Service Identity
within Internet Public Key Infrastructure Using X.509
(PKIX) Certificates in the Context of Transport Layer
Security (TLS)", RFC 6125, March 2011.
Informative References
RFC5598 Crocker, D., "Internet Mail Architecture", RFC 5598,
July 2009.
Author's Address
Cyrus Daboo Apple Inc. 1 Infinite Loop Cupertino, CA 95014 USA
EMail: [email protected] URI: http://www.apple.com/
