IETF Logo Mail Archive

Re: [ietf-smtp] How to encrypt SMTP?

"Valdis Kl=?utf-8?Q?=c4=93?=tnieks" <valdis.kletnieks@vt.edu> Wed, 16 October 2019 18:00 UTC

Return-Path: <valdis@vt.edu>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A46F120116 for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Oct 2019 11:00:52 -0700 (PDT)
X-Quarantine-ID: <6mmdt_nqGCef>
X-Virus-Scanned: amavisd-new at amsl.com
X-Amavis-Alert: BAD HEADER SECTION, Non-encoded 8-bit data (char D0 hex): To: \320\224\320\270\320\273\321\217\320\275 \320\237\320\260\320[...]
X-Spam-Flag: NO
X-Spam-Score: -3.2
X-Spam-Level:
X-Spam-Status: No, score=-3.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, PP_MIME_FAKE_ASCII_TEXT=0.999, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6mmdt_nqGCef for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Oct 2019 11:00:50 -0700 (PDT)
Received: from omr1.cc.vt.edu (omr1.cc.ipv6.vt.edu [IPv6:2607:b400:92:8300:0:c6:2117:b0e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A474E1200FD for <ietf-smtp@ietf.org>; Wed, 16 Oct 2019 11:00:50 -0700 (PDT)
Received: from mr1.cc.vt.edu (inbound.smtp.ipv6.vt.edu [IPv6:2607:b400:92:9:0:9d:8fcb:4116]) by omr1.cc.vt.edu (8.14.4/8.14.4) with ESMTP id x9GI0nFr013829 for <ietf-smtp@ietf.org>; Wed, 16 Oct 2019 14:00:49 -0400
Received: from mail-qt1-f199.google.com (mail-qt1-f199.google.com [209.85.160.199]) by mr1.cc.vt.edu (8.14.7/8.14.7) with ESMTP id x9GI0i3b012347 for <ietf-smtp@ietf.org>; Wed, 16 Oct 2019 14:00:49 -0400
Received: by mail-qt1-f199.google.com with SMTP id f15so25707607qth.6 for <ietf-smtp@ietf.org>; Wed, 16 Oct 2019 11:00:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:in-reply-to:references :mime-version:content-transfer-encoding:date:message-id; bh=nDO1gLDj/hGqEg5uPee+v/lTUPxU5dzxF5lnPuIQO08=; b=XRlIWNOZPA2LcKxRMOHTZa26b9Bs9PWpA/NOGcXM3ZK505Or4Ce+GP21P6MwTuxsqg w4Vr6lkrAWKk+FU+6Xyn4jotupBkutl2jFCOh7hqw6jSlQLE9emIzet+qpNdCpeY6gNO 5l23HzcjgMRfZYDdiPG3jtsHRfzUjm/KFcAUFHNYV/vk1MUNXy4SRsDGUlUn713P2Fcc O/shxCmND3xRO2zpgEYAbqk2CgtUrwA2k8tqEzTsw1+sw8zmUjD1G9+Vg1+lX1DvVJBm TwzQgN0muNwgPjtzkjn4nJm/mw0YimbGLXg4rlG31g6M/cFQOMN6nfBja/lXCPJ1E7z5 BXYg==
X-Gm-Message-State: APjAAAVLVBEp+oNCydK4Q+ANA8OMvae5pWILSEao6LCf/1DA4A6OjRQf OjYfIy/Fv05hwhjm4rbugvzKoZovlluMidU3drgvGeYuPDagipel9VaRk2q4QM7Pj/eaH/YrMqy T0nD/OMbKNXmqDOvURuke5Q==
X-Received: by 2002:ae9:f204:: with SMTP id m4mr25987161qkg.105.1571248844165; Wed, 16 Oct 2019 11:00:44 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwxZCO+huwXlZqKxQSrpFWIyGokvRe12MNYQ2IBRZlOCejKKm3OewFiUd6unS7n6dKKPHtuRA==
X-Received: by 2002:ae9:f204:: with SMTP id m4mr25987130qkg.105.1571248843762; Wed, 16 Oct 2019 11:00:43 -0700 (PDT)
Received: from turing-police ([2601:5c0:c001:4341::9ca]) by smtp.gmail.com with UTF8SMTPSA id h29sm15066538qtb.46.2019.10.16.11.00.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Oct 2019 11:00:42 -0700 (PDT)
Sender: Valdis Kletnieks <valdis@vt.edu>
From: Valdis Kl=?utf-8?Q?=c4=93?=tnieks <valdis.kletnieks@vt.edu>
X-Google-Original-From: "Valdis Klētnieks" <Valdis.Kletnieks@vt.edu>
X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.7+dev
To: Дилян Палаузов <dilyan.palauzov@aegee.org>
Cc: ietf-smtp <ietf-smtp@ietf.org>
In-Reply-To: <1420291b5ffe6b65da9bd8e933648b6029dd4c94.camel@aegee.org>
References: <1420291b5ffe6b65da9bd8e933648b6029dd4c94.camel@aegee.org>
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1571248841_33600P"; micalg="pgp-sha1"; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Wed, 16 Oct 2019 14:00:41 -0400
Message-ID: <167179.1571248841@turing-police>
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/cxfe6E74jls4iCerpf0VvBI4Dcw>
Subject: Re: [ietf-smtp] How to encrypt SMTP?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2019 18:00:52 -0000

On Wed, 16 Oct 2019 17:43:07 -0000, Дилян Палаузов said:
> But for SMTP there is nothing similar.  What matters is, if a weak cipher is
> disabled on a mailhost, which sites will not be able to use STARTTLS with that
> host.  E.g. disabling TLS 1.0 (and SSL 3) will not allow anymore to encrypt
> traffic with @gnu.org .

The same thing that happens with anybody else who runs deprecated services - at
some point they've gotten enough reports of problems that they get around to
upgrading.

Seriously - if gnu.org *still* doesn't support TLS 1.1 (RFC4346 came out in
April 2006), they're probably running an SSL/TLS software stack that has about
4 zillion since-patched security holes in it.  And it *also* means that their
MTA software dates back to a release that doesn't insist on 1.1 or later -
which means there's probably a whole raft of since-patched security holes in
that as well.

v2.23.0 | Report a Bug | By Email