Re: [ietf-smtp] Proposed agenda for EMAILCORE BOF

John Levine <johnl@taugh.com> Thu, 23 July 2020 15:43 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4ABD3A09CE for <ietf-smtp@ietfa.amsl.com>; Thu, 23 Jul 2020 08:43:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=qf/YiARp; dkim=pass (1536-bit key) header.d=taugh.com header.b=AZhCghAZ
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWmCjL1JBx7r for <ietf-smtp@ietfa.amsl.com>; Thu, 23 Jul 2020 08:43:26 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CE8E43A0855 for <ietf-smtp@ietf.org>; Thu, 23 Jul 2020 08:43:25 -0700 (PDT)
Received: (qmail 89423 invoked from network); 23 Jul 2020 15:43:23 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=15d4b.5f19b01b.k2007; bh=Zn6BL2W6rskwSZJastLHdckocq8vlSuHvrZQeo1ED/s=; b=qf/YiARpL4oCfbsqODVRHuWbjUZlHQgvNMP4mmFErZzv/cEldhDRfDeuayTki+PSt9Z4dRlQ38PWD9tOveTV7n2q5cIHUh4LXKoxpQ+gaZxgKFcPfzgRdNjqRHqTBPhtK3SYr2qE1d8iDtxIyaXGURFDlHQqCB35NqWxDSPOdV5f9A4r4CbiePUmY2IK4+AHlkUjy6ajuKgh40RKNipxv6Us52WJRk7V7c6ozwH40OWUbSwHgTQgkehkdiOR8nr+
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=15d4b.5f19b01b.k2007; bh=Zn6BL2W6rskwSZJastLHdckocq8vlSuHvrZQeo1ED/s=; b=AZhCghAZyvDYJxLZ8t3a7ifuGX0+Dm5zhSvO0u8iJXb5tdjM2i7bqo16UKSoItEajIwmfwwEVoI4+hrpqnnfVHGP0jxhy8hivl9j9qb/4LTNKGex/rdKSfOHuwBx3y41B2sT1LG1eEM6U3Zdh401PABxtT99qsMWRZxhq+5bEu4L6IusQde3o24h4LwP+2kNYuLQ05vEDJTGBhgqgMstteRRk3MBr0ZNVamrv1iUXhLKP1I6z7yZmCERmLhyBcPH
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.2 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 23 Jul 2020 15:43:23 -0000
Received: by ary.qy (Postfix, from userid 501) id 9C29B1D694AC; Thu, 23 Jul 2020 11:43:22 -0400 (EDT)
Date: 23 Jul 2020 11:43:22 -0400
Message-Id: <20200723154322.9C29B1D694AC@ary.qy>
From: "John Levine" <johnl@taugh.com>
To: ietf-smtp@ietf.org
Cc: moore@network-heretics.com
In-Reply-To: <fd2c6aca-6a31-7ae5-3780-2dbbecf84a87@network-heretics.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset=utf-8
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/hGAi5QtuUpngcrhLCLHW7tFdM1Y>
Subject: Re: [ietf-smtp] Proposed agenda for EMAILCORE BOF
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jul 2020 15:43:28 -0000

In article <fd2c6aca-6a31-7ae5-3780-2dbbecf84a87@network-heretics.com> you write:
>-=-=-=-=-=-
>
>On 7/22/20 1:34 PM, John Levine wrote:
>
>>> My reading is thay the above text clarifies to prefer 465 over 587.
>> Some of us disagree about how well this advice matches reality. See
>> you at the BOF.
>
>What does it even mean to say that this does or does not match "reality"?

The advice is to use ports that do TLS on connect (465, 993, 995)
rather than ones that connect and then use a command to upgrade (587,
110, 143) on the theory that a bad guy might do STARTTLS stripping on
the latter. I think it is reasonable to assume that any adversary that
knows how to mess with STARTTLS packets also knows how to do port
blocking, and if one port doesn't work MUAs will try the other, so it
doesn't help.

I also observer that MUAs all offer the option of doing it either way
when you set them up, and remember that configuration for subsequent
connections. More useful advice would be to configure a TLS connection
of either type at setup time, and if that configuration later stops
working, alert the user rather than silently working around it.

R's,
John