IETF Logo Mail Archive

Re: [ietf-smtp] why are we reinventing mta-sts ?

Hector Santos <hsantos@isdg.net> Wed, 09 October 2019 16:55 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09AB71208B7 for <ietf-smtp@ietfa.amsl.com>; Wed, 9 Oct 2019 09:55:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=OY/9Ih1/; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=LjRMAj0q
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7dsw6Bd34BvP for <ietf-smtp@ietfa.amsl.com>; Wed, 9 Oct 2019 09:55:01 -0700 (PDT)
Received: from mail.winserver.com (ntbbs.santronics.com [76.245.57.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C41251208A9 for <ietf-smtp@ietf.org>; Wed, 9 Oct 2019 09:55:00 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1190; t=1570640096; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=9+ZX9xdjJa+rAXU6S2z3x+GUgOY=; b=OY/9Ih1/3+/RCKFhNawKZ3T2Y5qmYMRDG8dmGQisjxUH8DfHFXLvrw+mk7KT+n +Lud7YBAoMsYB8TTQV5rev76PqUR+68qzmc5rhjrn8OAdSipkbmz2rujnrYPuGvm UGHftcBjzcn1R3zu4jsLSpJnktlNKIvFTIIYS3id469Yw=
Received: by winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Wed, 09 Oct 2019 12:54:56 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com;
Received: from beta.winserver.com ([76.245.57.74]) by winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 2842481851.95624.5384; Wed, 09 Oct 2019 12:54:55 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1190; t=1570640042; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=QLTVXen 64LuxbHsIgq1Id+B7c3T/VQMzZMZ7VJbaIEM=; b=LjRMAj0qd0qrIOjeWupR+2P cWkQlB1Rz7dE+8RM/YAWFIe8oBK8iGGuNQ1KJveTUbV6w7/a8kOk7w9pw1ZDgXJf wSJ3UmhpoqSe7HaqB2SCtIUMv3MEUpcW3I/I3tXHML4dARE6qY6biTP9aSq9G3sa V2k3AoTxGFyjffahskrc=
Received: by beta.winserver.com (Wildcat! SMTP Router v8.0.454.9) for ietf-smtp@ietf.org; Wed, 09 Oct 2019 12:54:02 -0400
Received: from [192.168.1.68] ([75.26.216.248]) by beta.winserver.com (Wildcat! SMTP v8.0.454.9) with ESMTP id 521298766.1.5364; Wed, 09 Oct 2019 12:54:01 -0400
Message-ID: <5D9E10E1.6000601@isdg.net>
Date: Wed, 09 Oct 2019 12:54:57 -0400
From: Hector Santos <hsantos@isdg.net>
Reply-To: hsantos@isdg.net
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: ietf-smtp@ietf.org
References: <20191009082225.GA9444@gsp.org>
In-Reply-To: <20191009082225.GA9444@gsp.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/wGLWxuGE_I3WBjReJGf_5LtdTg8>
Subject: Re: [ietf-smtp] why are we reinventing mta-sts ?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Oct 2019 16:55:03 -0000

On 10/9/2019 4:22 AM, Rich Kulawiec wrote:
> On Tue, Oct 08, 2019 at 09:58:22AM -0400, Valdis Kl??tnieks wrote:
>> The point is that there's 3 basic cases:
>
> [ good analysis elided ]
>
> It's the resources outside these that can be a major problem.  In some
> environments, "offering another service to the public Internet" requires
> formal proposals, discussions, meetings, i's dotted and t's crossed,
> auditors placated, security people mollified, and so on.  And while
> in this particular case it can be argued "we're making email more secure
> by doing this" it still won't be an easy sell to some.
>
> (more generally) Making email more secure/private is goodness.  Doing it
> via multiple kludges based on TXT records and hostnames and HTTP and
> so on is not.  I'm (painfully) well aware of the obstacles in the way
> of doing it cleanly, but doing it this way incurs debt that sooner or
> later we'll have to pay.

+1

My concern is the increasing overhead and operational cost as well. 
Add HTTPS requirements with newer heighten PCI/SSL requirements like 
HSTS, and it can get really complicated with HTTPS client/server 
compatibility issues.


-- 
HLS

v2.23.0 | Report a Bug | By Email