Re: IETF mail server and SSLv3

John C Klensin <john-ietf@jck.com> Thu, 04 February 2016 22:31 UTC

Date: Thu, 04 Feb 2016 11:22:57 -0500
From: John C Klensin <john-ietf@jck.com>
To: ietf@ietf.org
Subject: Re: IETF mail server and SSLv3
Message-ID: <C9624BB55C713BCF83E4A552@7AD4D3FB4841A5E367CCF211>
In-Reply-To: <20160204024001.GM19242@mournblade.imrryr.org>
References: <F38A9FEF-7DBB-4F40-860E-6CB425E5EEE3@ietf.org> <sjmvb66r1st.fsf@securerf.ihtfp.org> <20160204024001.GM19242@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/TWYtb8lQ35AUZZC0d28SaMnklMw>
Precedence: list

--On Thursday, 04 February, 2016 02:40 +0000 Viktor Dukhovni
<ietf-dane@dukhovni.org> wrote:

>...
> I am quite comfortable at this time with a requirement of
> better than SSLv3 for SMTP on the public Internet.

Unless there is a fallback to clear text, I am not.  If we were
to succeed in creating a situation in which the only email that
could be sent or received on the public Internet was encrypted
in transit (and, by the way, encrypted or otherwise very well
protected and secured on relays and in mail stores), I think it
is only a matter of time before some government resorts to the
time-honored approach of making the use of crypto illegal and
specifying harsh punishments for its use.   

The effect of such a decision would be to cause whole countries
to vanish from the connected email network environment.    I
think that would be undesirable in general and inappropriate for
IETF materials and discussions.   For that and other reasons, I
think there is a balance to be struck between being open and
transparent and trying to insist on high levels of privacy for
things that are really need very little privacy protection (or
that are fully public in other ways, e.g., by appearing in
generally-accessible archives).  YMMD.

     john

Re: IETF mail server and SSLv3 Lixia Zhang
Re: IETF mail server and SSLv3 John C Klensin
Re: IETF mail server and SSLv3 John Levine
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Phillip Hallam-Baker
IETF mail server and SSLv3 IETF Chair
Re: IETF mail server and SSLv3 tom p.
Re: IETF mail server and SSLv3 Phillip Hallam-Baker
Re: IETF mail server and SSLv3 Jari Arkko
Re: IETF mail server and SSLv3 Phillip Hallam-Baker
Re: IETF mail server and SSLv3 Jari Arkko
Re: IETF mail server and SSLv3 Derek Atkins
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 John C Klensin
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 ned+ietf
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 ned+ietf
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Phillip Hallam-Baker
Re: IETF mail server and SSLv3 ned+ietf
Re: IETF mail server and SSLv3 ned+ietf
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Phillip Hallam-Baker
Re: IETF mail server and SSLv3 John C Klensin
Re: IETF mail server and SSLv3 ned+ietf
Re: IETF mail server and SSLv3 ned+ietf
Re: IETF mail server and SSLv3 Lixia Zhang
Re: IETF mail server and SSLv3 John C Klensin
Re: IETF mail server and SSLv3 Martin Rex
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Solarus
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Solarus
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Martin Rex
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Russ Housley
Re: IETF mail server and SSLv3 Randy Bush
Re: IETF mail server and SSLv3 Stephen Farrell
Re: IETF mail server and SSLv3 Phillip Hallam-Baker
Re: IETF mail server and SSLv3 Viktor Dukhovni
Re: IETF mail server and SSLv3 Doug Barton
RE: IETF mail server and SSLv3 Christian Huitema