Re: IETF mail server and SSLv3
John C Klensin <john-ietf@jck.com> Fri, 05 February 2016 18:48 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3A4E1A877E for <ietf@ietfa.amsl.com>; Fri, 5 Feb 2016 10:48:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQ1fr_h_IKW3 for <ietf@ietfa.amsl.com>; Fri, 5 Feb 2016 10:48:06 -0800 (PST)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 448A71A8749 for <ietf@ietf.org>; Fri, 5 Feb 2016 10:48:06 -0800 (PST)
Received: from [198.252.137.10] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1aRlQI-000Ge4-Sa; Fri, 05 Feb 2016 13:48:02 -0500
Date: Fri, 05 Feb 2016 13:47:57 -0500
From: John C Klensin <john-ietf@jck.com>
To: ned+ietf@mauve.mrochek.com, Viktor Dukhovni <ietf-dane@dukhovni.org>
Subject: Re: IETF mail server and SSLv3
Message-ID: <95A916D4082869CD35407358@JcK-HP8200.jck.com>
In-Reply-To: <01PWAPWAKLJI00008P@mauve.mrochek.com>
References: <F38A9FEF-7DBB-4F40-860E-6CB425E5EEE3@ietf.org> <sjmvb66r1st.fsf@securerf.ihtfp.org> <20160204024001.GM19242@mournblade.imrryr.org> <C9624BB55C713BCF83E4A552@7AD4D3FB4841A5E367CCF211> <08CEE02F-74DF-4C5E-A116-AB66FD8516FA@dukhovni.org> <01PWAPWAKLJI00008P@mauve.mrochek.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/zfl5AhEP29Q-ZwKIC2hJ1gPYh48>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 18:48:08 -0000
--On Thursday, February 04, 2016 19:00 -0800 ned+ietf@mauve.mrochek.com wrote: >> > On Feb 4, 2016, at 11:22 AM, John C Klensin >> > <john-ietf@jck.com> wrote: >> > >> >> I am quite comfortable at this time with a requirement of >> >> better than SSLv3 for SMTP on the public Internet. >> > >> > Unless there is a fallback to clear text, I am not. > >> Yes, of course with cleartext transmission in the absence of >> STARTTLS support. I had expected that would have been clear >> from context. > > That's in no way sufficient. Not only do you have to be > willing to do without STARTTLS, you also have to be willing to > close the connection and try another in the event that the > server offers STARTTLS, the client attempts to use it but the > TLS negotiation fails for some reason. > > I suspect this is the "fallback" John was talking about. I hadn't thought through all of the details but more or less yes. > Not all SMTP clients offer this capability, and without it you > can get into stuck message situations. > >> The point being that systems that are STARTTLS-capable are at >> this point essentially without exception capable of TLSv1 or >> better. > > Maybe. But even if this is true, there are other ways for TLS > negotiation to fail. (The one that has been the biggest > nuisance historically is where TLS is enabled on the server > but no certificate is installed, causing all attempts to use > TLS to fail unconditionally.) In addition, the IETF often fails to understand how slowly change occurs, especially when the changes are expected to replace existing practices that seem to work. We've still got messaging systems around that haven't fully gotten MIME and that therefore still using "message and attachments" models. Similarly, 18 or 19 years ago, our big focus was on authentication rather than privacy and the IETF was on an anti-password tear, so we developed CRAM-MD5, not just as a serious proposal but a hack to show that, with the technology of the time, it was possible to move beyond passwords without requiring heavy-duty authentication servers. It has been a long time, but I think we were also concerned about restrictions on encryption and encryption export (a set of problems that were not solved the IAB/IESG statement in RFC 1984 a few years earlier). Despite our understanding of the difficulties with CRAM-MD5 (most obviously, its reliance on MD5 itself), I still see it used and used with SMTP AUTH as well as with POP and IMAP. Why? Well, maybe to avoid encryption, but I'd guess more likely just out of habit and legacy behavior. RFC 1918 is, itself, another example. It is a good policy statement which most of us supported and considered valuable then and still do. But it is not a magic wand that brought about immediate and lasting changes -- many of the debates and policy proposals it refers to are still very much with us; some seem to be experiencing a resurgence after appearing to have gone away. Ultimately, some actors are going to follow our advice and some aren't and, especially when we promote a "stop doing this or using that" measure, we need to decide what sort of Internet we want: one that is as open or inclusive as possible or one that isn't nearly as open to those who don't follow our rules and preferences. While I appreciate Victor's follow-up clarification, that tradeoff applies whether we are talking about, e.g., "crypto or the mail doesn't go through" or "no transit privacy unless you use a preferred version of TLS". FWIW, I think what Ned, I, and many others have heard from users over the years is that they prefer that messages get through and, most of the time, behave as if that is far more important than marginal privacy or security. I wish that preference were a little different, but my (and other) efforts to educate the public about why they should care more --at least to the extent of making sure they can use whatever privacy and authentication mechanism that are available and that they judge to be effective for their needs have, so far, not been very successful. john
- Re: IETF mail server and SSLv3 Lixia Zhang
- Re: IETF mail server and SSLv3 John C Klensin
- Re: IETF mail server and SSLv3 John Levine
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- IETF mail server and SSLv3 IETF Chair
- Re: IETF mail server and SSLv3 tom p.
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 Jari Arkko
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 Jari Arkko
- Re: IETF mail server and SSLv3 Derek Atkins
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 John C Klensin
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 John C Klensin
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 ned+ietf
- Re: IETF mail server and SSLv3 Lixia Zhang
- Re: IETF mail server and SSLv3 John C Klensin
- Re: IETF mail server and SSLv3 Martin Rex
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Solarus
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Solarus
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Martin Rex
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Russ Housley
- Re: IETF mail server and SSLv3 Randy Bush
- Re: IETF mail server and SSLv3 Stephen Farrell
- Re: IETF mail server and SSLv3 Phillip Hallam-Baker
- Re: IETF mail server and SSLv3 Viktor Dukhovni
- Re: IETF mail server and SSLv3 Doug Barton
- RE: IETF mail server and SSLv3 Christian Huitema