Re: [ietf-smtp] HTTPS degrading
Hector Santos <hsantos@isdg.net> Wed, 16 October 2019 17:59 UTC
Return-Path: <hsantos@isdg.net>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC82F12094A for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Oct 2019 10:59:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=YOKoAZMk; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=GRCjtOvS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j39-H_7BwlZN for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Oct 2019 10:59:20 -0700 (PDT)
Received: from mail.winserver.com (listserv.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6C35120935 for <ietf-smtp@ietf.org>; Wed, 16 Oct 2019 10:59:20 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1181; t=1571248759; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=xO58lIKIRioenEQ9w8LHZ4LsDVM=; b=YOKoAZMk3+lV1Ejr8WXwP/roo7w1WWUOeFNSLTBQqylJDOe2Y3J1exhr1WGB4/ WBbT1Mpl12Sls7Bl/PsdwmQAxfVZ6eUsWRF7963i5jELHu4gHy9XjaFtMXx+ZLps uS1UfQZJEk30fm1eUeA6GILdOTlV5kDKSomDRkxWx2QRQ=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Wed, 16 Oct 2019 13:59:19 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3451138191.1.4276; Wed, 16 Oct 2019 13:59:18 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1181; t=1571248693; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=caMssjG XdbYHp+hMx5XUaD9zjug6aj4RZlv67GINiGI=; b=GRCjtOvSUQQyV7Lenpa2Q+H rD818Q4VPXmVRsCv9x83XBDTSc6wK1V5Y/TQhXMOaogN6LnXhkbiDPMzMpuxYff2 32Sgr1fVguuxoHGGUDd5qj1ICxDiYAtWzXB7XU9Qjcinoi8sCL7xbc4nr52XJmU2 I5reOeMjECW6TrVIE3oo=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Wed, 16 Oct 2019 13:58:13 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 1129950266.44280.11012; Wed, 16 Oct 2019 13:58:12 -0400
Message-ID: <5DA75A77.2080701@isdg.net>
Date: Wed, 16 Oct 2019 13:59:19 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: ietf-smtp@ietf.org
References: <20191011160802.50C81C9B780@ary.qy> <alpine.DEB.2.20.1910141200120.8949@grey.csi.cam.ac.uk> <alpine.OSX.2.21.99999.368.1910141020460.72467@ary.local> <alpine.DEB.2.20.1910151228410.8949@grey.csi.cam.ac.uk> <5DA5F942.5030307@isdg.net> <96055.1571170998@turing-police> <5DA6743B.5070202@isdg.net> <0ab60cd9-759a-572a-622f-41c841e69350@network-heretics.com> <5DA68EDE.1010201@isdg.net> <5943d7fe-e9a4-41d5-3b90-2af364e043ad@network-heretics.com>
In-Reply-To: <5943d7fe-e9a4-41d5-3b90-2af364e043ad@network-heretics.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/n4WdwrNIl0dAlrCnAlxFOxIjGrA>
Subject: Re: [ietf-smtp] HTTPS degrading
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2019 17:59:23 -0000
On 10/16/2019 3:03 AM, Keith Moore wrote: > On 10/15/19 11:30 PM, Hector Santos wrote: > >> What I am seeing for the first time ever in HTTP history, HTTP comm >> I/O is ok, HTTPS is degraded by the ISP if self-signed. > > How do you know that it's the ISP that's doing the degrading? I provided detailed info off-list, but you're right. I don't know for sure, but the ISP escalation engineer has acknowledged the HTTPS degradation problem is occurring with WAN comm I/O. Not LAN comm I/O, and only HTTPS. HTTP is fine. I am trying to get a handle on it. Technically, at this point, it appears when CA-signed certs are used or a HTTP 1.1 persistent socket connection is in play, this "mysterious," passive network security proxy degradation problem disappears. It appears to be new, isolated and experimental with my small biz as a guinea pig. If SMTP operations evolve to where similar enforcement with CA-signed certs occurs, we probably won't see much of a degradation to notice anything since for the most part, it is a single-shot transfer of a payload. But with HTTPS, a page can have 10s, 100s of requests to complete the page display. -- HLS
- Re: [ietf-smtp] why are we reinventing mta-sts ? John R Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Claus Assmann
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Daniel Margolis
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Дилян Палаузов
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? John R Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Stan Kalisch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Daniel Margolis
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Rich Kulawiec
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Tony Finch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Tony Finch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] MTA-STS scale (was: why are we re… Viktor Dukhovni
- Re: [ietf-smtp] why are we reinventing mta-sts ? Rich Kulawiec
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Hector Santos
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viktor Dukhovni
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] [OT] (signed TLDs) John R Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- Re: [ietf-smtp] [OT] (signed TLDs) Arnt Gulbrandsen
- Re: [ietf-smtp] [OT] (signed TLDs) Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- Re: [ietf-smtp] [OT] (signed TLDs) Keith Moore
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Mark Andrews
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- [ietf-smtp] HTTPS degrading (was: [OT] (signed TL… Keith Moore
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] HTTPS degrading Hector Santos