IETF Logo Mail Archive

Re: [NNTP] Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard

Sabahattin Gucukoglu <listsebby@me.com> Tue, 29 November 2016 11:57 UTC

Return-Path: <ietf-nntp-bounces+nntpext-archive=ietf.org@lists.eyrie.org>
X-Original-To: ietfarch-nntpext-archive@ietfa.amsl.com
Delivered-To: ietfarch-nntpext-archive@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D96881299BF for <ietfarch-nntpext-archive@ietfa.amsl.com>; Tue, 29 Nov 2016 03:57:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.286
X-Spam-Level:
X-Spam-Status: No, score=-3.286 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RP_MATCHES_RCVD=-1.497, T_DKIM_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (2048-bit key) reason="fail (message has been altered)" header.d=me.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kxvJEZQwy55c for <ietfarch-nntpext-archive@ietfa.amsl.com>; Tue, 29 Nov 2016 03:57:21 -0800 (PST)
Received: from hope.eyrie.org (hope.eyrie.org [IPv6:2001:470:30:84:e276:63ff:fe62:3535]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A0EBF129AEC for <nntpext-archive@ietf.org>; Tue, 29 Nov 2016 03:52:27 -0800 (PST)
Received: from hope.eyrie.org (localhost [IPv6:::1]) by hope.eyrie.org (Postfix) with ESMTP id 72BCE68516 for <nntpext-archive@ietf.org>; Tue, 29 Nov 2016 03:52:26 -0800 (PST)
X-Original-To: ietf-nntp@lists.eyrie.org
Delivered-To: ietf-nntp@lists.eyrie.org
Received: from pv33p04im-asmtp001.me.com (pv33p04im-asmtp001.me.com [17.143.181.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by hope.eyrie.org (Postfix) with ESMTPS id 0B61968267 for <ietf-nntp@lists.eyrie.org>; Tue, 29 Nov 2016 03:52:24 -0800 (PST)
Received: from process-dkim-sign-daemon.pv33p04im-asmtp001.me.com by pv33p04im-asmtp001.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) id <0OHE00F00JN04O00@pv33p04im-asmtp001.me.com> for ietf-nntp@lists.eyrie.org; Tue, 29 Nov 2016 11:52:23 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=me.com; s=4d515a; t=1480420343; bh=LnQ68HeERleHrUEeb4irSLrJlbZKtxvODPxiJqRc3vA=; h=Content-type:MIME-version:Subject:From:Date:Message-id:To; b=EZa1Z0/2WDkdhtDy4syjsecVB3LskuoNtdMnh/1VqIB/6QtntBLTTEQ/ZLIOpcyDh LjNoaQkAO07XZ3a7GZZGAjUQ8jElYnVprOqAm01kgpu/e3lHUSbJv2Fp30e9jG6vYB Nr8kavld2WWNwriXgzw416YjOuU0f+CXIfjUck8/HeppwhcHA0UsBOIg9/HIeGCur+ qt1Mgjtl9D6RO2/xh8KraIfEyvX6p9w9e/NQPhXdEd28yokxmL6X5+HqnrB9iQqN84 r03NLR222RWdKhK+hvg4qck44EhAJIf2tR9wUMKAzeGwvTV5DMTHQOLMdAqJlJKtOt /NfNbw76Kg2jQ==
Received: from [172.16.16.155] (unknown [90.155.50.12]) by pv33p04im-asmtp001.me.com (Oracle Communications Messaging Server 7.0.5.38.0 64bit (built Feb 26 2016)) with ESMTPSA id <0OHE00FGZJN8V840@pv33p04im-asmtp001.me.com>; Tue, 29 Nov 2016 11:52:23 +0000 (GMT)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2016-11-29_01:,, signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 clxscore=1034 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1603290000 definitions=main-1611290202
Content-type: text/plain; charset="windows-1252"
MIME-version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: Sabahattin Gucukoglu <listsebby@me.com>
In-reply-to: <6fd124c5-6c1c-38b0-76a9-635bc96e2d1c@trigofacile.com>
Date: Tue, 29 Nov 2016 11:52:19 +0000
Content-transfer-encoding: quoted-printable
Message-id: <CE74EB40-E7D8-4CC5-AF29-DD732C03C3AC@me.com>
References: <148035153084.5510.13278742493736503746.idtracker@ietfa.amsl.com> <81e67a36-c913-c9b5-b613-51c7f184eab6@trigofacile.com> <6fd124c5-6c1c-38b0-76a9-635bc96e2d1c@trigofacile.com>
To: Julien ÉLIE <julien@trigofacile.com>
X-Mailer: Apple Mail (2.2104)
Cc: ietf-nntp@lists.eyrie.org
Subject: Re: [NNTP] Last Call: <draft-elie-nntp-tls-recommendations-01.txt> (Use of Transport Layer Security (TLS) in the Network News Transfer Protocol (NNTP)) to Proposed Standard
X-BeenThere: ietf-nntp@lists.eyrie.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: NNTP protocol discussion <ietf-nntp.lists.eyrie.org>
List-Unsubscribe: <https://lists.eyrie.org/mailman/options/ietf-nntp>, <mailto:ietf-nntp-request@lists.eyrie.org?subject=unsubscribe>
List-Archive: <https://lists.eyrie.org/pipermail/ietf-nntp/>
List-Post: <mailto:ietf-nntp@lists.eyrie.org>
List-Help: <mailto:ietf-nntp-request@lists.eyrie.org?subject=help>
List-Subscribe: <https://lists.eyrie.org/mailman/listinfo/ietf-nntp>, <mailto:ietf-nntp-request@lists.eyrie.org?subject=subscribe>
Errors-To: ietf-nntp-bounces+nntpext-archive=ietf.org@lists.eyrie.org
Sender: ietf-nntp <ietf-nntp-bounces+nntpext-archive=ietf.org@lists.eyrie.org>

On 28 Nov 2016, at 21:44, Julien ÉLIE <julien@trigofacile.com> wrote:
> As strict TLS over a dedicated port is the current TLS best practice to use, what should we do for transit servers?  We currently have no NNSP/TLS port.  Do you believe we should ask to register a new port NNSP/TLS?
> Otherwise, what should we recommend?  (My fear is that adoption and use of that new port by news servers will be slow, or even will never be happening...)

Not for me to argue with the wisdom of the crowd, I'm sure, but I've never liked the idea of going back to TLS "wrapper" ports; it just wastes precious IANA resources for absolutely no reason whatsoever and, as you just highlighted, is in any event unlikely to make a meaningful impact in practice.

Maybe you could compromise; describe the use of the secure port, give it a name, but then only register that port when implementers go looking for it.  Downside is that the RFC cannot specify a fixed port number.

v2.23.0 | Report a Bug | By Email