IETF Logo Mail Archive

Re: IETF mail server and SSLv3

John C Klensin <john-ietf@jck.com> Fri, 05 February 2016 18:48 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3A4E1A877E for <ietf@ietfa.amsl.com>; Fri, 5 Feb 2016 10:48:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hQ1fr_h_IKW3 for <ietf@ietfa.amsl.com>; Fri, 5 Feb 2016 10:48:06 -0800 (PST)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 448A71A8749 for <ietf@ietf.org>; Fri, 5 Feb 2016 10:48:06 -0800 (PST)
Received: from [198.252.137.10] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1aRlQI-000Ge4-Sa; Fri, 05 Feb 2016 13:48:02 -0500
Date: Fri, 05 Feb 2016 13:47:57 -0500
From: John C Klensin <john-ietf@jck.com>
To: ned+ietf@mauve.mrochek.com, Viktor Dukhovni <ietf-dane@dukhovni.org>
Subject: Re: IETF mail server and SSLv3
Message-ID: <95A916D4082869CD35407358@JcK-HP8200.jck.com>
In-Reply-To: <01PWAPWAKLJI00008P@mauve.mrochek.com>
References: <F38A9FEF-7DBB-4F40-860E-6CB425E5EEE3@ietf.org> <sjmvb66r1st.fsf@securerf.ihtfp.org> <20160204024001.GM19242@mournblade.imrryr.org> <C9624BB55C713BCF83E4A552@7AD4D3FB4841A5E367CCF211> <08CEE02F-74DF-4C5E-A116-AB66FD8516FA@dukhovni.org> <01PWAPWAKLJI00008P@mauve.mrochek.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/zfl5AhEP29Q-ZwKIC2hJ1gPYh48>
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2016 18:48:08 -0000


--On Thursday, February 04, 2016 19:00 -0800
ned+ietf@mauve.mrochek.com wrote:

>> > On Feb 4, 2016, at 11:22 AM, John C Klensin
>> > <john-ietf@jck.com> wrote:
>> > 
>> >> I am quite comfortable at this time with a requirement of
>> >> better than SSLv3 for SMTP on the public Internet.
>> > 
>> > Unless there is a fallback to clear text, I am not.
> 
>> Yes, of course with cleartext transmission in the absence of
>> STARTTLS support.  I had expected that would have been clear
>> from context.
> 
> That's in no way sufficient. Not only do you have to be
> willing to do without STARTTLS, you also have to be willing to
> close the connection and try another in the event that the
> server offers STARTTLS, the client attempts to use it but the
> TLS negotiation fails for some reason.
> 
> I suspect this is the "fallback" John was talking about.

I hadn't thought through all of the details but more or less
yes.  

> Not all SMTP clients offer this capability, and without it you
> can get into stuck message situations.
> 
>> The point being that systems that are STARTTLS-capable are at
>> this point essentially without exception capable of TLSv1 or
>> better.
> 
> Maybe. But even if this is true, there are other ways for TLS
> negotiation to fail. (The one that has been the biggest
> nuisance historically is where TLS is enabled on the server
> but no certificate is installed, causing all attempts to use
> TLS to fail unconditionally.)

In addition, the IETF often fails to understand how slowly
change occurs, especially when the changes are expected to
replace existing practices that seem to work.  We've still got
messaging systems around that haven't fully gotten MIME and that
therefore still using "message and attachments" models.
Similarly, 18 or 19 years ago, our big focus was on
authentication rather than privacy and the IETF was on an
anti-password tear, so we developed CRAM-MD5, not just as a
serious proposal but a hack to show that, with the technology of
the time, it was possible to move beyond passwords without
requiring heavy-duty authentication servers.  It has been a long
time, but I think we were also concerned about restrictions on
encryption and encryption export (a set of problems that were
not solved the IAB/IESG statement in RFC 1984 a few years
earlier).    Despite our understanding of the difficulties with
CRAM-MD5 (most obviously, its reliance on MD5 itself), I still
see it used and used with SMTP AUTH as well as with POP and
IMAP.  Why?  Well, maybe to avoid encryption, but I'd guess more
likely just out of habit and legacy behavior.

RFC 1918 is, itself, another example.  It is a good policy
statement which most of us supported and considered valuable
then and still do.   But it is  not a magic wand that brought
about immediate and lasting changes -- many of the debates and
policy proposals it refers to are still very much with us; some
seem to be experiencing a resurgence after appearing to have
gone away.    

Ultimately, some actors are going to follow our advice and some
aren't and, especially when we promote a "stop doing this or
using that" measure, we need to decide what sort of Internet we
want: one that is as open or inclusive as possible or one that
isn't nearly as open to those who don't follow our rules and
preferences.  While I appreciate Victor's follow-up
clarification, that tradeoff applies whether we are talking
about, e.g., "crypto or the mail doesn't go through" or "no
transit privacy unless you use a preferred version of TLS".   

FWIW, I think what Ned, I, and many others have heard from users
over the years is that they prefer that messages get through
and, most of the time, behave as if that is far more important
than marginal privacy or security.  I wish that preference were
a little different, but my (and other) efforts to educate the
public about why they should care more --at least to the extent
of making sure they can use whatever privacy and authentication
mechanism that are available and that they judge to be effective
for their needs have, so far, not been very successful.

       john

v2.23.0 | Report a Bug | By Email