IETF Logo Mail Archive

[Emailcore] Re: [Last-Call] Re: Re: Re: Re: Re: draft-ietf-emailcore-as-28 ietf last call Secdir review

Nico Williams <nico@cryptonector.com> Sat, 09 May 2026 04:01 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: emailcore@mail2.ietf.org
Delivered-To: emailcore@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A7296EB8E32B; Fri, 8 May 2026 21:01:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1778299302; bh=MXXYKU6khm5UXRTNF4AIUsS2/BZNslij1F/7UFEu9F4=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=fshk7J2+tVTWerd5YfZqqdbtuoHR38JxtY/thwAnyuRI1kqQxKRr3/ZXjVxDjJUEQ 3H+sHSsdPyHXpK9Ll6knjNMka2VIrwzV2Q075mLQEDOu1HhEPJAHlTtM1122kN8yj1 gqlVRMl2nR0R4sL85PGOURVQtoa2RVvofzDGuft0=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jaK2FimXK3qI; Fri, 8 May 2026 21:01:42 -0700 (PDT)
Received: from seahorse.cherry.relay.mailchannels.net (seahorse.cherry.relay.mailchannels.net [23.83.223.161]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id DBF48EB8E1FD; Fri, 8 May 2026 21:00:47 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 474C73E1A88; Sat, 09 May 2026 04:00:41 +0000 (UTC)
Received: from pdx1-sub0-mail-a211.dreamhost.com (trex-green-2.trex.outbound.svc.cluster.local [100.103.255.220]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id D962D3E169A; Sat, 09 May 2026 04:00:40 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1778299240; b=90VejpTMU4g14pfqvGWTlW4aB86ORDYE9GMVr/W3x5YlAwhJv1RMI41osiIXtGLO31tKSR 8STeVFu8sFnXSK2QlHjjhIzf8+ARx6C7oo73C1weDesvQBiHiVic5J44/72Em5iKmEl2Wd V2tPfqOOZDCWsiGTiiEiMleE/p9AqsivkOBvoxxHe5J3I83oypASri5lNE+hLPl+ScYxz6 RjjGV6mgWpAu40a2mhw37BMCFGTClILjPh2lVSxnyAAMUEcEfdIzG2sjtHNi/pbpPRQ/Z+ 4tZokPmjBNnlLMmg9N7UkkItjM8PUlAeHbLXH6fuscmMISzkxUko4ezjLTfHyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1778299240; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=3MD1PrTfhxsy5fAujtZPzoTNvMIs2H+yBE22PL62aik=; b=e00iyW03bM2MrqKPL/CytPgSjWxtW84Dif45V0bke6CbHoXfsJgRnh/kPmukqJNuvHQCGB HIfccHHPXolbc2L2BryoDWoPllXB+zH1dGynE/iCPteGLRI+MEZqE0cXV6O6SVpidzNino thlSZHSCD801qBNUP/5IQojU6TU5d+tjpG07pOs6ikUsyMjDDHWJRnDwPNILbIuoZnVQR7 77ll2dtKbnZ7xo8VKOyqWDfqITCJxPejXh1jtjfYiT4HrimSDPec9I22E2XiheAx3ESXx0 JlA4od/0pchI32r0o+DZj1gOEEfeZaoS3B5yoYiV3G6vexmE7bJoMGZ+QyIOhg==
ARC-Authentication-Results: i=1; rspamd-79cfc4d687-xmbwc; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Soft-Cooing: 12bfc15d395ea15c_1778299241167_3609834674
X-MC-Loop-Signature: 1778299241167:974523958
X-MC-Ingress-Time: 1778299241166
Received: from pdx1-sub0-mail-a211.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.103.255.220 (trex/7.1.5); Sat, 09 May 2026 04:00:41 +0000
