Re: [ietf-smtp] why are we reinventing mta-sts ?
"John Levine" <johnl@taugh.com> Mon, 07 October 2019 01:56 UTC
Return-Path: <johnl@iecc.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C76A12013D for <ietf-smtp@ietfa.amsl.com>; Sun, 6 Oct 2019 18:56:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.75
X-Spam-Level:
X-Spam-Status: No, score=-1.75 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.25, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=mn2PKpS3; dkim=pass (1536-bit key) header.d=taugh.com header.b=nVyuESVj
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gp8IRpe9sVhm for <ietf-smtp@ietfa.amsl.com>; Sun, 6 Oct 2019 18:56:19 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4C26312002F for <ietf-smtp@ietf.org>; Sun, 6 Oct 2019 18:56:19 -0700 (PDT)
Received: (qmail 86334 invoked from network); 7 Oct 2019 01:56:17 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1513b.5d9a9b41.k1910; i=printer-iecc.com@submit.iecc.com; bh=53BvHCOfqe0+biVqHRUM23y+sqLX2DOPbSmlc1mWX2Q=; b=mn2PKpS3JSmQXd4tYaYET9GhXAW8ioxKWd62F5/xjmEF5ogNsrqxkoYQNaPttzkkxSaNA2buLMSdsnFjzMj806/Jb7LFA3/7mCC5CEPhEw1KOTvP7z/y4XASQruboMbEhyavxeS8aWwA+Qiv+c5wexYNPRVj33DyBHw/h9F2HaHUnZIZRsRD2e19WtU4SqFKbqzgyxx7jnbxhmgLo+tJjI49y23eb+e4udHfRMDMqrVFr6Ugh/TdRT75QMIG5Gsd
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding; s=1513b.5d9a9b41.k1910; olt=printer-iecc.com@submit.iecc.com; bh=53BvHCOfqe0+biVqHRUM23y+sqLX2DOPbSmlc1mWX2Q=; b=nVyuESVjtUE9zgz/opLg6iWzB4y5PBNqFihmpZX2HgxEdueS77rAJUXtKxppXJDkFqphSbsk0yDULxn8+2tH3fXXASuStPmzx2v+IlA25eZrgyF19seI760J8VJJFU6ysZNCO1AT+BlDv2SkYGdzrGkO66kt2K8yf5Fy64dxcn3BOc20nlVoxQNjNzoMvj4WikP+/EC8YSGzYj/CxkKlkwNpd+NCnKumlgMiNwfYfMRbvuMc1APIqDDN6LBdVtYP
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.2 ECDHE-RSA AES-256-GCM AEAD, printer@iecc.com) via TCP6; 07 Oct 2019 01:56:17 -0000
Received: by ary.qy (Postfix, from userid 501) id BE113BB3D68; Sun, 6 Oct 2019 21:56:16 -0400 (EDT)
Date: Sun, 06 Oct 2019 21:56:16 -0400
Message-Id: <20191007015616.BE113BB3D68@ary.qy>
From: John Levine <johnl@taugh.com>
To: ietf-smtp@ietf.org
In-Reply-To: <20191007002348.GA23742@x2.esmtp.org>
Organization: Taughannock Networks
X-Headerized: yes
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/xNq3FZWzYL86TpKHjyPstHz2qFg>
Subject: Re: [ietf-smtp] why are we reinventing mta-sts ?
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Oct 2019 01:56:21 -0000
In article <20191007002348.GA23742@x2.esmtp.org> you write: >> What's wrong with MTS-STS defined in RFC 8461? > >It requires an HTTPS server, thus adding an extra service and moving >the "trust" problem to CAs (AFAICT). I was there when we were defining MTA-STS and the people involved, who work for companies that probably handle the majority of all of the mail in the world, did not want it to depend on DNSSEC for deployment reasons. See sections 2 and 10 of RFC 8461. If you like DNSSEC, you can publish a DANE TLSA record for your SMTP server, and systems like Comcast that pay attention to DNSSEC will use it to check that you support TLS and have the right cert.
- Re: [ietf-smtp] why are we reinventing mta-sts ? John R Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Claus Assmann
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Daniel Margolis
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Дилян Палаузов
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? John R Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Stan Kalisch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Daniel Margolis
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] why are we reinventing mta-sts ? Rich Kulawiec
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Tony Finch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Keith Moore
- Re: [ietf-smtp] why are we reinventing mta-sts ? Tony Finch
- Re: [ietf-smtp] why are we reinventing mta-sts ? Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viruthagiri Thirumavalavan
- Re: [ietf-smtp] MTA-STS scale (was: why are we re… Viktor Dukhovni
- Re: [ietf-smtp] why are we reinventing mta-sts ? Rich Kulawiec
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] why are we reinventing mta-sts ? Hector Santos
- Re: [ietf-smtp] why are we reinventing mta-sts ? Viktor Dukhovni
- Re: [ietf-smtp] why are we reinventing mta-sts ? John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] [OT] (signed TLDs) John R Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- Re: [ietf-smtp] [OT] (signed TLDs) Arnt Gulbrandsen
- Re: [ietf-smtp] [OT] (signed TLDs) Valdis Kl=?utf-8?Q?=c4=93?=tnieks
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- Re: [ietf-smtp] [OT] (signed TLDs) Keith Moore
- Re: [ietf-smtp] [OT] (signed TLDs) John Levine
- Re: [ietf-smtp] [OT] (signed TLDs) Mark Andrews
- Re: [ietf-smtp] [OT] (signed TLDs) Viktor Dukhovni
- Re: [ietf-smtp] [OT] (signed TLDs) Hector Santos
- [ietf-smtp] HTTPS degrading (was: [OT] (signed TL… Keith Moore
- Re: [ietf-smtp] [OT] (signed TLDs) Tony Finch
- Re: [ietf-smtp] HTTPS degrading Hector Santos