IETF Logo Mail Archive

[Emailcore] Re: [Last-Call] draft-ietf-emailcore-as-28 ietf last call Secdir review

Pete Resnick <resnick@episteme.net> Thu, 30 April 2026 02:18 UTC

Return-Path: <resnick@episteme.net>
X-Original-To: emailcore@mail2.ietf.org
Delivered-To: emailcore@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A19A3E626531; Wed, 29 Apr 2026 19:18:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777515493; bh=S8+uhpSEVso2p8IMq4xd11nh53vkUA/LpFxtq8X0T74=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=VePgC48XeEhJLJnZfEjX8bh7XuZY9ZvZLbpDQcWXje4cpklFo2vnoC1GYpXashUh8 JDTDBUwwKScxYeLV1Zq5lX5yyf9bclltl0KQTHUXKG/k4I64olCUnFMTg8pm0ih0/w 06+ulIYpynWkJwV81Z5YNJ1SFiiph6GbeqzI34VE=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (1024-bit key) header.d=episteme.net
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SWd0uGM41aaO; Wed, 29 Apr 2026 19:18:12 -0700 (PDT)
Received: from mail.episteme.net (episteme.net [216.169.5.102]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 40B1FE62652A; Wed, 29 Apr 2026 19:18:12 -0700 (PDT)
Received: from [172.16.1.31] (unknown [172.16.1.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.episteme.net (Postfix) with ESMTPSA id 4g5dB95S7dz11dXX; Wed, 29 Apr 2026 21:18:09 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=episteme.net; s=mail; t=1777515491; bh=S8+uhpSEVso2p8IMq4xd11nh53vkUA/LpFxtq8X0T74=; h=From:To:Cc:Subject:Date:In-Reply-To:References; b=tPQEYA0qvfDXfnTvVmX12iANsIjwtUpy/s52AkJA4iFM7MA+G/ha2QKURHI3R9Sv8 MOrhlDd4x+N7hBCJr3Wsz8HofTDZdJmAu7XINAf9xqi6xXAGVhnYf4t59OkeQ3YjwT 1cGZDOvW46sc31nf1PBw9LyqAaelyhk6vS6Loahg=
From: Pete Resnick <resnick@episteme.net>
To: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 29 Apr 2026 21:18:06 -0500
Message-ID: <2AC841E1-1486-4C91-8F5B-85D0A048B63D@episteme.net>
In-Reply-To: <CABcZeBMRsVsBnvbW_g0aR8M80RcQ0QWHqYxQk5dK_9-Dm1Tccw@mail.gmail.com>
References: <177735548849.818.15891659530280505461@dt-datatracker-b45949c58-t72jx> <CALaySJLPRjnhP_SRCoKdBuHZkMsLYcQB5g-Pf3ra14mqYG86tg@mail.gmail.com> <5d69c4a4-e16c-4c0b-bb0e-09887d062da9@lear.ch> <CABcZeBOK0wR5i1Y9Lxa6JzgF6nxzLU25pZa4Sida01VaowBGGA@mail.gmail.com> <fc87c6da-4c02-4030-84f1-092a8511c5c3@lear.ch> <CABcZeBP5q4kWtSXYhkStC7Yc-OYmVNfEJ4Dn7Ef_RNf_g74ucA@mail.gmail.com> <16e19e54-7f69-4ecc-a5f0-dcffd7a0d3b2@lear.ch> <CABcZeBP0e0TS4F_aQvvER+pt87rgGiARudKTEKzD0roEyESvZQ@mail.gmail.com> <8DC02587-26C8-428A-9D88-44AEEFDFE1C2@episteme.net> <CABcZeBMRsVsBnvbW_g0aR8M80RcQ0QWHqYxQk5dK_9-Dm1Tccw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; markup="markdown"
X-Synology-Spam-Flag: no
X-Synology-Spam-Status: score=-0.101, required 5.5, FREEMAIL_ENVRCPT 0, FROM_HAS_DN 0, FROM_EQ_ENVFROM 0, FREEMAIL_CC 0, TO_MATCH_ENVRCPT_ALL 0, __HDRS_LCASE_KNOWN 0, MIME_GOOD -0.1, MID_RHS_MATCH_FROM 0, NO_RECEIVED -0.001, RCPT_COUNT_SEVEN 0, RCVD_COUNT_ZERO 0, __BODY_URI_ONLY 0, ARC_NA 0, MISSING_XM_UA 0, TO_DN_SOME 0, MIME_TRACE 0, __THREADED 0, __NOT_SPOOFED 0
Message-ID-Hash: 4YICF5BSSP5EC4HDMUZLMCRXILI3NAUD
X-Message-ID-Hash: 4YICF5BSSP5EC4HDMUZLMCRXILI3NAUD
X-MailFrom: resnick@episteme.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Eliot Lear <lear@lear.ch>, Barry Leiba <barryleiba@gmail.com>, Shivan Sahib <shivankaulsahib@gmail.com>, secdir@ietf.org, draft-ietf-emailcore-as.all@ietf.org, emailcore@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Emailcore] Re: [Last-Call] draft-ietf-emailcore-as-28 ietf last call Secdir review
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/br9HyCcUvCefy8QbqGuj8tD4MEc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Owner: <mailto:emailcore-owner@ietf.org>
List-Post: <mailto:emailcore@ietf.org>
List-Subscribe: <mailto:emailcore-join@ietf.org>
List-Unsubscribe: <mailto:emailcore-leave@ietf.org>

On 29 Apr 2026, at 17:16, Eric Rescorla wrote:

> Let's see if we can perhaps get on the same page about the current 
> state of affairs: do you believe an SMTP implementation which requires 
> STARTTLS and does not allow you to disable TLS is presently 
> conformant?

Nope. From RFC 3207:

    A publicly-referenced SMTP server MUST NOT require use of the
    STARTTLS extension in order to deliver mail locally.  This rule
    prevents the STARTTLS extension from damaging the interoperability 
of
    the Internet's SMTP infrastructure.  A publicly-referenced SMTP
    server is an SMTP server which runs on port 25 of an Internet host
    listed in the MX record (or A record if an MX record is not present)
    for the domain name on the right hand side of an Internet mail
    address.

pr
-- 
Pete Resnick https://www.episteme.net/
All connections to the world are tenuous at best

v2.43.4 | Report a Bug | By Email | System Status