Re: [ietf-smtp] why are we reinventing mta-sts ?
Daniel Margolis <dmargolis@google.com> Mon, 07 October 2019 09:11 UTC
Return-Path: <dmargolis@google.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B229712008B for <ietf-smtp@ietfa.amsl.com>; Mon, 7 Oct 2019 02:11:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.5
X-Spam-Level:
X-Spam-Status: No, score=-17.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yslMCa5Xef7s for <ietf-smtp@ietfa.amsl.com>; Mon, 7 Oct 2019 02:11:19 -0700 (PDT)
Received: from mail-vs1-xe34.google.com (mail-vs1-xe34.google.com [IPv6:2607:f8b0:4864:20::e34]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E62312006F for <ietf-smtp@ietf.org>; Mon, 7 Oct 2019 02:11:19 -0700 (PDT)
Received: by mail-vs1-xe34.google.com with SMTP id w195so8375270vsw.11 for <ietf-smtp@ietf.org>; Mon, 07 Oct 2019 02:11:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ehtgjt0UhMUZvMgDDB/RbtNtYbP4kUI+KKm5EWZK1js=; b=AhcR4CKpQXEqjiWklNtNJ9OAT/sxN57gq5c6VOP+8T11mhjjQJ8hrSL/mWPqZ5yAlY USra3FOwikvMlrHgKfZx2BhJmudsptJyqJYxVep2KngEftka+Verlm8dFNXX0kgEWa5H Q0xc2RwFApWF1ysSam+sehmuri6wLkPm50f713XMnZRrQHS8quX7o9npVCJQVQVt3Q/Q hqDPi4SP2CVZO/AtEaxEENc3PoLh/hz9CQtw+LoRUlG1eiKfAx2B4MX9Cq1UOlrSrFNM FUmJ5qIPOq2WM0nULeAbKinVNU16oh1UTpNG+vserQI5HcouTKDdMhDLmAfPhqpuwMl2 UI/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ehtgjt0UhMUZvMgDDB/RbtNtYbP4kUI+KKm5EWZK1js=; b=EbasBdmMgDW8BZ/mT6VxD793eB/7IgHgRLQqH1fKJO+21Krw9N1KE0RJSL0yEncoui iX8796xjF7+wzqP51MG9KHr0Pv17+72BmWNBORSdGroOyxwCo477I7mXDoQfZB6o4ofx jILj7E1NSoQIsaXZa3Y2E6mWStPKp0AVl6qE6hsyT3W2ddUzgfy7FYSctgbeiQ6HSPXG 53l10/uwB9810074CMzDMxgNT60UWAQQRR/DUJsJNKP5SJyWKhVcewvmWRq0ffKFfc6Z aVPevGGAlwiWp8VI2qDSacRNPzZQQOqPPixiaBEEhrbEN7pQQaAhlNkotGmiqx2TesiF w+rg==
X-Gm-Message-State: APjAAAUuF5uZttvZ4ky0kJ2TOOE4mAyHqZz66Htnh7TvYevESoQF7s1M 6Mj8seEz/hn4Zc1UwshXT9onyCRLmGcFTUVuxbqPO8bsjineYQ==
X-Google-Smtp-Source: APXvYqxzGI6JrT8p2jihLC4SJYQUl7iWHNvjutuWI81X4oFEDXjE6kCTUtVu9NtVZ6xvUI8cZ/Exw07aoWcyWLW2tfo=
X-Received: by 2002:a67:fd6a:: with SMTP id h10mr14317358vsa.146.1570439478021; Mon, 07 Oct 2019 02:11:18 -0700 (PDT)
MIME-Version: 1.0
References: <20191007002348.GA23742@x2.esmtp.org> <20191007015616.BE113BB3D68@ary.qy>
In-Reply-To: <20191007015616.BE113BB3D68@ary.qy>
From: Daniel Margolis <dmargolis@google.com>
Date: Mon, 07 Oct 2019 11:11:06 +0200
Message-ID: <CANtKdUeC0NVfvVpbHtwd=OoO=BoT8KNWVx8BGF-GPZPU-zo6QA@mail.gmail.com>
To: John Levine <johnl@taugh.com>
Cc: ietf-smtp@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000439ffe05944e6fdc"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/uCHvVLNI6ikbudJeLc4oZW7iKOo>
Subject: Re: [ietf-smtp] why are we reinventing mta-sts ?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 09:11:22 -0000
I've only quickly skimmed the original thread, but it seems like the argument is about this magic DNS prefix for MX records that would indicate "this MX should offer STARTTLS", right? As John says, the new proposal also requires DNSSEC, no? It seems like the primary difference is that the new proposal is simpler by indicating only that the server supports TLS, but not what identity it presents? Why is that desirable? On Mon, Oct 7, 2019 at 3:56 AM John Levine <johnl@taugh.com> wrote: > In article <20191007002348.GA23742@x2.esmtp.org> you write: > >> What's wrong with MTS-STS defined in RFC 8461? > > > >It requires an HTTPS server, thus adding an extra service and moving > >the "trust" problem to CAs (AFAICT). > > I was there when we were defining MTA-STS and the people involved, > who work for companies that probably handle the majority of all of > the mail in the world, did not want it to depend on DNSSEC for > deployment reasons. > > See sections 2 and 10 of RFC 8461. > > If you like DNSSEC, you can publish a DANE TLSA record for your SMTP > server, and systems like Comcast that pay attention to DNSSEC will use > it to check that you support TLS and have the right cert. > > > > > > _______________________________________________ > ietf-smtp mailing list > ietf-smtp@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-smtp > -- How's my emailing? http://go/dan-email-slo
- Re: [ietf-smtp] why are we reinventing mta-sts ? John R Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Claus Assmann
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Daniel Margolis
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Дилян Палаузов
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? John R Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Stan Kalisch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Daniel Margolis
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Rich Kulawiec
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Tony Finch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Tony Finch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] MTA-STS scale (was: why are we re… Viktor Dukhovni
- Re: [ietf-smtp] why are we reinventing mta-sts ? Rich Kulawiec
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Hector Santos
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viktor Dukhovni
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] [OT] (signed TLDs) John R Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- Re: [ietf-smtp] [OT] (signed TLDs) Arnt Gulbrandsen
- Re: [ietf-smtp] [OT] (signed TLDs) Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- Re: [ietf-smtp] [OT] (signed TLDs) Keith Moore
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Mark Andrews
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- [ietf-smtp] HTTPS degrading (was: [OT] (signed TL… Keith Moore
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] HTTPS degrading Hector Santos