Received: from ubby (unknown [24.28.102.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a211.dreamhost.com (Postfix) with ESMTPSA id 4gCC2H6MxNz3S; Fri, 8 May 2026 21:00:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1778299240; bh=3MD1PrTfhxsy5fAujtZPzoTNvMIs2H+yBE22PL62aik=; h=Date:From:To:Cc:Subject:Content-Type:Content-Transfer-Encoding; b=Rw+c+L9VSauf1NpQm2PyjizPhsxtSgBpZ/csNl35ola/AdL3cdfkUesxbOdS/XECw LKC0LgRkK3tJG7AQz0KVzpMYkQGdY5JV+weU2F6xeIvdmOhmsTClMoOkzFzYZDPi3h hMoYpKEUuY/MBXzdBX/rAh73vGHljKW4JG/cUGlM59o0KAc4RHbKO9hElY2TldoBqo pPJ2v9pRx4MXsOMM9YnOE6wtqNtgroyFqtYRIQWUX2JebNzWVpycw0yvkPBMM+KMRn JXskSg3kZdLvCOqKkYt06hSo8qSjWTqK7tcovjXrX4wt+G388VrKgofgQz+QaKymwT 0cZb8+CKM+zIA==
Date: Fri, 08 May 2026 23:00:37 -0500
From: Nico Williams <nico@cryptonector.com>
To: Rob Sayre <sayrer@gmail.com>
Message-ID: <af6xZTeCLYFza1tO@ubby>
References: <CAChr6SyyBmNtuwoM0tejT_5hetohrNnOXoM-88CrZ9-UAZjGWg@mail.gmail.com> <B2BADFC33739FA118D4D4EB6@PSB> <CAChr6Syxdt3JG6_6d87Mfd4t1UVfQ-aW51VMf6bnH4xRk7-nbw@mail.gmail.com> <8F1880CFA7BAB5F0684B1A74@PSB> <CAChr6SypYG3x2XkGfRfDGQLFFBvxdVa77qVoUL+x40m0RDHTUA@mail.gmail.com> <227DBC1076C6E2FD24C47E7A@PSB> <CAChr6SwYY2dY9poCH+n-=J3dbUGHM=voeEkyj3TwwhiDRwkV-w@mail.gmail.com> <8cdce338-a586-4ab0-8349-c100188a72ca@it.aoyama.ac.jp> <b1a9ef51-2e97-4835-ae88-a098ee12df1a@lear.ch> <CAChr6SzJ9Fk6FwnT+L4mK2+wvYHndvxJ5shZOU0xaaPn02eYuQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAChr6SzJ9Fk6FwnT+L4mK2+wvYHndvxJ5shZOU0xaaPn02eYuQ@mail.gmail.com>
Message-ID-Hash: 3HDNO2MEKSXMN36AEIG7CUFOPN6S4YGN
X-Message-ID-Hash: 3HDNO2MEKSXMN36AEIG7CUFOPN6S4YGN
X-MailFrom: nico@cryptonector.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Eliot Lear <lear@lear.ch>, "Martin J. Dürst" <duerst@it.aoyama.ac.jp>, John C Klensin <john-ietf@jck.com>, secdir@ietf.org, draft-ietf-emailcore-as.all@ietf.org, emailcore@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Emailcore] Re: [Last-Call] Re: Re: Re: Re: Re: draft-ietf-emailcore-as-28 ietf last call Secdir review
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/vIC65FEqXtJMV4sH_KQZi8uURAY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Owner: <mailto:emailcore-owner@ietf.org>
List-Post: <mailto:emailcore@ietf.org>
List-Subscribe: <mailto:emailcore-join@ietf.org>
List-Unsubscribe: <mailto:emailcore-leave@ietf.org>

On Thu, May 07, 2026 at 09:14:57AM -0700, Rob Sayre wrote:
> On Thu, May 7, 2026 at 2:52 AM Eliot Lear <lear@lear.ch> wrote:
> > We can make clear that the first is a matter of local policy
> 
> Well, STARTTLS already says this in Section 4.[0]
> 
> The parallel to draw with HTTP is HSTS to MTA-STS. It's the same idea.

It has been explained why that parallel doesn't work very well.

Nico
--

v2.43.4 | Report a Bug | By Email | System Status