Re: [dane] making ietf.org eat the DANE dogfood
Warren Kumari <warren@kumari.net> Thu, 20 February 2014 15:49 UTC
Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D96541A01F2 for <dane@ietfa.amsl.com>; Thu, 20 Feb 2014 07:49:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7GKboI8_OB5f for <dane@ietfa.amsl.com>; Thu, 20 Feb 2014 07:49:51 -0800 (PST)
Received: from mail-wg0-f44.google.com (mail-wg0-f44.google.com [74.125.82.44]) by ietfa.amsl.com (Postfix) with ESMTP id 917F61A01E4 for <dane@ietf.org>; Thu, 20 Feb 2014 07:49:46 -0800 (PST)
Received: by mail-wg0-f44.google.com with SMTP id k14so1578398wgh.11 for <dane@ietf.org>; Thu, 20 Feb 2014 07:49:42 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=gB8TXBuRvFeDvNJgOolX5vP4jh59EKnsAsjwQ1c8WSA=; b=OErVrCHZk457Hmvp7ie/IDk2pxMjETjy+YbkEEjzf47xyI20TSz1uzpyu94z+d9v9r 92BVxS7W6g/YKfWV4HfBKOSb7BwaD25dgRqWNlNMFqcrIn9H9GdiSF5I8qG8So08/sVL caMjfX3grmmcVqlGjUp3/tapricrim8TOwxk3qrbBLIy00tgOZCNa6oZJrZWIIFaZJ0l ei/DgjSvJYK5YGYD9wqYi3KHn1NvYcsVzM4D5/OpIbxE7/BaoFeXFhFUUabhEOEiK1qH 253DTewHUnBUrEXh/eYDDa2E6wJ/6UtoMSorowg1Tha0p9S3HJ4DxNXBM/yfzN/8LyeY VMTQ==
X-Gm-Message-State: ALoCoQkvBNemicKuv9oxWkXtg//dB3Uo0Co8G2JHJuZcBNkvoFPPLT+vlH5jF2M7lL6mnC+8u8lq
MIME-Version: 1.0
X-Received: by 10.195.13.103 with SMTP id ex7mr2690146wjd.3.1392911382267; Thu, 20 Feb 2014 07:49:42 -0800 (PST)
Received: by 10.194.54.167 with HTTP; Thu, 20 Feb 2014 07:49:41 -0800 (PST)
X-Originating-IP: [98.244.98.35]
In-Reply-To: <20130523152607.GL25080@mournblade.imrryr.org>
References: <519BDB2E.90805@stpeter.im> <2375B9D3-9A93-499F-A31C-8F6CB887FA05@vpnc.org> <20130521225232.GB582@mournblade.imrryr.org> <20130523152607.GL25080@mournblade.imrryr.org>
Date: Thu, 20 Feb 2014 10:49:41 -0500
Message-ID: <CAHw9_i+RqMcOm0RSfghwr4DqR0_fqCgvn6L6OwE5O2UHa26AkQ@mail.gmail.com>
From: Warren Kumari <warren@kumari.net>
To: "<dane@ietf.org>" <dane@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/AHwqdTWwRI0LGACVRa_wfTxNpqo
Subject: Re: [dane] making ietf.org eat the DANE dogfood
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Feb 2014 15:49:54 -0000
And reviving a really old thread... Just FYI, I posted this on perpass, realized I should have updated DANE too... AMS had lost one of their sysadmins a while back-- they have hired a replacement, and are still planning on doing STARTTLS and DANE. The new person started recently and it takes some time to get up to speed / figure out where the skeletons are buried. Their "current estimate is that we will be able to address it directly following London, rather than before." I'm sure we are all somewhat frustrated at the delays (it *should* be a simple change), but I can understand them not wanting to make changes before the meeting / before the new person is fully up to speed. I'll push them after the meeting ends... W On Thu, May 23, 2013 at 11:26 AM, Viktor Dukhovni <viktor1dane@dukhovni.org> wrote: > On Tue, May 21, 2013 at 10:52:32PM +0000, Viktor Dukhovni wrote: > >> posttls-finger: Connected to mail.ietf.org[2001:1890:123a::1:1e]:25 >> posttls-finger: < 220 ietfa.amsl.com ESMTP Postfix >> posttls-finger: > EHLO amnesiac.local >> posttls-finger: < 250-ietfa.amsl.com >> posttls-finger: < 250-PIPELINING >> posttls-finger: < 250-SIZE 67108864 >> posttls-finger: < 250-ETRN >> posttls-finger: < 250-AUTH LOGIN PLAIN >> posttls-finger: < 250-AUTH=LOGIN PLAIN >> posttls-finger: < 250-ENHANCEDSTATUSCODES >> posttls-finger: < 250-8BITMIME >> posttls-finger: < 250 DSN >> posttls-finger: > QUIT >> posttls-finger: < 221 2.0.0 Bye >> >> For some reason this MX host supports SASL (more suitable for an >> MSA, where one would also want TLS for PLAIN or LOGIN), but not >> TLS which is appropriate for an inbound MX. > > FWIW, AMS (aka amsl.com) are no strangers to SMTP + STARTTLS: > > $ posttls-finger amsl.com > posttls-finger: Connected to mail.amsl.com[64.170.98.20]:25 > posttls-finger: < 220 c8a.amsl.com ESMTP Postfix > posttls-finger: > EHLO amnesiac.localhost > posttls-finger: < 250-c8a.amsl.com > posttls-finger: < 250-PIPELINING > posttls-finger: < 250-SIZE 67108864 > posttls-finger: < 250-ETRN > posttls-finger: < 250-STARTTLS > posttls-finger: < 250-AUTH PLAIN LOGIN > posttls-finger: < 250-AUTH=PLAIN LOGIN > posttls-finger: < 250-ENHANCEDSTATUSCODES > posttls-finger: < 250-8BITMIME > posttls-finger: < 250 DSN > posttls-finger: > STARTTLS > posttls-finger: < 220 2.0.0 Ready to start TLS > posttls-finger: mail.amsl.com[64.170.98.20]:25 CommonName smtp.amsl.com > posttls-finger: certificate verification failed for mail.amsl.com[64.170.98.20]:25: self-signed certificate > posttls-finger: mail.amsl.com[64.170.98.20]:25: subject_CN=smtp.amsl.com, issuer_CN=smtp.amsl.com, fingerprint=A8:39:D3:5D:90:65:96:D4:BB:DB:0A:E5:F9:C8:0E:14:99:15:7D:6C, pkey_fingerprint=0F:E2:FB:2F:A6:AA:69:3B:B6:4A:A3:40:6B:FD:2D:09:95:03:74:38 > posttls-finger: Untrusted TLS connection established to mail.amsl.com[64.170.98.20]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits) > posttls-finger: > EHLO amnesiac.localhost > posttls-finger: < 250-c8a.amsl.com > posttls-finger: < 250-PIPELINING > posttls-finger: < 250-SIZE 67108864 > posttls-finger: < 250-ETRN > posttls-finger: < 250-AUTH PLAIN LOGIN > posttls-finger: < 250-AUTH=PLAIN LOGIN > posttls-finger: < 250-ENHANCEDSTATUSCODES > posttls-finger: < 250-8BITMIME > posttls-finger: < 250 DSN > posttls-finger: > QUIT > posttls-finger: < 221 2.0.0 Bye > > -- > Viktor. > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane >
- Re: [dane] making ietf.org eat the DANE dogfood Sean Turner
- [dane] making ietf.org eat the DANE dogfood Sean Turner
- Re: [dane] making ietf.org eat the DANE dogfood Peter Saint-Andre
- Re: [dane] making ietf.org eat the DANE dogfood Paul Hoffman
- Re: [dane] making ietf.org eat the DANE dogfood Peter Saint-Andre
- Re: [dane] making ietf.org eat the DANE dogfood Paul Hoffman
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Sabahattin Gucukoglu
- Re: [dane] making ietf.org eat the DANE dogfood Stephen Farrell
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Wes Hardaker
- Re: [dane] making ietf.org eat the DANE dogfood Paul Wouters
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Viktor Dukhovni
- Re: [dane] making ietf.org eat the DANE dogfood Warren Kumari