IETF Logo Mail Archive

Re: [ietf-smtp] CHUNKING and PIPELINING

Jeremy Harris <jgh@wizmail.org> Thu, 11 March 2021 09:52 UTC

Return-Path: <jgh@wizmail.org>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A7C443A1773 for <ietf-smtp@ietfa.amsl.com>; Thu, 11 Mar 2021 01:52:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=wizmail.org header.b=XrqLAqN0; dkim=pass (2048-bit key) header.d=wizmail.org header.b=joN0eBHK
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1A0D1MXEFwFN for <ietf-smtp@ietfa.amsl.com>; Thu, 11 Mar 2021 01:52:53 -0800 (PST)
Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 82BD43A1772 for <ietf-smtp@ietf.org>; Thu, 11 Mar 2021 01:52:53 -0800 (PST)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=wizmail.org; s=e202001; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:Subject:From:References:To:From: Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive:Autocrypt; bh=2rDq73DCEQz5z45GzTyYGH3a2KmnQPwfZqPcnaAeWDw=; b=XrqLAqN0RPtdaONeO4Ok+YyKaW /EVt0KGq5PB0M6cJG3n46XYG4LvDdBhwwmHmEeDJbIR4rg4mBHD3lDz0zeAQ==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wizmail.org ; s=r202001; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:Subject:From:References:To:From:Sender:Reply-To: Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive:Autocrypt; bh=2rDq73DCEQz5z45GzTyYGH3a2KmnQPwfZqPcnaAeWDw=; b=joN0eBHKX1htBm+C3LbxzVl7gj bKKM1truKiTnKyaNnuDWmHZ+pNoPLx0OTP4ubyHl5JFWNrqJ7276ccJVWNJUwoChdiPtQCyi+u3Oq gNyYaSIjjtvgI4NDnu7gVD7wVv5WIl1YXORAIAL0jiOUEb3iEhX3XYuKAaCy769En8gW1lViMDGvb 9HEMyTxCRdsQHADMmlKzEIdVbpHlQUjKq4qiQGY4SmvbBqdKE41dGRAglWusHxcUAOu5HQBudvleh M8kL1qcgEGcAgTfYfiyZF8swbFidVPFpiuNHgOWtSyx94DnTrXSZtGrJj6YwZa4td0ItaFd4J6FSK 9dtH6G8A==;
Authentication-Results: wizmail.org; iprev=fail smtp.remote-ip=2a00:b900:109e:0:855c:1404:1b9d:3a94; auth=pass (PLAIN) smtp.auth=jgh@wizmail.org
Received: from [2a00:b900:109e:0:855c:1404:1b9d:3a94] (helo=lap.dom.ain) by wizmail.org (Exim 4.94.116) (TLS1.3) tls TLS_AES_128_GCM_SHA256 with esmtpsa id 1lKHzt-001rNQ-Ej for ietf-smtp@ietf.org (return-path <jgh@wizmail.org>); Thu, 11 Mar 2021 09:52:49 +0000
To: ietf-smtp@ietf.org
References: <b1202e49-26b2-35d8-0db7-bb94acd0d52f@wizmail.org> <01RWCSPP4820005PTU@mauve.mrochek.com> <1AFA5DBF-325F-4943-BBE3-45311CC485CA@dukhovni.org> <01RWEGEP5NI8005PTU@mauve.mrochek.com> <290B287C-B5BB-442D-8B30-9EF42C34E33F@dukhovni.org> <04ead364-65c1-436f-a9bb-c92d009db1c1@digilicious.com> <E3A58FCB-7116-4EAC-8831-32CE426AADBC@dukhovni.org> <17c511fc-3819-fe41-272d-63d70c9a3b6b@wizmail.org> <D5F7B8F4-5CA6-4C56-96CB-7AEE1DE550F6@dukhovni.org>
From: Jeremy Harris <jgh@wizmail.org>
Message-ID: <368d3f42-7278-0c91-77c1-caac0b5c41df@wizmail.org>
Date: Thu, 11 Mar 2021 09:52:47 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.8.0
MIME-Version: 1.0
In-Reply-To: <D5F7B8F4-5CA6-4C56-96CB-7AEE1DE550F6@dukhovni.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-GB
Content-Transfer-Encoding: 8bit
X-Pcms-Received-Sender: [2a00:b900:109e:0:855c:1404:1b9d:3a94] (helo=lap.dom.ain) with esmtpsa
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/DHwByM71wtjTlpzb4Ou7drrvui0>
Subject: Re: [ietf-smtp] CHUNKING and PIPELINING
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 09:52:56 -0000

On 11/03/2021 02:17, Viktor Dukhovni wrote:
>> Google was actually sending TCP FIN without sending an SMTP response
>> for the MAIL command, much less the BDAT (which is what I had assumed).
> 
> Here, I'm not surprised.  It is not prudent to start to tear
> down the TLS connection before reading all the server replies,
> and hence sending a "close_notify" right after a pipelined
> "QUIT" is unwise.
> 
>> I had thought that sending a TLS close-alert had semantics
>> "no further data sourced from here, but the other direction
>> is unaffected" - just like the TCP FIN.  Re-reading RFC 8446
>> (TLS 1.3 spec) I still think so:  Section 6 "Alert Protocol"  :-
>>
>>    The
>>    "close_notify" alert is used to indicate orderly closure of one
>>    direction of the connection.  Upon receiving such an alert, the TLS
>>    implementation SHOULD indicate end-of-data to the application.
> 
> That text is rather new in RFC8446, and prior versions of TLS (1.0—1.2)
> do not support half-close.
>  And even if they did, many applications are
> simply not prepared to handle this.

https://tools.ietf.org/html/rfc5246#page-29

   The other party MUST respond with a close_notify
    alert of its own and close down the connection immediately,
    discarding any pending writes.

So Google, were it thinking to follow the TLS 1.2 interpretation
(which it shouldn't have; it was a 1.3 session) violated that in
sending a TCP FIN without first sending a TLS close alert.

But, at least for TLS <= 1.2 de jure, I have to agree with you
on not being eager with the TLS close.

I still think I'll call them on it.
-- 
Cheers,
   Jeremy

v2.23.0 | Report a Bug | By Email