Re: [ietf-smtp] MTA-MTA SMTP and TLS-on-connect

John Levine <johnl@taugh.com> Sun, 26 April 2020 21:59 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5AEE3A1396 for <ietf-smtp@ietfa.amsl.com>; Sun, 26 Apr 2020 14:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.85
X-Spam-Level:
X-Spam-Status: No, score=-1.85 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=uve4f0xO; dkim=pass (1536-bit key) header.d=taugh.com header.b=T1zxwqsH
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DiNUw0fPIa4e for <ietf-smtp@ietfa.amsl.com>; Sun, 26 Apr 2020 14:59:51 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A257E3A1393 for <ietf-smtp@ietf.org>; Sun, 26 Apr 2020 14:59:51 -0700 (PDT)
Received: (qmail 7164 invoked from network); 26 Apr 2020 21:59:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1bf6.5ea60456.k2004; bh=83z1GbzafAtDwRd5lKdk9njtWi10DAR9E5C8/ilXnGY=; b=uve4f0xO1ep4TBnBTWP7nPK3h0dFL5LCtWNTRdFyFwzJRQYaMs6piwc0J+eEzSJ6IIOUw56m6eBeG5WdUSQ0/xVTIR5RZur1ogQR+d1Qol+d1MO/ScEJZPhWZhKuXLLeJnJ1ykH9Yt5/MsYEe3u7TFqJSDqgaHW7XYj+l+B3cGNNYMxa946Gj8Qqwx4kE/jPm1ILMkV2RKhmaniB2mD9nfUnlzWh7JSmSNWFcolTnpaYdb4bsyPCZFiTxOhs2S0W
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1bf6.5ea60456.k2004; bh=83z1GbzafAtDwRd5lKdk9njtWi10DAR9E5C8/ilXnGY=; b=T1zxwqsH+h6ArFy1Z2t8vO8HVsh7Mh+ta/GgE7f07tqzz1SqKSA5kiq0Zssm5bWpy/exsbGhzjBZ9LeBs438V39106wr6wTjtb8thNW3g2gJEfi0hpAGPK8ANSyO9GtgOC+viKlSefwSONRNhZMIHjj5hCHsBuhNgV06zERT84SCpP5+JBjALCstsX4FhIDVMJ1eAbwoXL2vgW5cLqsQvcnsZ16c3nszY4Me9jPdneHiCul0Ptd7bRmX2wgCB11B
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTP via TCP6; 26 Apr 2020 21:59:49 -0000
Received: by ary.qy (Postfix, from userid 501) id 72C8D186496A; Sun, 26 Apr 2020 17:59:59 -0400 (EDT)
Date: 26 Apr 2020 17:59:59 -0400
Message-Id: <20200426220000.72C8D186496A@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: ietf-smtp@ietf.org
Cc: jgh@wizmail.org
In-Reply-To: <8d3d7446-db7d-ac04-2a36-258643254630@wizmail.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/494jHITVbyuoDN4CBHuQJOHogMA>
Subject: Re: [ietf-smtp] MTA-MTA SMTP and TLS-on-connect
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Apr 2020 21:59:54 -0000

In article <8d3d7446-db7d-ac04-2a36-258643254630@wizmail.org> you write:
>Hi,
>
>Noting that https://tools.ietf.org/html/draft-sheffer-uta-rfc7525bis-00
>section 3.2 says that TLS-on-connect SHOULD be preferred over STARTTLS
>(my rephrasing) - and that while T-o-c is reasonably common for MSA-MTA
>but not for MTA-MTA -
>
>should we think about technical means to facilitate the latter?

No.  The authors appear to be unfamiliar with the way that STARTTLS
works in practice.

In particular, if the goal is to ensure that all of the mail to a
domain is sent over an encrypted connection, we have MTA-STS.