Re: STARTTLS & EHLO: Errata text?
SM <sm@resistor.net> Thu, 29 January 2009 23:09 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TN9CVw045069 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 16:09:12 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0TN9CrB045068; Thu, 29 Jan 2009 16:09:12 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from ns1.qubic.net (ns1.qubic.net [208.69.177.116]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0TN912K045050 for <ietf-smtp@imc.org>; Thu, 29 Jan 2009 16:09:11 -0700 (MST) (envelope-from sm@resistor.net)
Received: from subman.resistor.net ([10.0.0.1]) (authenticated bits=0) by ns1.qubic.net (8.14.4.Alpha0/8.14.4.Alpha0) with ESMTP id n0TN8nOb024800 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 29 Jan 2009 15:08:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1233270538; x=1233356938; bh=KODbKDL/0WAWwpJhE1PbvHwcU6qcQrmamCrpC3nsYEw=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=bZOCK0x4LLN3fDxIFPKTAOGCPtr8J6xMFkoVQpVJ0falVKsSCxH0Gi16ZmBIidjjy d3iifQ66LsXeR2qdQQyeCqnBtWYDBw07glkK44w1LUDyxg4641dlQGPaZ+lMYxNtHx WQtsNLxV6LFVDdRpzR5tkLRnGe5kUogA2u4NfXdQ=
DomainKey-Signature: a=rsa-sha1; s=mail; d=resistor.net; c=simple; q=dns; b=aWFyAi0wNsQ+c79PQR+qXLh3O4fNUwSxmNrqAPXoXMHnhlAziwuni10J/Px4/6o4+ tcHl5AlFwhxo/6sG9AbFzkdQ96pPfhQjtEWYvCsyVmAkSSyxDHuqSjxk1KDpKKT1a3y cVt2/U0k66fEiVU8+lONRPOpdNqn8qB1/YYuMAI=
Message-Id: <6.2.5.6.2.20090129142242.02ef4a60@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 29 Jan 2009 15:08:18 -0800
To: Ned Freed <ned.freed@mrochek.com>
From: SM <sm@resistor.net>
Subject: Re: STARTTLS & EHLO: Errata text?
Cc: ietf-smtp@imc.org
In-Reply-To: <01N4VB00O5UQ00007A@mauve.mrochek.com>
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk> <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk> <497F86CB.60904@att.com> <alpine.LSU.2.00.0901281434440.4546@hermes-2.csi.cam.ac.uk> <498088B8.9040404@pscs.co.uk> <alpine.LSU.2.00.0901291310080.4546@hermes-2.csi.cam.ac.uk> <4981C0D5.1010401@pscs.co.uk> <4981C6BD.2040900@att.com> <37F39FF37390694B69567838@PST.JCK.COM> <4981E1AB.9000002@att.com> <6.2.5.6.2.20090129094120.02f234a0@resistor.net> <01N4VB00O5UQ00007A@mauve.mrochek.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>
Hi Ned, At 12:46 29-01-2009, Ned Freed wrote: >While I have no objection to making this change, I note in passing >that quite a >few servers, ours included, violate the "the server MUST discard any knowledge >obtained from the client" part of this and will continue to do so no matter >what is written in any standard. I read that as the proposed text does not affect your implementation. >The reason for this is simple: Limits used in controlling spam and >DOS attacks. >Servers impose limits on all sorts of things, including but not limited to the >number of transactions in a session, the total number of recipients, the total >time a session has taken, and so on. If a server follows this MUST it turns >STARTTLS into a one time "reset all my rate limits" pass. That's simply not >acceptable in today's email climate. The reason we are having this discussion and the proposed errata is because of SHOULD and MUST. The above lists some of the considerations when deciding about the requirement to be specified. My understand of a SHOULD is "unless I have a good reason not to do it and I fully understand the implication". That leaves room for local policy decisions as you explained above. One of the questions was about the "The client SHOULD send an EHLO command as the first command after a successful TLS negotiation." As with everything SMTP, there are two sides, the sender and the receiver. Instead of thinking in terms of whether the sender should send the command, we could look at this in terms of whether the receiver must accept a mail transaction without being sent an EHLO command. I don't see anything in the specifications that say that. >The simplest fix to bring this text in line with reality is to change the MUST >into a SHOULD. Beyond that lies a slippery slope where we attempt to >categorize >what sorts of information a server can or cannot retain. I really don't think >we want to go there. Agreed. Such a change cannot be done in an errata. I would like a SHOULD instead of a MUST or else we end up with a situation where we have to go against an absolute requirement. Unfortunately, it causes the type of confusion we have seen in this thread. If we attempt to categorize what knowledge is discard or can be retained, we'll end up with a lengthy specification with the problem it entails. >While this clarification exercise is all well and good, if we're >actually going >to issue a revision to RFC 3207 we should consider fixing its most >serious flaw >(IMO) - the lack of a domain parameter on the STARTTLS command, in order to >allow a single SMTP server to provide "virtual hosting" support for multiple >domains. This has been discussed previously. It could be done by advertising a separate extension as you suggested. Regards, -sm
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO: Errata text? Paul Smith
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO: Errata text? Russ Allbery
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? ned+ietf-smtp
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? Bill McQuillan
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Alexey Melnikov
- Re: STARTTLS & EHLO: Errata text? Tony Hansen
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO SM
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Peter Bowyer
- Re: STARTTLS & EHLO Hector Santos
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO Alessandro Vesely
- Re: STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO Alexey Melnikov
- Re: STARTTLS & EHLO Tony Finch
- Re: STARTTLS & EHLO John C Klensin
- Re: STARTTLS & EHLO Tony Hansen
- STARTTLS & EHLO Paul Smith
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? SM
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- RFC 1123bis? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Hector Santos
- Re: STARTTLS & EHLO: Errata text? John C Klensin
- Re: STARTTLS & EHLO: Errata text? Tony Finch
- Re: STARTTLS & EHLO: Errata text? SM