Re: [ietf-smtp] MTS-STS validation when MX host points to a CNAME, violating RFC 2181 § 10.3
John R Levine <johnl@taugh.com> Sun, 04 April 2021 18:17 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC9FC3A13B9 for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Apr 2021 11:17:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=vm6JNZfm; dkim=pass (2048-bit key) header.d=taugh.com header.b=WJqXhgqO
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jH0pmjTdgi_I for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Apr 2021 11:17:35 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C6333A07A4 for <ietf-smtp@ietf.org>; Sun, 4 Apr 2021 11:17:35 -0700 (PDT)
Received: (qmail 54525 invoked from network); 4 Apr 2021 18:17:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=d4fb.606a02bd.k2104; bh=uk78X5R+f5tvWADVBPMXf7/wU2zFz56UZetz5qspeFE=; b=vm6JNZfmm4pAwUccfWmGQ7C7gfeeQlGA4tRXZaJjSTV/Q4sMHKRhCyqK94g8inH8iK2xd5bKtSGieZiaYv7ACidH2bfBxQzqzOkWy4d/0+StV4eZpEGBL4eLfbGPja0ePcd6vVl5/PFuHjYEwBjKecQVkv8uZh15+QCaWJo5P1B5B/TMda+Al0OSgMC/b4lAwA0pRMDr+bdje3HAi5hV2Jkszev5RS1wqtOw+HnrvTqQshwq/Eyi4iu3h4mEGv0xe3fkX2jD81LIfExusl6QIP5LpWdgCwssxuIeG6OYIu5sn8xwmOm+fyqlh4HxJEbRiYWYk09LbkuC4IsWrCK38Q==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:references:mime-version:content-type; s=d4fb.606a02bd.k2104; bh=uk78X5R+f5tvWADVBPMXf7/wU2zFz56UZetz5qspeFE=; b=WJqXhgqOlIhnBmQo5UCxAp47cCiSG4Lw6e65XciUXPwH6yMqwaNvi5lwFDWUYORO+ZMmJfGWeZNU5J1wbEpZ7oy21WlCUqk9AS7Z2KKFtIUg0Ndk3oD1Uh0RoG1ES0HYHDgGLWLoOsBVzI2SNBUCtAsCxbOaCs1FjD5PAwGybz2/QVpUipv0Dp2oULj3rLW52r/qwf1hNwOR6En4N3lVOq+2QjG/cFpHB4GRe1/R8qPNsKCAzki6vl61F9P0XKd1puUQrok75SromwOMUK9bXw4sPuGemHLHBJKtgbHRjRmyP45SVD2MdIQ4GxKQoFwO1J4XpHPwYbZbCj71EtXt+A==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 04 Apr 2021 18:17:32 -0000
Received: by ary.qy (Postfix, from userid 501) id 2D34771F96BD; Sun, 4 Apr 2021 14:17:31 -0400 (EDT)
Received: from localhost (localhost [127.0.0.1]) by ary.qy (Postfix) with ESMTP id CF39671F969E; Sun, 4 Apr 2021 14:17:31 -0400 (EDT)
Date: Sun, 04 Apr 2021 14:17:31 -0400
Message-ID: <a232c63-bf8-2371-51e1-b64d119ad55d@taugh.com>
From: John R Levine <johnl@taugh.com>
To: Kristijonas Lukas Bukauskas <kr@n0.lt>, John C Klensin <john-ietf@jck.com>
Cc: ietf-smtp@ietf.org
X-X-Sender: johnl@ary.qy
In-Reply-To: <e87c4a27cb86ec5b32f0539754c341f3@n0.lt>
References: <20210402002416.1825171CC176@ary.qy> <70B5B7CCF6D64FBA195CCAA5@JcK-HP5> <e87c4a27cb86ec5b32f0539754c341f3@n0.lt>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="US-ASCII"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/5rUGcfR8yuoc5MvrHPDydzkSOqA>
Subject: Re: [ietf-smtp] MTS-STS validation when MX host points to a CNAME, violating RFC 2181 § 10.3
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Apr 2021 18:17:41 -0000
On Sun, 4 Apr 2021, Kristijonas Lukas Bukauskas wrote: > Shouldn't an MTA-STS validator do *exactly* what RFC8461, section 4.1 says: That's not how standards work. If you follow the standard, you should be able to interoperate with other people that follow it. If you don't, the results are unpredictable. We don't try to anticipate every possible mistake both because it is a waste of time and because it is impossible. I suppose it would be nice if Microsoft sent a better error message but that's not a bug I can get very excited about. You know that pointing your MX at a CNAME is a mistake, so it'll fail at random. It's a somewhat common mistake, but it's still a mistake. If it were me, I would fix it and move on. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly
- [ietf-smtp] MTS-STS validation when MX host point… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… Sam Varshavchik
- Re: [ietf-smtp] MTS-STS validation when MX host p… Mark Andrews
- Re: [ietf-smtp] MTS-STS validation when MX host p… John Levine
- Re: [ietf-smtp] MTA-STS validation when MX host p… Viktor Dukhovni
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTA-STS validation when MX host p… John Levine
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… John R Levine
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… Sam Varshavchik
- Re: [ietf-smtp] MTS-STS validation when MX host p… John Levine
- Re: [ietf-smtp] MTS-STS validation when MX host p… Hector Santos
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… Viktor Dukhovni
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… Viktor Dukhovni
- Re: [ietf-smtp] MTS-STS validation when MX host p… John C Klensin
- Re: [ietf-smtp] MTS-STS validation when MX host p… Sam Varshavchik
- Re: [ietf-smtp] MTS-STS validation when MX host p… Viktor Dukhovni
- Re: [ietf-smtp] CNAME considered harmful, was MTS… John R Levine
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… John R Levine
- Re: [ietf-smtp] MTS-STS validation when MX host p… Arnt Gulbrandsen
- Re: [ietf-smtp] CNAME considered harmful, was MTS… John C Klensin
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… John C Klensin
- Re: [ietf-smtp] MTS-STS validation when MX host p… Mark Andrews
- Re: [ietf-smtp] on liberality, was MTS-STS_valida… John Levine
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] on liberality, was MTS-STS_valida… Dave Crocker
- Re: [ietf-smtp] MTS-STS validation when MX host p… Sam Varshavchik
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… Bron Gondwana
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… Arnt Gulbrandsen
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas
- Re: [ietf-smtp] MTS-STS validation when MX host p… John C Klensin
- Re: [ietf-smtp] MTS-STS validation when MX host p… Kristijonas Lukas Bukauskas