Re: [ietf-smtp] MTS-STS validation when MX host points to a CNAME, violating RFC 2181 § 10.3

Arnt Gulbrandsen <arnt@gulbrandsen.priv.no> Sun, 04 April 2021 20:31 UTC

Return-Path: <arnt@gulbrandsen.priv.no>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FF8D3A190E for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Apr 2021 13:31:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gulbrandsen.priv.no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lqvmoZreFD3D for <ietf-smtp@ietfa.amsl.com>; Sun, 4 Apr 2021 13:30:56 -0700 (PDT)
Received: from stabil.gulbrandsen.priv.no (stabil.gulbrandsen.priv.no [IPv6:2a01:4f8:191:91a8::3]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4842F3A190C for <ietf-smtp@ietf.org>; Sun, 4 Apr 2021 13:30:55 -0700 (PDT)
Received: from stabil.gulbrandsen.priv.no (stabil.gulbrandsen.priv.no [IPv6:2a01:4f8:191:91a8::3]) by stabil.gulbrandsen.priv.no (Postfix) with ESMTP id 0BE87C0175; Sun, 4 Apr 2021 21:38:28 +0100 (IST)
Authentication-Results: stabil.gulbrandsen.priv.no; dmarc=none (p=none dis=none) header.from=gulbrandsen.priv.no
Authentication-Results: stabil.gulbrandsen.priv.no; spf=none smtp.mailfrom=arnt@gulbrandsen.priv.no
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gulbrandsen.priv.no; s=mail; t=1617568708; bh=olEmtS5rvFR8eLaP3ZNaV0urPnZHePIBaRuvuvQITmw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EVoLpU7QbO7ay36iD7VjJP5DwltKljBHFg1KK4UZ3439yKx44egfetQo8LFyitGB7 1XHpDoSsWOykFK4GQbdgbl/X8J4bbd21dT9B/cq+6JUUYa4uo+Jn/Lk65hZLawmrzT TZKWNwvBoUmzlrNd2tAKrWrXhrAaBTkiSCBgyrnE=
Received: from arnt@gulbrandsen.priv.no by stabil.gulbrandsen.priv.no (Archiveopteryx 3.2.0) with esmtpsa id 1617568707-23911-23908/9/30; Sun, 4 Apr 2021 20:38:27 +0000
From: Arnt Gulbrandsen <arnt@gulbrandsen.priv.no>
To: Kristijonas Lukas Bukauskas <kr@n0.lt>
Cc: ietf-smtp@ietf.org
Date: Sun, 4 Apr 2021 22:30:51 +0200
Mime-Version: 1.0
Message-Id: <014d4bd9-efa3-4a10-8b4d-c4f205336d2d@gulbrandsen.priv.no>
In-Reply-To: <a232c63-bf8-2371-51e1-b64d119ad55d@taugh.com>
References: <20210402002416.1825171CC176@ary.qy> <70B5B7CCF6D64FBA195CCAA5@JcK-HP5> <e87c4a27cb86ec5b32f0539754c341f3@n0.lt> <a232c63-bf8-2371-51e1-b64d119ad55d@taugh.com>
User-Agent: Trojita/0.7; Qt/5.11.3; xcb; Linux; Devuan GNU/Linux 3 (beowulf)
Content-Type: text/plain; charset=utf-8; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/jHVgKdnhUyhy7H6idtaUsX9kF4c>
Subject: Re: [ietf-smtp] =?iso-8859-1?q?MTS-STS_validation_when_MX_host_point?= =?iso-8859-1?q?s_to_a_CNAME=2C_violating_RFC_2181_=A7_10=2E3?=
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Apr 2021 20:31:01 -0000

What John Levine says.

You can say things like "those people should be liberal in what they accept 
and overlook my minor error" but sometimes you run into people who aren't 
conservative, just like you aren't conservative if you violate a rule 
knowingly. And sometimes you run into people who haven't tested their 
handling of the error you commit, and untested code breaks, that's a <beep> 
<beep> axiom.

Arnt