IETF Logo Mail Archive

Re: [ietf-smtp] HTTPS degrading

Hector Santos <hsantos@isdg.net> Wed, 16 October 2019 17:59 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC82F12094A for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Oct 2019 10:59:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=YOKoAZMk; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=GRCjtOvS
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id j39-H_7BwlZN for <ietf-smtp@ietfa.amsl.com>; Wed, 16 Oct 2019 10:59:20 -0700 (PDT)
Received: from mail.winserver.com (listserv.winserver.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6C35120935 for <ietf-smtp@ietf.org>; Wed, 16 Oct 2019 10:59:20 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1181; t=1571248759; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=xO58lIKIRioenEQ9w8LHZ4LsDVM=; b=YOKoAZMk3+lV1Ejr8WXwP/roo7w1WWUOeFNSLTBQqylJDOe2Y3J1exhr1WGB4/ WBbT1Mpl12Sls7Bl/PsdwmQAxfVZ6eUsWRF7963i5jELHu4gHy9XjaFtMXx+ZLps uS1UfQZJEk30fm1eUeA6GILdOTlV5kDKSomDRkxWx2QRQ=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Wed, 16 Oct 2019 13:59:19 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 3451138191.1.4276; Wed, 16 Oct 2019 13:59:18 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1181; t=1571248693; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=caMssjG XdbYHp+hMx5XUaD9zjug6aj4RZlv67GINiGI=; b=GRCjtOvSUQQyV7Lenpa2Q+H rD818Q4VPXmVRsCv9x83XBDTSc6wK1V5Y/TQhXMOaogN6LnXhkbiDPMzMpuxYff2 32Sgr1fVguuxoHGGUDd5qj1ICxDiYAtWzXB7XU9Qjcinoi8sCL7xbc4nr52XJmU2 I5reOeMjECW6TrVIE3oo=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Wed, 16 Oct 2019 13:58:13 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 1129950266.44280.11012; Wed, 16 Oct 2019 13:58:12 -0400
Message-ID: <5DA75A77.2080701@isdg.net>
Date: Wed, 16 Oct 2019 13:59:19 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: ietf-smtp@ietf.org
References: <20191011160802.50C81C9B780@ary.qy> <alpine.DEB.2.20.1910141200120.8949@grey.csi.cam.ac.uk> <alpine.OSX.2.21.99999.368.1910141020460.72467@ary.local> <alpine.DEB.2.20.1910151228410.8949@grey.csi.cam.ac.uk> <5DA5F942.5030307@isdg.net> <96055.1571170998@turing-police> <5DA6743B.5070202@isdg.net> <0ab60cd9-759a-572a-622f-41c841e69350@network-heretics.com> <5DA68EDE.1010201@isdg.net> <5943d7fe-e9a4-41d5-3b90-2af364e043ad@network-heretics.com>
In-Reply-To: <5943d7fe-e9a4-41d5-3b90-2af364e043ad@network-heretics.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/n4WdwrNIl0dAlrCnAlxFOxIjGrA>
Subject: Re: [ietf-smtp] HTTPS degrading
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2019 17:59:23 -0000

On 10/16/2019 3:03 AM, Keith Moore wrote:
> On 10/15/19 11:30 PM, Hector Santos wrote:
>
>> What I am seeing for the first time ever in HTTP history, HTTP comm
>> I/O is ok, HTTPS is degraded by the ISP if self-signed.
>
> How do you know that it's the ISP that's doing the degrading?

I provided detailed info off-list, but you're right. I don't know for 
sure, but the ISP escalation engineer has acknowledged the HTTPS 
degradation problem is occurring with WAN comm I/O. Not LAN comm I/O, 
and only HTTPS. HTTP is fine.

I am trying to get a handle on it. Technically, at this point, it 
appears when CA-signed certs are used or a HTTP 1.1 persistent socket 
connection is in play, this "mysterious," passive network security 
proxy degradation problem disappears.  It appears to be new, isolated 
and experimental with my small biz as a guinea pig.

If SMTP operations evolve to where similar enforcement with CA-signed 
certs occurs, we probably won't see much of a degradation to notice 
anything since for the most part, it is a single-shot transfer of a 
payload.  But with HTTPS, a page can have 10s, 100s of requests to 
complete the page display.

-- 
HLS

v2.23.0 | Report a Bug | By Email