- protocol in a multi-hop store & forward email delivery process. SMTP
- envelope recipient addresses are not transport addresses and are
- security-agnostic. Unlike the Hypertext Transfer Protocol (HTTP) and
- its corresponding secured version, HTTPS, where the use of TLS is
- signaled via the URI scheme, email recipient addresses do not
- directly signal transport security policy. Indeed, no such signaling
- could work well with SMTP since TLS encryption of SMTP protects email
- traffic on a hop-by-hop basis while email addresses could only
- express end-to-end policy.
+ protocol in a multi-hop store & forward email delivery process. An
+ SMTP envelope recipient address does not correspond to a specific
+ transport-layer endpoint address, rather at each relay hop the
+ transport-layer endpoint is the next-hop relay, while the envelope
+ recipient address typically remains the same. Unlike the Hypertext
+ Transfer Protocol (HTTP) and its corresponding secured version,
+ HTTPS, where the use of TLS is signaled via the URI scheme, email
+ recipient addresses do not directly signal transport security policy.
+ Indeed, no such signaling could work well with SMTP since TLS
+ encryption of SMTP protects email traffic on a hop-by-hop basis while
+ email addresses could only express end-to-end policy.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+Dukhovni & Hardaker Expires February 3, 2015 [Page 6]
+\f
+Internet-Draft SMTP security via opportunistic DANE TLS August 2014
+