[要約] RFC 8997は、メール送信とアクセスのためのTLS 1.1の廃止を提案しています。この文書の目的は、より安全なTLSバージョンへの移行を促進することです。主に、メールサーバーの運用者やメールサービスの提供者が対象となります。
Internet Engineering Task Force (IETF) L. Velvindron
Request for Comments: 8997 cyberstorm.mu
Updates: 8314 S. Farrell
Category: Standards Track Trinity College Dublin
ISSN: 2070-1721 March 2021
Deprecation of TLS 1.1 for Email Submission and Access
電子メール送信とアクセスに対するTLS 1.1の非推奨
Abstract
概要
This specification updates the current recommendation for the use of the Transport Layer Security (TLS) protocol to provide confidentiality of email between a Mail User Agent (MUA) and a Mail Submission Server or Mail Access Server. This document updates RFC 8314.
この仕様は、メールユーザーエージェント(MUA)とメール送信サーバーまたはメールアクセスサーバーとの間の電子メールの機密性を提供するために、トランスポート層セキュリティ(TLS)プロトコルを使用するための現在の推奨事項を更新します。この文書はRFC 8314を更新します。
Status of This Memo
本文書の位置付け
This is an Internet Standards Track document.
これはインターネット規格のトラック文書です。
This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 7841.
この文書は、インターネットエンジニアリングタスクフォース(IETF)の製品です。IETFコミュニティのコンセンサスを表します。それは公開レビューを受け、インターネットエンジニアリングステアリンググループ(IESG)による出版の承認を受けました。インターネット規格に関する詳細情報は、RFC 7841のセクション2で利用できます。
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8997.
この文書の現在のステータス、エラータ、およびフィードバックを提供する方法は、https://www.rfc-editor.org/info/rfc8997で入手できます。
Copyright Notice
著作権表示
Copyright (c) 2021 IETF Trust and the persons identified as the document authors. All rights reserved.
著作権(C)2021 IETF信頼と文書著者として識別された人。全著作権所有。
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.
このドキュメントは、このドキュメントの発行日に有効なBCP 78およびIETFドキュメントに関連するIETFトラストの法的規定(https://trustee.ietf.org/license-info)の対象となります。 これらのドキュメントは、このドキュメントに関するお客様の権利と制限について説明しているため、注意深く確認してください。 このドキュメントから抽出されたコードコンポーネントには、Trust LegalProvisionsのセクション4.eで説明されているSimplifiedBSD Licenseテキストが含まれている必要があり、Simplified BSDLicenseで説明されているように保証なしで提供されます。
Table of Contents
目次
1. Introduction
2. Conventions Used in This Document
3. Updates to RFC 8314
4. IANA Considerations
5. Security Considerations
6. References
6.1. Normative References
6.2. Informative References
Acknowledgements
Authors' Addresses
[RFC8314] defines the minimum recommended version of TLS as version 1.1. Due to the deprecation of TLS 1.1 in [RFC8996], this recommendation is no longer valid. Therefore, this document updates [RFC8314] so that the minimum version for TLS is TLS 1.2.
[RFC8314]バージョン1.1としてTLSの最小推奨バージョンを定義します。[RFC8996]のTLS 1.1の非推奨のため、この推奨事項はもう有効ではありません。したがって、このドキュメントは[RFC8314]を更新して、TLSの最小バージョンがTLS 1.2です。
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.
この文書のキーワード "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", および "OPTIONAL" はBCP 14 [RFC2119] [RFC8174]で説明されているように、すべて大文字の場合にのみ解釈されます。
OLD:
古い:
| 4.1. Deprecation of Services Using Cleartext and TLS Versions | Less Than 1.1
| ..4.1。ClearTextとTLSのバージョンを使用したサービスの廃止1.1未満
NEW:
新着:
| 4.1. Deprecation of Services Using Cleartext and TLS Versions | Less Than 1.2
| ..4.1。ClearTextとTLSのバージョンを使用したサービスの廃止1.2未満
OLD:
古い:
| As soon as practicable, MSPs currently supporting Secure Sockets
| Layer (SSL) 2.x, SSL 3.0, or TLS 1.0 SHOULD transition their users
| to TLS 1.1 or later and discontinue support for those earlier
| versions of SSL and TLS.
NEW:
新着:
| As soon as practicable, MSPs currently supporting Secure Sockets
| Layer (SSL) 2.x, SSL 3.0, TLS 1.0, or TLS 1.1 SHOULD transition
| their users to TLS 1.2 or later and discontinue support for those
| earlier versions of SSL and TLS.
In Section 4.1 of [RFC8314], the text should be revised from:
[RFC8314]のセクション4.1では、テキストを修正する必要があります。
OLD:
古い:
| One way is for the server to refuse a ClientHello message from any
| client sending a ClientHello.version field corresponding to any
| version of SSL or TLS 1.0.
NEW:
新着:
| One way is for the server to refuse a ClientHello message from any
| client sending a ClientHello.version field corresponding to any
| version of SSL or TLS earlier than TLS 1.2.
OLD:
古い:
| It is RECOMMENDED that new users be required to use TLS version
| 1.1 or greater from the start. However, an MSP may find it
| necessary to make exceptions to accommodate some legacy systems
| that support only earlier versions of TLS or only cleartext.
NEW:
新着:
| It is RECOMMENDED that new users be required to use TLS version
| 1.2 or greater from the start. However, an MSP may find it
| necessary to make exceptions to accommodate some legacy systems
| that support only earlier versions of TLS or only cleartext.
OLD:
古い:
| If, however, an MUA provides such an indication, it MUST NOT
| indicate confidentiality for any connection that does not at least
| use TLS 1.1 with certificate verification and also meet the
| minimum confidentiality requirements associated with that account.
