Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmission Types Registration
Michael Peddemors <michael@linuxmagic.com> Tue, 28 March 2023 23:47 UTC
Return-Path: <michael@linuxmagic.com>
X-Original-To: mailsec@ietfa.amsl.com
Delivered-To: mailsec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3E3AAC151540 for <mailsec@ietfa.amsl.com>; Tue, 28 Mar 2023 16:47:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Cg3-INdAOCMC for <mailsec@ietfa.amsl.com>; Tue, 28 Mar 2023 16:47:37 -0700 (PDT)
Received: from mail-ob3.cityemail.com (mail-ob3.cityemail.com [104.128.152.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8A5DC14CF13 for <mailsec@ietf.org>; Tue, 28 Mar 2023 16:47:36 -0700 (PDT)
Received: (qmail 719115 invoked from network); 28 Mar 2023 23:47:35 -0000
Received: from riddle.wizard.ca (HELO [192.168.1.55]) (michael@wizard.ca@104.128.144.8) by fe3.cityemail.com with (TLS_AES_128_GCM_SHA256 encrypted) SMTP (e9e77a34-cdc2-11ed-91ae-3342177849a2); Tue, 28 Mar 2023 16:47:35 -0700
Message-ID: <606c375a-650a-a5e8-40f3-dfe5dc8f0881@linuxmagic.com>
Date: Tue, 28 Mar 2023 16:47:34 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
Content-Language: en-US
To: mailsec@ietf.org
References: <82a08c5c-1125-311a-1324-7abca983d72a@aitchison.me.uk>
From: Michael Peddemors <michael@linuxmagic.com>
Organization: LinuxMagic Inc.
In-Reply-To: <82a08c5c-1125-311a-1324-7abca983d72a@aitchison.me.uk>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-MagicMail-OS: Linux 2.2.x-3.x
X-MagicMail-UUID: e9e77a34-cdc2-11ed-91ae-3342177849a2
X-MagicMail-Authenticated: michael@wizard.ca
X-MagicMail-SourceIP: 104.128.144.8
X-MagicMail-RegexMatch: 0
X-MagicMail-EnvelopeFrom: <michael@linuxmagic.com>
X-Archive: Yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/mailsec/MLYOMpfB8hTSptVIB-NPRiulivc>
Subject: Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmission Types Registration
X-BeenThere: mailsec@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Email Security Issues <mailsec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/mailsec>, <mailto:mailsec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/mailsec/>
List-Post: <mailto:mailsec@ietf.org>
List-Help: <mailto:mailsec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/mailsec>, <mailto:mailsec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2023 23:47:41 -0000
On 2023-03-27 10:10, Andrew C Aitchison wrote: > > [ I am attempting to implement CLIENTID for Exim the MTA. ] > > https://www.rfc-editor.org/rfc/rfc3848 > added ESMTPA, ESMTPS, ESMTPSA, LMTP, LMTPA, LMTPS and LMTPSA > to SMTP and ESMTP for use in the "with" clause of a Received > header in an Internet message. > > Would we want CLIENTID to add to this list ? > My thought is that this would risk leaking information > which might allow a third party to infer facts about the > heuristics or rules used, so my guess is "no". > > If we *did* decide to add to this list, would ESMTPSC and ESMTPSCA > be sufficient, or do we want LMTPSC and LMTPSCA too ? > > Thanks, > Sorry about the delay in responding... Might need some other voices on this, but I dont' really see any need to alter the Received headers based on whether the authentication used CLIENTID or not, it can still use the default ESMTPSA (It would never use ESMTPA as that channel is not encrypted of course) and since this is limited to authentication at this time, I don't see even where ESMTPS would be used, but someone else might have an argument for that use case. The CLIENTID should NOT be shared, even the CLIENTID TYPE, and should not be recorded in the email message in any way IMHO, just as you pointed out, even indicating that the client prefers to use CLIENTID is not something that needs to be spread around. Somewhere in the future, I 'guess' knowing the sender was using CLIENTID 'could' be considered a trust factor, but I don't think sharing that information will ever be desirable. (For the record, we don't include it in our Received headers.) -- "Catch the Magic of Linux..." ------------------------------------------------------------------------ Michael Peddemors, President/CEO LinuxMagic Inc. Visit us at http://www.linuxmagic.com @linuxmagic A Wizard IT Company - For More Info http://www.wizard.ca "LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd. ------------------------------------------------------------------------ 604-682-0300 Beautiful British Columbia, Canada This email and any electronic data contained are confidential and intended solely for the use of the individual or entity to which they are addressed. Please note that any views or opinions presented in this email are solely those of the author and are not intended to represent those of the company.
- [Mailsec] CLIENTID and ESMTP and LMTP Transmissio… Andrew C Aitchison
- Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmi… Michael Peddemors
- Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmi… Andrew C Aitchison
- Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmi… Andrew C Aitchison
- Re: [Mailsec] CLIENTID and ESMTP and LMTP Transmi… Michael Peddemors