IETF Logo Mail Archive

Re: [ietf-smtp] why are we reinventing mta-sts ?

"John Levine" <johnl@taugh.com> Mon, 07 October 2019 13:46 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A460E120169 for <ietf-smtp@ietfa.amsl.com>; Mon, 7 Oct 2019 06:46:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=gJtXUOhT; dkim=pass (1536-bit key) header.d=taugh.com header.b=3I/nhFyR
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GOiOuZWqniY8 for <ietf-smtp@ietfa.amsl.com>; Mon, 7 Oct 2019 06:46:15 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AE051200CD for <ietf-smtp@ietf.org>; Mon, 7 Oct 2019 06:46:15 -0700 (PDT)
Received: (qmail 45606 invoked from network); 7 Oct 2019 13:46:14 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=b224.5d9b41a6.k1910; i=printer-iecc.com@submit.iecc.com; bh=y420jIJrDEMAkBiCyuXF7coTnZwmL8Y+QE2T8qH5ND0=; b=gJtXUOhTJm5UqgLx2hJ0wAWqgpi6vPaaBNM+QUIirtHlbfA24ogMpyasIKhT5fVnX+SSQtc8MwNweU2nv5BtwPqSfIFoS0+HV1OhmA6wtLax27HNGgiKB7xGMpCZJ6ht7pEjgT5l6UvINLsuq5bqPcvySteJxeiq7fm1QQDQdKad3lNJkmgGPdT+JqwpU5rB/q70ciW7oi+XrxDH5mW2ZbUhzEjkhjOCSh1uYeCMa+9iytQistiWwWnnT7tyiCZg
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=b224.5d9b41a6.k1910; olt=printer-iecc.com@submit.iecc.com; bh=y420jIJrDEMAkBiCyuXF7coTnZwmL8Y+QE2T8qH5ND0=; b=3I/nhFyRxtyfEWkGlOW3aLjlOFSaaeex0CrZwdpr4/pRQcyg7gHaSagtwNrhHqp4tjJL+pBLBJnpGiZG2K4s6dMKVlIO47E7x2Yad4qo5CtILa4W3upycIWdJzO6kF0IOrH3HQeZlmBvkJZesNO+u2RxuiBJRkgHMCDMlevRAZzPn6rpFqWhMDmKTtUVEa+48CZf1erHoF9ASwORrwE34DoXtILfm7wmNYTrC5KaTCEXZdPxP9GQ2vLRjBuO7hZG
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 07 Oct 2019 13:46:13 -0000
Received: by ary.qy (Postfix, from userid 501) id 5AF10BB4C8E; Mon, 7 Oct 2019 09:46:12 -0400 (EDT)
Date: Mon, 07 Oct 2019 09:46:12 -0400
Message-Id: <20191007134613.5AF10BB4C8E@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf-smtp@ietf.org
Cc: moore@network-heretics.com
In-Reply-To: <249ffeeb-44eb-b180-52e1-866e755c5cc1@network-heretics.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/E2vgtm4iT6lf4Z-S-CH5EbHiHVE>
Subject: Re: [ietf-smtp] why are we reinventing mta-sts ?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 13:46:17 -0000

In article <249ffeeb-44eb-b180-52e1-866e755c5cc1@network-heretics.com> you write:
>And depending on DNSSEC probably does impair the ability of this to be 
>deployed.   But if DoT can be used instead of DNSSEC, it seems to me 
>that this might be easier to deploy than MTA-STS.

But DoT and DNSSEC are unrelated.  DNSSEC promises that the data you
got are the ones that the authoritative servers published, even though
someone might have snooped on the way.  DoT promises that nobody
snooped and the data you got are the ones that the resolver, which may
be lying, sent.

You can have either without the other.  If you want confidentiality
and integrity, you need both.

R's,
John

v2.23.0 | Report a Bug | By Email