IETF Logo Mail Archive

Re: [ietf-smtp] CHUNKING and PIPELINING

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 11 March 2021 02:17 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D2EB3A0CA7 for <ietf-smtp@ietfa.amsl.com>; Wed, 10 Mar 2021 18:17:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5RdJNh0p9O_D for <ietf-smtp@ietfa.amsl.com>; Wed, 10 Mar 2021 18:17:02 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 922493A0CA2 for <ietf-smtp@ietf.org>; Wed, 10 Mar 2021 18:17:02 -0800 (PST)
Received: from [192.168.1.177] (unknown [192.168.1.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id EA401CB43D for <ietf-smtp@ietf.org>; Wed, 10 Mar 2021 21:17:00 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.60.0.2.21\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <17c511fc-3819-fe41-272d-63d70c9a3b6b@wizmail.org>
Date: Thu, 11 Mar 2021 00:17:00 -0200
Content-Transfer-Encoding: quoted-printable
Reply-To: ietf-smtp@ietf.org
Message-Id: <D5F7B8F4-5CA6-4C56-96CB-7AEE1DE550F6@dukhovni.org>
References: <b1202e49-26b2-35d8-0db7-bb94acd0d52f@wizmail.org> <01RWCSPP4820005PTU@mauve.mrochek.com> <1AFA5DBF-325F-4943-BBE3-45311CC485CA@dukhovni.org> <01RWEGEP5NI8005PTU@mauve.mrochek.com> <290B287C-B5BB-442D-8B30-9EF42C34E33F@dukhovni.org> <04ead364-65c1-436f-a9bb-c92d009db1c1@digilicious.com> <E3A58FCB-7116-4EAC-8831-32CE426AADBC@dukhovni.org> <17c511fc-3819-fe41-272d-63d70c9a3b6b@wizmail.org>
To: ietf-smtp@ietf.org
X-Mailer: Apple Mail (2.3654.60.0.2.21)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/OewveC9bxBFcwyobXFfqo7DkWmA>
Subject: Re: [ietf-smtp] CHUNKING and PIPELINING
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Mar 2021 02:17:04 -0000


> On Mar 10, 2021, at 7:04 PM, Jeremy Harris <jgh@wizmail.org> wrote:
> 
> As it turns out, no - or at least not the obvious part.
> Some further testing has found that the syndrome
> (at least with Google's SMTP servers) is down to my pipelining all of
> (SMTP) MAIL, RCPT, BDAT LAST, QUIT, (TLS) close-alert, (TCP) FIN.

My first read of RFC3030 was that one's expected to pause after
all the RCPT commands and before the first BDAT, to check
whether at least one recipient had been accepted.  But this
appears to not be the case.

So indeed you can pipeling the entire MAIL transaction from "MAIL"
to "QUIT" (if the number of BDAT segments is small enough).

What's worse (or better depending on your perspective) is that
you can even pipeline MULTIPLE mail transactions, nothing there
to stop the next "MAIL" command being sent right after "BDAT LAST".

At some point a 3030bis clarifying these issues would be welcome
IMHO.

> Google was actually sending TCP FIN without sending an SMTP response
> for the MAIL command, much less the BDAT (which is what I had assumed).

Here, I'm not surprised.  It is not prudent to start to tear
down the TLS connection before reading all the server replies,
and hence sending a "close_notify" right after a pipelined
"QUIT" is unwise.

> I had thought that sending a TLS close-alert had semantics
> "no further data sourced from here, but the other direction
> is unaffected" - just like the TCP FIN.  Re-reading RFC 8446
> (TLS 1.3 spec) I still think so:  Section 6 "Alert Protocol"  :-
> 
>   The
>   "close_notify" alert is used to indicate orderly closure of one
>   direction of the connection.  Upon receiving such an alert, the TLS
>   implementation SHOULD indicate end-of-data to the application.

That text is rather new in RFC8446, and prior versions of TLS (1.0—1.2)
do not support half-close.  And even if they did, many applications are
simply not prepared to handle this.

> If I separate out the SMTP commands from the TLS & TCP shutdowns,
> reaping the SMTP responses in between, all is well.  If I send
> the TLS shutdown with the SMTP commands but not with a TCP FIN,
> it is not ok.

That should be your implementation, only do the TLS close_notify
once you're neither writing nor reading any SMTP chatter.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email