IETF Logo Mail Archive

Re: [ietf-smtp] How to encrypt SMTP?

Дилян Палаузов <dilyan.palauzov@aegee.org> Sun, 27 October 2019 19:58 UTC

Return-Path: <dilyan.palauzov@aegee.org>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 90AD2120052 for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Oct 2019 12:58:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=aegee.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H_GQb_MeUMH1 for <ietf-smtp@ietfa.amsl.com>; Sun, 27 Oct 2019 12:58:23 -0700 (PDT)
Received: from mail.aegee.org (mail.aegee.org [144.76.142.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 44F92120046 for <ietf-smtp@ietf.org>; Sun, 27 Oct 2019 12:58:22 -0700 (PDT)
Authentication-Results: mail.aegee.org/x9RJwI9d026664; auth=pass (LOGIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=aegee.org; s=k4096; t=1572206300; i=dkim+MSA-tls@aegee.org; r=y; bh=5WauFcjgbopWHhLd4EcKYrkdpoSbmSietX9CrjfQ8fA=; h=Subject:From:To:Date:In-Reply-To:References; b=k1vhjiJKTXl9t2aX0XtmGVauS2MOrA1J0aMBhbggqRn+tE+0y2FcEim7u0snshgIC 5d2GJkcD3perd7pstsrG6N6kVQRgGSB6S3DIkp3zBN0fl8P7fID6Cu4ek4oy0UGPli Z5hFholm2dKWVbjfEPqRuWngHAbr9SqpJaV44NYdr0TXSNRjFTfhN9SPvPtWKS/32l L5791ytpjw+t2oK14r9Qe7N+nNjc7XHje+ME0Kw8puSWgTNrB25FR43Gxbh7Rr5RKM atDJrRCnyrZeGfpTLL3YjTBCPRM8W+m827kM3te0nXsPwkrmyTOhKVct5+9j2EbVWW G/jtMQS0+3XMva6xIYYXoEjAU2iwtpi5qXwrJesUqR0nrjoRs8MdAx2WPp67C1usOn tSnGcSOFSuHJG3jRNu/drlFLl77sFB+2XsGC64m6/sh8UhNFDhY0WWVsC2DAkTUkf4 F1+ow63YR69U0FewoN46NfrVyHERHUO+9ChvHiavfiWwFAZT8L//Zb+P5mBP8UmSZx SyHhU+mag/MNQSbMy5HwcqNy/pPdcKR1qAbGNeiMVIiP3lLlEk/V6bDRMS4kpXOKa8 ZeMQKo9M8etSupCx7+kEAgUrsZnVIdACnEF3i/X9a2jRsXS7z6zqFhJm9XB6h9IfkB NyCET9n2vsBVDKCtmyIb8wYE=
Authentication-Results: mail.aegee.org/x9RJwI9d026664; dkim=none
Received: from Tylan (87-118-146-153.ip.btc-net.bg [87.118.146.153]) (authenticated bits=0) by mail.aegee.org (8.15.2/8.15.2) with ESMTPSA id x9RJwI9d026664 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Sun, 27 Oct 2019 19:58:19 GMT
Message-ID: <1e101a1aeb66541e04718e90227603223ca4f33e.camel@aegee.org>
From: Дилян Палаузов <dilyan.palauzov@aegee.org>
To: Keith Moore <moore@network-heretics.com>, ietf-smtp@ietf.org
Date: Sun, 27 Oct 2019 19:58:17 +0000
In-Reply-To: <037312D9-E9DD-464C-89D3-036786456119@network-heretics.com>
References: <DA6C74A3-0D48-4D73-AE06-20378A5CFE54@dukhovni.org> <037312D9-E9DD-464C-89D3-036786456119@network-heretics.com>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.35.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.4 at mail.aegee.org
X-Virus-Status: Clean
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/FQQ5Ynf6YVreqm6mYdSbYPQe_Sc>
Subject: Re: [ietf-smtp] How to encrypt SMTP?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Oct 2019 19:58:26 -0000

Hello Keith,

On Sat, 2019-10-26 at 18:28 -0400, Keith Moore wrote:
> Yes but IMO we should be moving toward a world in which TLS is mandatory for SMTP relay.    Clear guidance to implementors and operators on what TLS versions, cert algorithms, and ciphersuites a client and server should support, might help us get there.
> 
> (perhaps as a stepping stone, cleartext mail relay could be pessimized by having servers randomly return 4xx in response to MAIL sent without TLS, obsolete TLS, or weak ciphersuites, with the probability of such responses increasing over time.)
> 

There is no big difference in the penalty between randomly returning 4xx on MAIL and randomly returning 4xx on RCPT and
the latter is effectively mail segmentation.

If random 4xx on MAIL as penalty for not offering reasonable TLS will help make things better, will random mail
segmentation as penalty for senders not supporting PRDR, convince anybody to implement PRDR?

Greetings
  Дилян

v2.23.0 | Report a Bug | By Email