Re: [ietf-smtp] [OT] (signed TLDs)
Hector Santos <hsantos@isdg.net> Tue, 15 October 2019 16:52 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5E012010F for <ietf-smtp@ietfa.amsl.com>; Tue, 15 Oct 2019 09:52:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.102
X-Spam-Level:
X-Spam-Status: No, score=-0.102 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=JYedfYjN; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=tndM7daM
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26dpKjJNI5kp for <ietf-smtp@ietfa.amsl.com>; Tue, 15 Oct 2019 09:52:26 -0700 (PDT)
Received: from mail.winserver.com (pop3.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5052D1200F3 for <ietf-smtp@ietf.org>; Tue, 15 Oct 2019 09:52:26 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1991; t=1571158342; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=wyP2SMDFx5ND5sRN3g8QBBhYjWs=; b=JYedfYjNh8+EU2AYVr31yMiPHqi+xZbX0E+LviMpYZeuoO6ZxdyrTFmkkD9ygw WCAxrV9wgpUB4Qdh8JN1c4xPzmjDNQVJzGxL5XM+1Sl25SZCYjtUhEeiNjUAcl7E NhyWxFppn7CjON9JF5/eHgyOE1dbgkrIN5PwllqyexV4o=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Tue, 15 Oct 2019 12:52:22 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3360721852.1.5096; Tue, 15 Oct 2019 12:52:21 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1991; t=1571158276; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=9a316Vp pWuWyHNKhNGbIB+gHefHNU0evKQFSPii/73o=; b=tndM7daMpLZOEQtHVW/W6HZ CfrBQXY04PSHVtkivwOZYoG4xMYwReIzRElJGsA/zaHsxz5k3mcfksUGx1bEPLh0 tSvtJKBLF1VngilKf9sMmf9PLKu686yLNjTPwQRwex7TPrcZuIOmAXthcMV2DsJc G5apOBRvCASEqAwWUxQs=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Tue, 15 Oct 2019 12:51:16 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 1039532766.44280.16840; Tue, 15 Oct 2019 12:51:15 -0400
Message-ID: <5DA5F942.5030307@isdg.net>
Date: Tue, 15 Oct 2019 12:52:18 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: ietf-smtp@ietf.org
References: <20191011160802.50C81C9B780@ary.qy> <alpine.DEB.2.20.1910141200120.8949@grey.csi.cam.ac.uk> <alpine.OSX.2.21.99999.368.1910141020460.72467@ary.local> <alpine.DEB.2.20.1910151228410.8949@grey.csi.cam.ac.uk>
In-Reply-To: <alpine.DEB.2.20.1910151228410.8949@grey.csi.cam.ac.uk>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/XMYP7ZLkc3FiknEZjel7SjPLC4U>
Subject: Re: [ietf-smtp] [OT] (signed TLDs)
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Oct 2019 16:52:30 -0000
I wish I understood more of this discussion and "basic problem," if any, but in years past, we use to share common "Network" files using dialup, ftp, web, etc. We sort of do it now with the CA-BUNDLE.TXT file for the Intermediate CAs certs. When I build new OpenSSL images, the wcSSL package distribution includes a new ca-bundle.txt file with new CA certs merged. The main bundle is from: https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt In the last update, I merged a bunch of them: ## 07/31/18 01:56 pm ## - Using MergeCACerts.cmd ## - merge newbundle\ca-bundle-20180626.txt https://raw.githubusercontent.com/bagder/ca-bundle/master/ca-bundle.crt ## - merge newbundle\AddTrustExternalCARoot.pem Comodo ## - merge newbundle\COMODORSAAddTrustCA.pem Comodo ## - merge newbundle\COMODORSAOrganizationValidationSecureServerCA.pem Comodo ## - merge newbundle\chain.pem Let's Encrypt ## - merge newbundle\gd_bundle-g2-g1.crt GoDaddy ## - merge newbundle\gd_bundle.crt GoDaddy But it just dawn on me, should a site like the above domain be trusted as a TTP (Trusted Third Party) CA? The bundle can contain TTP "posers." For that matter, why should the user trust any CA anyway? -- HLS On 10/15/2019 7:33 AM, Tony Finch wrote: > John R Levine <johnl@taugh.com> wrote: >> On Mon, 14 Oct 2019, Tony Finch wrote: >>> >>> RFC 7344 did not include bootstrapping, but that was added by RFC 8078. >>> Sadly it's more like a set of hints rather than an actual protocol... >> >> It's just hand waving. The guys who wrote it know that, but the problem is >> that there was no consensus on how to bootstrap. It's a hard problem since >> it's sort of inherent that there's nothing other than a DNSSEC signature that >> reliably authenticates a DNSSEC record. > > I think if we get more registries copying .cz and/or .ch then some > consensus may emerge but there doesn't seem to be much movement in this > area... > > Tony. >
- Re: [ietf-smtp] why are we reinventing mta-sts ? John R Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Claus Assmann
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Daniel Margolis
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Дилян Палаузов
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? John R Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Stan Kalisch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Daniel Margolis
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Rich Kulawiec
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Tony Finch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Tony Finch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] MTA-STS scale (was: why are we re… Viktor Dukhovni
- Re: [ietf-smtp] why are we reinventing mta-sts ? Rich Kulawiec
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Hector Santos
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viktor Dukhovni
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] [OT] (signed TLDs) John R Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- Re: [ietf-smtp] [OT] (signed TLDs) Arnt Gulbrandsen
- Re: [ietf-smtp] [OT] (signed TLDs) Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- Re: [ietf-smtp] [OT] (signed TLDs) Keith Moore
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Mark Andrews
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- [ietf-smtp] HTTPS degrading (was: [OT] (signed TL… Keith Moore
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] HTTPS degrading Hector Santos