Re: [ietf-smtp] MTS-STS validation when MX host points to a CNAME, violating RFC 2181 § 10.3

Kristijonas Lukas Bukauskas <kr@n0.lt> Wed, 07 April 2021 01:59 UTC

Return-Path: <kr@n0.lt>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DE1C3A3A22 for <ietf-smtp@ietfa.amsl.com>; Tue, 6 Apr 2021 18:59:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.798
X-Spam-Level:
X-Spam-Status: No, score=-2.798 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=n0.lt
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V-kkCMy4uBaw for <ietf-smtp@ietfa.amsl.com>; Tue, 6 Apr 2021 18:59:33 -0700 (PDT)
Received: from ixion.n0.lt (ixion.n0.lt [188.166.32.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F360F3A3A1D for <ietf-smtp@ietf.org>; Tue, 6 Apr 2021 18:59:32 -0700 (PDT)
Received: from webmail.n0.lt (localhost.localdomain [IPv6:::1]) by ixion.n0.lt (Postfix) with ESMTPSA id C0A51FCBFE; Wed, 7 Apr 2021 01:59:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=n0.lt; s=default; t=1617760770; bh=KQ85cpwMZq9nOW5HHTVxSO41L/c3P7ujy9dngcw7w7Y=; h=From:To:Subject; b=b0eX6Cm7PQVw5cWdcu/YMd8oj8Bk+WB1ulWvnY8m1ZGOoUpd3KoNPB02uopoP6/nw n4e8pR/adJgHOVym6RCN1GYDRar5p/GT97nOJhmw43JRx8P4Ugca+Jqwkv8eU8GQD9 K3/oRkNFgOR9sDB0hehyXybz9WvTqKykWgYo5eJ4=
Authentication-Results: ixion; spf=pass (sender IP is ::1) smtp.mailfrom=kr@n0.lt smtp.helo=webmail.n0.lt
Received-SPF: pass (ixion: connection is authenticated)
MIME-Version: 1.0
Date: Wed, 07 Apr 2021 04:59:30 +0300
From: Kristijonas Lukas Bukauskas <kr@n0.lt>
To: John C Klensin <john-ietf@jck.com>
Cc: ietf-smtp@ietf.org
Reply-To: kr@n0.lt
In-Reply-To: <348738A65F9E297975C78D5B@PSB>
References: <20210402002416.1825171CC176@ary.qy> <70B5B7CCF6D64FBA195CCAA5@JcK-HP5> <e87c4a27cb86ec5b32f0539754c341f3@n0.lt> <a232c63-bf8-2371-51e1-b64d119ad55d@taugh.com> <BE4982F24C6848D1624C4D1D@JcK-HP5> <2a09c64747a5c027c2655671ada3b3f8@n0.lt> <71ceffea-7837-4502-9eff-929008b032c5@dogfood.fastmail.com> <741de85508e5d4d8622ccb178bc82fbf@n0.lt> <31d4e036-8a37-4ac7-bee0-194f33a09daf@gulbrandsen.priv.no> <f78eb70a909a1d11629c9899223588dc@n0.lt> <348738A65F9E297975C78D5B@PSB>
User-Agent: Roundcube Webmail/1.4.11
Message-ID: <de9e8a298e1fbc71f7e30b2d8045d80f@n0.lt>
X-Sender: kr@n0.lt
Content-Type: multipart/alternative; boundary="=_50edd472f0ab47b220591d90d00446c2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/7nXpWQII1N8Rl2EQDb3hia3dUEY>
Subject: Re: [ietf-smtp] MTS-STS validation when MX host points to a CNAME, violating RFC 2181 § 10.3
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Apr 2021 01:59:38 -0000

On 2021-04-07 03:12, John C Klensin wrote:

> Kristijonas,
> 
> I'm not a lawyer either, but it is clear to me that the
> discussion has strayed far outside any area that the IETF can do
> anything about or that is productive for discussion on this
> list.

Absolutely!  Thanks to everyone for your inputs. All the questions I had 
have been answered.

To sum up, the lesson learned - despite some sections of an RFC not 
directly referring to another RFC (as RFC8461, section 4.1 doesn't to 
neither RFC5321 nor RFC2181), one still should always want to read all 
normative and informative references, referenced at the end of an RFC. 
And probably other RFCs as well. And take them as a whole.  Just to be 
safe.

Thanks again everyone for all you do! :)

--
Regards,
Kristijonas