IETF Logo Mail Archive

Re: [ietf-smtp] why are we reinventing mta-sts ?

"John Levine" <johnl@taugh.com> Mon, 07 October 2019 01:56 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C76A12013D for <ietf-smtp@ietfa.amsl.com>; Sun, 6 Oct 2019 18:56:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=mn2PKpS3; dkim=pass (1536-bit key) header.d=taugh.com header.b=nVyuESVj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gp8IRpe9sVhm for <ietf-smtp@ietfa.amsl.com>; Sun, 6 Oct 2019 18:56:19 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C26312002F for <ietf-smtp@ietf.org>; Sun, 6 Oct 2019 18:56:19 -0700 (PDT)
Received: (qmail 86334 invoked from network); 7 Oct 2019 01:56:17 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1513b.5d9a9b41.k1910; i=printer-iecc.com@submit.iecc.com; bh=53BvHCOfqe0+biVqHRUM23y+sqLX2DOPbSmlc1mWX2Q=; b=mn2PKpS3JSmQXd4tYaYET9GhXAW8ioxKWd62F5/xjmEF5ogNsrqxkoYQNaPttzkkxSaNA2buLMSdsnFjzMj806/Jb7LFA3/7mCC5CEPhEw1KOTvP7z/y4XASQruboMbEhyavxeS8aWwA+Qiv+c5wexYNPRVj33DyBHw/h9F2HaHUnZIZRsRD2e19WtU4SqFKbqzgyxx7jnbxhmgLo+tJjI49y23eb+e4udHfRMDMqrVFr6Ugh/TdRT75QMIG5Gsd
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1513b.5d9a9b41.k1910; olt=printer-iecc.com@submit.iecc.com; bh=53BvHCOfqe0+biVqHRUM23y+sqLX2DOPbSmlc1mWX2Q=; b=nVyuESVjtUE9zgz/opLg6iWzB4y5PBNqFihmpZX2HgxEdueS77rAJUXtKxppXJDkFqphSbsk0yDULxn8+2tH3fXXASuStPmzx2v+IlA25eZrgyF19seI760J8VJJFU6ysZNCO1AT+BlDv2SkYGdzrGkO66kt2K8yf5Fy64dxcn3BOc20nlVoxQNjNzoMvj4WikP+/EC8YSGzYj/CxkKlkwNpd+NCnKumlgMiNwfYfMRbvuMc1APIqDDN6LBdVtYP
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 07 Oct 2019 01:56:17 -0000
Received: by ary.qy (Postfix, from userid 501) id BE113BB3D68; Sun, 6 Oct 2019 21:56:16 -0400 (EDT)
Date: Sun, 06 Oct 2019 21:56:16 -0400
Message-Id: <20191007015616.BE113BB3D68@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf-smtp@ietf.org
In-Reply-To: <20191007002348.GA23742@x2.esmtp.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/xNq3FZWzYL86TpKHjyPstHz2qFg>
Subject: Re: [ietf-smtp] why are we reinventing mta-sts ?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 01:56:21 -0000

In article <20191007002348.GA23742@x2.esmtp.org> you write:
>> What's wrong with MTS-STS defined in RFC 8461?
>
>It requires an HTTPS server, thus adding an extra service and moving
>the "trust" problem to CAs (AFAICT).

I was there when we were defining MTA-STS and the people involved,
who work for companies that probably handle the majority of all of
the mail in the world, did not want it to depend on DNSSEC for
deployment reasons.

See sections 2 and 10 of RFC 8461.

If you like DNSSEC, you can publish a DANE TLSA record for your SMTP
server, and systems like Comcast that pay attention to DNSSEC will use
it to check that you support TLS and have the right cert.

v2.23.0 | Report a Bug | By Email