IETF Logo Mail Archive

Re: [ietf-smtp] Possible contribution to moving forward with RFC5321bis SMTP

Keith Moore <moore@network-heretics.com> Wed, 01 January 2020 19:18 UTC

Return-Path: <moore@network-heretics.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9F8161200D7 for <ietf-smtp@ietfa.amsl.com>; Wed, 1 Jan 2020 11:18:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zad5944HM6zB for <ietf-smtp@ietfa.amsl.com>; Wed, 1 Jan 2020 11:18:20 -0800 (PST)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E4A09120099 for <ietf-smtp@ietf.org>; Wed, 1 Jan 2020 11:18:19 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id 28AF42233F; Wed, 1 Jan 2020 14:18:19 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute6.internal (MEProxy); Wed, 01 Jan 2020 14:18:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=x5fZjL j2kUkN4Myr/ihHOuclWLrw7v/jZ93v4OowK48=; b=U7nu0wfIL1UBtmWZ11BCnD LzbrK3voQP/RfNsbZJNiR+iYDPFq1gZsi5rZhRcazoxBFSal/ZvDGHBsKwhJBNxv 2aWCw8Ch2A0gFOGO5AOSlYP2Cii1wmCANRmEz+XdmZtw/xn5BOn/IldoFK+GPQow YEc/25JYH0lN24QeHvMoMgQLEBGJaqtaxG2CYHlJRpceyFON9m8gNbDqU6iGjYOq VMX5DgME+Le40l58fZvhoYv0gQV9uc20lsWyTHPGNZMUlJmsjkuNE7qCwoda4+U3 1LDV6VQ22JeMXdh/jGZ0+uT0CDRnkgP9lAICsg/aTuOEJK7jDhqrgud+g8G3pfOg ==
X-ME-Sender: <xms:evAMXmkjIa4RIX3K7o0wWseUJCSuwDVdemwZCqkp7FLZq99GnaxTHA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedufedrvdefledguddvvdcutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepuffvfhfhkffffgggjggtsegrtd erredtfeejnecuhfhrohhmpefmvghithhhucfoohhorhgvuceomhhoohhrvgesnhgvthif ohhrkhdqhhgvrhgvthhitghsrdgtohhmqeenucffohhmrghinhepvgiivghmrghilhhsvg hrvhgvrhdrtghomhenucfkphepuddtkedrvddvuddrudektddrudehnecurfgrrhgrmhep mhgrihhlfhhrohhmpehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh enucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:evAMXpx_5RUnbjdopH96RccYbya-cVz3JK6UWncuhIVbB-uAhXvFfQ> <xmx:evAMXnuavgyP1Ul1am9ibAQZSNA5sFyCR2lNzwlqLmTEe4_mpnkjLg> <xmx:evAMXl_4Je-vnRgI368IiCJGtBra3_1qKS-KRDjMSddJTYCpCvfHVQ> <xmx:e_AMXh16qbJc2eoV2m5sWbyA10VY7MeiyydXxDMIm9GWQ8Puxew-tA>
Received: from [192.168.1.97] (108-221-180-15.lightspeed.knvltn.sbcglobal.net [108.221.180.15]) by mail.messagingengine.com (Postfix) with ESMTPA id 65D0880061; Wed, 1 Jan 2020 14:18:18 -0500 (EST)
To: ietf-smtp@ietf.org
References: <20200101175510.8549A11E2905@ary.qy> <D441E0BE-1F32-4329-9296-A5026540E8D0@dukhovni.org> <994e7a23-9e80-4751-6067-8863ad0ee72f@network-heretics.com> <CF9346F4-3B98-42B6-8DAB-3CCF932AAC11@dukhovni.org>
From: Keith Moore <moore@network-heretics.com>
Message-ID: <336f72e2-ca72-8ede-510b-e8f7c4506ccd@network-heretics.com>
Date: Wed, 01 Jan 2020 14:18:17 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <CF9346F4-3B98-42B6-8DAB-3CCF932AAC11@dukhovni.org>
Content-Type: multipart/alternative; boundary="------------490CEB3BE28AAAABDB317A21"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/ksp2Vz4v9rZKWM1LMjuTsQVxRJk>
Subject: Re: [ietf-smtp] Possible contribution to moving forward with RFC5321bis SMTP
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jan 2020 19:18:22 -0000

On 1/1/20 2:01 PM, Viktor Dukhovni wrote:

>> FWIW, Let's Encrypt doesn't currently issue client certificates.
> Actually, it does, for example:
>
>          Issuer: C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
>          Validity
>              Not Before: Oct 24 07:01:29 2019 GMT
>              Not After : Jan 22 07:01:29 2020 GMT
>          Subject: CN = box.ezemailserver.com
>          Subject Public Key Info:
>              Public Key Algorithm: rsaEncryption
>                  RSA Public-Key: (2048 bit)
>                  Modulus:
>                      [...]
>                  Exponent: 65537 (0x10001)
>          X509v3 extensions:
>              X509v3 Key Usage: critical
>                  Digital Signature, Key Encipherment
>              X509v3 Extended Key Usage:
>                  TLS Web Server Authentication, TLS Web Client Authentication
>
> The EKU lists both TLS server and TLS client roles.

Interesting.   I misread the text on their web site.   Thanks for 
pointing that out.

Keith

v2.23.0 | Report a Bug | By Email