IETF Logo Mail Archive

Re: [ietf-smtp] How to encrypt SMTP?

Hector Santos <hsantos@isdg.net> Thu, 17 October 2019 02:45 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD16F120809 for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Oct 2019 19:45:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=ZfPCN9GJ; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=sqKKgjU+
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ODpKcSkn5MLv for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Oct 2019 19:45:37 -0700 (PDT)
Received: from mail.winserver.com (groups.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63BDD1201CE for <ietf-smtp@ietf.org>; Wed, 16 Oct 2019 19:45:37 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=916; t=1571280335; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=rzRe8DHMZ2iu4vVFmqnyELOR1uA=; b=ZfPCN9GJpuaiy1C2MUpJs87jf/zIwl49qRCV458SVsPZVYlRkOgUkE22SKMBuD bZ6AeKm72bhorHRtTEGzdGB2sRvcxqUkPfmFkTyMrSzPgMsy/msL47r0tHtP9gwy uBpZiKW9TXer5f8sdY4i+x2brrotAtmlXMKiR+1Dw8SwE=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Wed, 16 Oct 2019 22:45:35 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3482713698.1.5284; Wed, 16 Oct 2019 22:45:34 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=916; t=1571280269; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=z3LR9yb CT9DiTNjDkK0WXpNgERcR0zzctfVvepR2Yho=; b=sqKKgjU+pSxKYaorFe0E9RM wupnm+WAFiYJJkTutOCdBdpbtanqLYpVWbSlfYyJ1yVpO5h5kczojDwjCJPkOHRQ fiHgmvreiGkoT3BKypo7x3BVvUKV6sy9fXBUeVCvn/6fDVcP4BnyKe0PhfM0umkV D293k8oYWC3fyAcEY4wQ=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Wed, 16 Oct 2019 22:44:29 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 1161525172.44280.25388; Wed, 16 Oct 2019 22:44:27 -0400
Message-ID: <5DA7D5CF.3050800@isdg.net>
Date: Wed, 16 Oct 2019 22:45:35 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: ietf-smtp@ietf.org
References: <20191016195315.145DFCBFAAF@ary.local>
In-Reply-To: <20191016195315.145DFCBFAAF@ary.local>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/CMBQoYK3wL_WTb--OziVR1WwF1o>
Subject: Re: [ietf-smtp] How to encrypt SMTP?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Oct 2019 02:45:40 -0000

On 10/16/2019 3:53 PM, John Levine wrote:
> In article <167179.1571248841@turing-police> you write:
>> Seriously - if gnu.org *still* doesn't support TLS 1.1 (RFC4346 came out in
>> April 2006), they're probably running an SSL/TLS software stack that has about
>> 4 zillion since-patched security holes in it.
>
> They're running Exim 4.71 which was released in 2009.  The current
> version is 4.92.3.  Their mail software is a decade out of date.
>
> This is not a hard problem to solve.

Its a difficult compatibility problem to solve. In this case, are you 
(speaking in general) going instruct or program your Port 25 SMTP 
client to accept only a higher degree of encryption? Or vice-versa? 
The OP is correct. With SMTP, the higher SSL bar has not been imposed 
even with  uptopar software. With modern browsers, you can feel the 
pains.  Just consider, how will HSTS concepts work in SMTP?

-- 
HLS

v2.23.0 | Report a Bug | By Email