Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access
E700353
"Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access" (RFC 8314) is an IETF standards-track document that recommends and defines best practices for using TLS to secure email submission and retrieval protocols instead of unencrypted connections.
Observed surface forms (1)
| Surface form | Occurrences |
|---|---|
| RFC 8314 | 0 |
Statements (49)
| Predicate | Object |
|---|---|
| instanceOf |
Best current practice for email security
ⓘ
IETF standards-track document ⓘ |
| addresses |
Certificate validation for email protocols
ⓘ
Deprecation of weak ciphers and protocols for email ⓘ Downgrade attack risks on STARTTLS ⓘ Opportunistic versus mandatory TLS for email ⓘ Server and client configuration for secure email protocols ⓘ Use of modern TLS versions for email security ⓘ |
| appliesToProtocol |
IMAP
NERFINISHED
ⓘ
Message Submission (MSA) NERFINISHED ⓘ POP3 NERFINISHED ⓘ |
| area | Applications ⓘ |
| category | Standards Track ⓘ |
| defines |
Security requirements for email access over TLS
ⓘ
Security requirements for email submission over TLS ⓘ |
| discourages |
Use of STARTTLS on port 25 for message submission
ⓘ
Use of cleartext IMAP on port 143 ⓘ Use of cleartext POP3 on port 110 ⓘ |
| focusesOn |
Use of Transport Layer Security for email access
ⓘ
Use of Transport Layer Security for email submission NERFINISHED ⓘ |
| intendedAudience |
Email client implementers
ⓘ
Email service providers ⓘ System administrators ⓘ |
| obsoletesCleartext | Traditional unencrypted email submission and access ⓘ |
| protocolFamily | Application layer protocols ⓘ |
| publishedBy | Internet Engineering Task Force ⓘ |
| recommends |
Deprecation of cleartext email protocols on default ports
NERFINISHED
ⓘ
Disabling plaintext authentication on unencrypted channels ⓘ Rejecting cleartext logins when TLS is available ⓘ Use of TLS by default for email clients ⓘ Use of implicit TLS for email access ⓘ Use of implicit TLS for email submission NERFINISHED ⓘ Use of port 465 for message submission over implicit TLS ⓘ Use of port 993 for IMAP over implicit TLS ⓘ Use of port 995 for POP3 over implicit TLS ⓘ |
| securityGoal |
Confidentiality of email content in transit
ⓘ
Confidentiality of email credentials ⓘ Integrity of email sessions ⓘ Mitigation of active man-in-the-middle attacks ⓘ Protection against passive eavesdropping ⓘ |
| shortName | Cleartext Considered Obsolete NERFINISHED ⓘ |
| status | Proposed Standard ⓘ |
| stream |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| subject |
Email security
ⓘ
Secure email submission and retrieval NERFINISHED ⓘ TLS configuration for email ⓘ |
| title | Cleartext Considered Obsolete: Use of Transport Layer Security (TLS) for Email Submission and Access NERFINISHED ⓘ |
| updates | Email submission and access best practices ⓘ |
| usesTechnology | Transport Layer Security NERFINISHED ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.