Re: IETF mail server and SSLv3

ned+ietf@mauve.mrochek.com Fri, 05 February 2016 14:50 UTC

Return-Path: <ned+ietf@mauve.mrochek.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9BD561B39DE for <ietf@ietfa.amsl.com>; Fri, 5 Feb 2016 06:50:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6y4_nGKmWojf for <ietf@ietfa.amsl.com>; Fri, 5 Feb 2016 06:50:34 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [68.183.62.69]) by ietfa.amsl.com (Postfix) with ESMTP id 00D9D1B39DA for <ietf@ietf.org>; Fri, 5 Feb 2016 06:50:33 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PWBEB9EQNK0010ON@mauve.mrochek.com> for ietf@ietf.org; Fri, 5 Feb 2016 06:45:35 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="us-ascii"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PW7P38X61C00008P@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf@ietf.org; Fri, 05 Feb 2016 06:45:28 -0800 (PST)
From: ned+ietf@mauve.mrochek.com
Message-id: <01PWBEB7DVJY00008P@mauve.mrochek.com>
Date: Fri, 05 Feb 2016 06:42:34 -0800
Subject: Re: IETF mail server and SSLv3
In-reply-to: "Your message dated Fri, 05 Feb 2016 04:13:46 +0000" <20160205041346.GS19242@mournblade.imrryr.org>
References: <F38A9FEF-7DBB-4F40-860E-6CB425E5EEE3@ietf.org> <sjmvb66r1st.fsf@securerf.ihtfp.org> <20160204024001.GM19242@mournblade.imrryr.org> <C9624BB55C713BCF83E4A552@7AD4D3FB4841A5E367CCF211> <08CEE02F-74DF-4C5E-A116-AB66FD8516FA@dukhovni.org> <01PWAPWAKLJI00008P@mauve.mrochek.com> <20160205041346.GS19242@mournblade.imrryr.org>
To: Viktor Dukhovni <ietf-dane@dukhovni.org>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/40zzqRpNg_1Qe9wpAa5oE2xdCNg>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 14:50:35 -0000

> [1] http://www.postfix.org/TLS_README.html#client_tls_may

> 	With opportunistic TLS, mail delivery continues even if
> 	the server certificate is untrusted or bears the wrong
> 	name. When the TLS handshake fails for an opportunistic
> 	TLS session, rather than give up on mail delivery, the
> 	Postfix SMTP client retries the transaction with TLS
> 	disabled. Trying an unencrypted connection makes it possible
> 	to deliver mail to sites with non-interoperable server TLS
> 	implementations.

> The implementation and documentation of this was joint work with
> Wietse back in early 2006.  These days, when STARTTLS fails, Postfix
> tries other MX hosts first and if they all fail, defers the mail
> initially. Cleartext fallback kicks in on the second delivery
> attempt if STARTTLS fails again.

Actually, I consider this approach as unacceptable unless the second delivery
attempt occurs within a minute or two. (Which, incidentally, is a much shorter
retry period after deferral than the standards recommend.)

				Ned