NEW:
新着:
| If, however, an MUA provides such an indication, it MUST NOT
| indicate confidentiality for any connection that does not at least
| use TLS 1.2 with certificate verification and also meet the
| minimum confidentiality requirements associated with that account.
OLD
古い
| MUAs MUST implement TLS 1.2 [RFC5246] or later. Earlier TLS and
| SSL versions MAY also be supported, so long as the MUA requires at
| least TLS 1.1 [RFC4346] when accessing accounts that are
| configured to impose minimum confidentiality requirements.
NEW:
新着:
| MUAs MUST implement TLS 1.2 [RFC5246] or later, e.g., TLS 1.3
| [RFC8446]. Earlier TLS and SSL versions MAY also be supported, so
| long as the MUA requires at least TLS 1.2 [RFC5246] when accessing
| accounts that are configured to impose minimum confidentiality
| requirements.
OLD:
古い:
| The default minimum expected level of confidentiality for all new
| accounts MUST require successful validation of the server's
| certificate and SHOULD require negotiation of TLS version 1.1 or
| greater. (Future revisions to this specification may raise these
| requirements or impose additional requirements to address newly
| discovered weaknesses in protocols or cryptographic algorithms.)
NEW:
新着:
| The default minimum expected level of confidentiality for all new
| accounts MUST require successful validation of the server's
| certificate and SHOULD require negotiation of TLS version 1.2 or
| greater. (Future revisions to this specification may raise these
| requirements or impose additional requirements to address newly
| discovered weaknesses in protocols or cryptographic algorithms.)
This document has no IANA actions.
この文書にはIANAの行動がありません。
The purpose of this document is to document updated recommendations for using TLS with email services. Those recommendations are based on [RFC8996].
この文書の目的は、電子メールサービスでTLSを使用するための更新された推奨事項を文書化することです。これらの推奨事項は[RFC8996]に基づいています。
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/RFC2119, March 1997, <https://www.rfc-editor.org/info/rfc2119>.
[RFC2119] BRADNER、S、「RFCSで使用するためのキーワード」、BCP 14、RFC 2119、DOI 10.17487 / RFC2119、1997年3月、<https://www.rfc-editor.org/info/RFC2119>。
[RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/RFC5246, August 2008, <https://www.rfc-editor.org/info/rfc5246>.
[RFC5246] Dierks、T.およびE. Rescorla、「トランスポート層セキュリティ(TLS)プロトコルバージョン1.2」、RFC 5246、DOI 10.17487 / RFC5246、2008年8月、<https://www.rfc-editor.org/info/ RFC5246>。
[RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, <https://www.rfc-editor.org/info/rfc8174>.
[RFC8174] Leiba、B、「RFC 2119キーワードの大文字の曖昧さ」、BCP 14、RFC 8174、DOI 10.17487 / RFC8174、2017年5月、<https://www.rfc-editor.org/info/RFC8174>。
[RFC8314] Moore, K. and C. Newman, "Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access", RFC 8314, DOI 10.17487/RFC8314, January 2018, <https://www.rfc-editor.org/info/rfc8314>.
[RFC8314] Moore、K.およびC. Newman、「時代遅れと見なされたClearText:電子メール提出・アクセスのためのトランスポート層セキュリティ(TLS)の使用」、RFC 8314、DOI 10.17487 / RFC8314、2018年1月、<https:// www。rfc-editor.org/info/rfc8314>。
[RFC8446] Rescorla, E., "The Transport Layer Security (TLS) Protocol Version 1.3", RFC 8446, DOI 10.17487/RFC8446, August 2018, <https://www.rfc-editor.org/info/rfc8446>.
[RFC8446] RESCORLA、E.、「トランスポート層セキュリティ(TLS)プロトコルバージョン1.3」、RFC 8446、DOI 10.17487 / RFC8446、2018年8月、<https://www.rfc-editor.org/info/rfc8446>。
[RFC8996] Moriarty, K. and S. Farrell, "Deprecating TLS 1.0 and TLS 1.1", RFC 8996, DOI 10.17487/RFC8996, March 2021, <https://www.rfc-editor.org/info/rfc8996>.
[RFC8996] MoriArty、K.およびS. Farrell、「非推奨TLS 1.0およびTLS 1.1」、RFC 8996、DOI 10.17487 / RFC8996、2021年3月、<https://www.rfc-editor.org/info/rfc8996>。
[RFC4346] Dierks, T. and E. Rescorla, "The Transport Layer Security (TLS) Protocol Version 1.1", RFC 4346, DOI 10.17487/RFC4346, April 2006, <https://www.rfc-editor.org/info/rfc4346>.
[RFC4346] Dierks、T.およびE. Rescorla、「トランスポート層セキュリティ(TLS)プロトコルバージョン1.1」、RFC 4346、DOI 10.17487 / RFC4346、2006年4月、<https://ww.rfc-editor.org/info/ RFC4346>。
Acknowledgements
謝辞
The authors would like to thank Vittorio Bertola and Viktor Dukhovni for their feedback.
著者らはVittorio BertolaとViktorDukhovniにフィードバックを感謝します。
Authors' Addresses
著者の住所
Loganaden Velvindron cyberstorm.mu 88 Avenue De Plevitz Roches Brunes 71259 Rose Hill Mauritius
Loganaden Velvindron Cyberstorm.Mu 88 Avenue de Plevitz Roches Brunes 71259ローズヒルモーリシャス
Phone: +230 59762817
Email: logan@cyberstorm.mu
Stephen Farrell Trinity College Dublin Dublin 2 Ireland
Stephen Farrell Trinity College Dublinダブリン2アイルランド
Phone: +353-1-896-2354
Email: stephen.farrell@cs.tcd.ie