Re: IETF mail server and SSLv3
ned+ietf@mauve.mrochek.com Mon, 08 February 2016 16:54 UTC
Return-Path: <ned+ietf@mauve.mrochek.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F5A01B2F39 for <ietf@ietfa.amsl.com>; Mon, 8 Feb 2016 08:54:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.903
X-Spam-Level:
X-Spam-Status: No, score=-1.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LOVx03EAzJLH for <ietf@ietfa.amsl.com>; Mon, 8 Feb 2016 08:54:38 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [68.183.62.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5FB81B2F1D for <ietf@ietf.org>; Mon, 8 Feb 2016 08:54:37 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PWFPI0TVHS002333@mauve.mrochek.com> for ietf@ietf.org; Mon, 8 Feb 2016 08:49:33 -0800 (PST)
MIME-version: 1.0
Content-transfer-encoding: 8bit
Content-type: TEXT/PLAIN; charset="windows-1252"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01PW7P38X61C00008P@mauve.mrochek.com> (original mail from NED@mauve.mrochek.com) for ietf@ietf.org; Mon, 08 Feb 2016 08:49:26 -0800 (PST)
From: ned+ietf@mauve.mrochek.com
Message-id: <01PWFPHYMSA800008P@mauve.mrochek.com>
Date: Mon, 08 Feb 2016 08:35:31 -0800
Subject: Re: IETF mail server and SSLv3
In-reply-to: "Your message dated Mon, 08 Feb 2016 00:21:13 -0800" <4EF78885-B743-4134-A30E-AC7F38D5D6D1@cs.ucla.edu>
References: <F38A9FEF-7DBB-4F40-860E-6CB425E5EEE3@ietf.org> <000a01d1585b$60b68e60$4001a8c0@gateway.2wire.net> <FD83B269-D641-4207-B4EE-922747449B2E@piuha.net> <4EF78885-B743-4134-A30E-AC7F38D5D6D1@cs.ucla.edu>
To: Lixia Zhang <lixia@cs.ucla.edu>
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/cVjAwBUNq-UigvwMtv8CDeeLMGU>
Cc: Phillip Hallam-Baker <phill@hallambaker.com>, IETF <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Feb 2016 16:54:39 -0000
> > On Jan 26, 2016, at 1:16 PM, Jari Arkko <jari.arkko@piuha.net> wrote: > > > > Tom, Phillip, > > > > Impressive? Not much. If anything, I feel a bit > > embarrassed that we are updating our servers > > only now :-) > > > > This really was just an IETF service announcement. > > The tools team felt that if we are making changes > > we should announce them rather than surprise > > anybody. We plan to announce similar other things > > as well, when there are changes. And I certainly > > believe this particular change was a technically > > reasonable thing to do. > > > > We do of course have other things to discuss — > > how much the IETF is doing for improving email > > security in the Internet, and what can be done to > > it to begin with. But that is a broader topic that > > IMO, doesn’t have much to do with what specific > > arrangements we have for our own e-mail > > server (and at a particular layer of that server, > > even). Phillip’s questions are very rasonable > > in that broader topic, however. > and supposedly that's on the table now? > would be good to hear what's the plan here. Well, let's see. We have the UTA WG, which among other things is reworking the standards having to do with email's use of TLS. We have the DMARC WG, which is addressing various issues surrounding the use of DMARC, including but not limited to trying to solve the DMARC-list interaction problem. The DANE WG is working on one draft on using secure DNS for S/MIME certificates, another on using DANE to associate PGP keys with email addresses. And historically has done a bunch of work on SMTP security using DANE. There are regular discussion of various email security issues - far too many to list here - on the ietf-smtp, perpass, and appsawg lists. And there are probably other lists I'm forgetting about. In summary, a lot of work has been done, and a lot more work is underway. But none of this seems especially relevant in this context, so this is all I'm going to say about it. Ned
- Re: IETF mail server and SSLv3 Lixia Zhang
- Re: IETF mail server and SSLv3 John C Klensin
- Re: IETF mail server and SSLv3 John Levine
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- IETF mail server and SSLv3 IETF Chair
- Re: IETF mail server and SSLv3 tom p.
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 Jari Arkko
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 Jari Arkko
- Re: IETF mail server and SSLv3 Derek Atkins
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 John C Klensin
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 John C Klensin
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 Lixia Zhang
- Re: IETF mail server and SSLv3 John C Klensin
- Re: IETF mail server and SSLv3 Martin Rex
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Solarus
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Solarus
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Martin Rex
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Russ Housley
- Re: IETF mail server and SSLv3 Randy Bush
- Re: IETF mail server and SSLv3 Stephen Farrell
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Doug Barton
- RE: IETF mail server and SSLv3 Christian Huitema