Re: [ietf-smtp] How to encrypt SMTP?
"John R Levine" <johnl@taugh.com> Sun, 27 October 2019 00:47 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BF7141200FF for <ietf-smtp@ietfa.amsl.com>; Sat, 26 Oct 2019 17:47:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=u3nUp7dO; dkim=pass (1536-bit key) header.d=taugh.com header.b=kW/eYeyJ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pyGt5gjmj11u for <ietf-smtp@ietfa.amsl.com>; Sat, 26 Oct 2019 17:47:45 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1DE81200B3 for <ietf-smtp@ietf.org>; Sat, 26 Oct 2019 17:47:44 -0700 (PDT)
Received: (qmail 9904 invoked from network); 27 Oct 2019 00:47:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=26ae.5db4e92e.k1910; i=johnl-iecc.com@submit.iecc.com; bh=JgeAOIdrE3x9KKuG5u7Qj9PVIddYEi+hZOW6Ca95ChM=; b=u3nUp7dOz67qxnmSNomD1HmmSAhAva2+J1NQNqZbb5+xT8VfPVN8AkSgpzwX2KfornV2iNz6VSgN3imYBFQoHyHLsdJPf1OJkeYHw38Y5T8FMR0SePsfePfEJF+o/4frwJCEEttGtqw8GE+ayXW5FtCqGQzucTGK1DmWnGdSDNKwC31jhh4zAMSGjS0EAq8jfyC3hywqHTbGsyQJyfWn2vREv9/DjA9xEZOuA4urbPZsPwmbEom9hc2QzAGBtpFT
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type:user-agent; s=26ae.5db4e92e.k1910; olt=johnl-iecc.com@submit.iecc.com; bh=JgeAOIdrE3x9KKuG5u7Qj9PVIddYEi+hZOW6Ca95ChM=; b=kW/eYeyJ2ldhlIp/s6S+Re16GgRDHKzvQXVCR7I/pbcgqYfdZQr+9o1hraZZKiSndQj2V1e/xWw8+ERkKTVzfcGuQVtdcKZ0PTj0vKZCIZtLCgadwmB+XB1FvIgfgy0+2/OP4EJw/+dhqO7lWWBp5oCVV9AAroVd5pJU8tc0K/YFB+/VjetKsBTxXElu/7ssj2XmygVI+8dahGifQ+4XebwEdtv4lYSf3RTpcmt2TLhhCmLWnmx5T8q+4Nlif8qj
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 27 Oct 2019 00:47:42 -0000
Date: Sat, 26 Oct 2019 20:47:42 -0400
Message-ID: <alpine.OSX.2.21.99999.368.1910262041440.10592@ary.qy>
From: John R Levine <johnl@taugh.com>
To: Keith Moore <moore@network-heretics.com>
Cc: ietf-smtp@ietf.org
In-Reply-To: <344aaf1f-df91-ffb9-38bc-527d159a2ca6@network-heretics.com>
References: <20191027002554.260ABD7437F@ary.qy> <344aaf1f-df91-ffb9-38bc-527d159a2ca6@network-heretics.com>
User-Agent: Alpine 2.21.99999 (OSX 368 2019-09-06)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-970263827-1572137262=:10592"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/0J3pn7Ji2U48Y5Cu9VbBakq0llY>
Subject: Re: [ietf-smtp] How to encrypt SMTP?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Oct 2019 00:47:47 -0000
> Maybe it's not necessary, but I don't know how widely mta-sts is being > required. What are the barriers to server operators turning on MTA-STS > everywhere? It's pretty easy to deploy for your inbound servers, publish some DNS records and set up some trivial web pages. (See https://mta-sts.taugh.com/.well-known/mta-sts.txt) For outbound mail it's somewhat harder, you have to look at what's on the web page and decide whether it matches what the MTA is seeing. I expect the main barrier is that large scale operators see failures on legit traffic that would be invisible to us little guys, but enough of them that they're not ready to accept that level of breakage. A useful thing that mta-sts borrows from DMARC is reports about what would have broken if it were enforced, so they can try and figure it out and fix it. I believe it's the same reason that Google doesn't sign their domains with DNSSEC. They certainly could if they wanted to. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [ietf-smtp] How to encrypt SMTP? Дилян Палаузов
- Re: [ietf-smtp] How to encrypt SMTP? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Hector Santos
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni
- Re: [ietf-smtp] How to encrypt SMTP? Дилян Палаузов
- Re: [ietf-smtp] How to encrypt SMTP? Jeremy Harris
- Re: [ietf-smtp] How to encrypt SMTP? John R Levine
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni
- Re: [ietf-smtp] How to encrypt SMTP? John Levine
- Re: [ietf-smtp] How to encrypt SMTP? Дилян Палаузов
- Re: [ietf-smtp] encouraging PRDR (was: How to enc… Keith Moore
- Re: [ietf-smtp] How to encrypt SMTP? Viktor Dukhovni