IETF Logo Mail Archive

Re: [ietf-smtp] why are we reinventing mta-sts ?

"John Levine" <johnl@taugh.com> Mon, 07 October 2019 16:28 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B6D65120813 for <ietf-smtp@ietfa.amsl.com>; Mon, 7 Oct 2019 09:28:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=Bj4Wxz1i; dkim=pass (1536-bit key) header.d=taugh.com header.b=QX/jWvx3
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cy38tqSGO1Ze for <ietf-smtp@ietfa.amsl.com>; Mon, 7 Oct 2019 09:28:28 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F1AE12080E for <ietf-smtp@ietf.org>; Mon, 7 Oct 2019 09:28:27 -0700 (PDT)
Received: (qmail 83776 invoked from network); 7 Oct 2019 16:28:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1473e.5d9b67a9.k1910; i=printer-iecc.com@submit.iecc.com; bh=Fm5huRaunlcE66EqIr5B9Db1mo8smCKiHki4kftPS+g=; b=Bj4Wxz1iAsBf8BYf35iYrbY+oCWexIdc+dzuYMFHWszLL96xOTQF0dpddC8YSRJAic7sgnQNekI5ptW+TyNu6Do3uXmui8ssbO2Ujdnl87lNF3aNinm0eaIRiHZWxYGgMNZPbrf7fId271UdqCFbEP7bYUwRtE6ix8oBWSYvx2BJaE12+gX6uZwkecjdLr4wtkWQzWHuFuDopSKaLcZmIjH2cCtMuVXy68yGkQhQ/9/Zsgl0yJqeMmobdPxsFgW6
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1473e.5d9b67a9.k1910; olt=printer-iecc.com@submit.iecc.com; bh=Fm5huRaunlcE66EqIr5B9Db1mo8smCKiHki4kftPS+g=; b=QX/jWvx31MElzC7l2aGm7lEJ1IKDNozpjrNWY6a3OHjha/2VyObztZwDZLMqmYaAMf3PoPFskbJB5mGl+0SPtyrlGXy6lHKaC2f+L90x1oL6leFuJnFjW9l23FkW9A6OhYuTCm5PHvHZkKnWBMGq9GFiTAjsVNevGzyd20jUE+EZoBVqweYzJaxngNF959FzcwoJ9UpOOPeT5/p21TuSA9F0IP0E9YZCmLjurs24fjAeDutmd5Cp0pAhjgNXbhTL
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 07 Oct 2019 16:28:24 -0000
Received: by ary.qy (Postfix, from userid 501) id 64ED8BB6CA1; Mon, 7 Oct 2019 12:28:24 -0400 (EDT)
Date: Mon, 07 Oct 2019 12:28:24 -0400
Message-Id: <20191007162824.64ED8BB6CA1@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf-smtp@ietf.org
Cc: moore@network-heretics.com
In-Reply-To: <948b775a-8191-8ab9-af09-28e89f7fc33b@network-heretics.com>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/wm6lcbnVH8xbsjP9X1sCGx-r4_k>
Subject: Re: [ietf-smtp] why are we reinventing mta-sts ?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 16:28:30 -0000

In article <948b775a-8191-8ab9-af09-28e89f7fc33b@network-heretics.com> you write:
>Clearly you can't trust the resolver.  But an answer to a DoT query to 
>an authoritative server seems like it would be sufficient, provided 
>there's assurance that the server really is authoritative.

There's no such thing as a DoT query to an authoritative server (or
DoH for that matter.)  At this point you can only set up DoT by
private arrangement with your resolver.

There's been some discussion about how an authoritative server
might signal that it accepts DoT but it hasn't gotten very far.

R's,
John

v2.23.0 | Report a Bug | By Email