Re: [perpass] Fwd: New Version Notification for draft-fenton-smtp-require-tls-01.txt

Yakov Shafranovich <yakov@shaftek.biz> Thu, 18 February 2016 03:47 UTC

Return-Path: <yakov@impossibledreams.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3289A1B2A68 for <perpass@ietfa.amsl.com>; Wed, 17 Feb 2016 19:47:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Scl7SkjHjyoh for <perpass@ietfa.amsl.com>; Wed, 17 Feb 2016 19:47:48 -0800 (PST)
Received: from mail-ob0-x233.google.com (mail-ob0-x233.google.com [IPv6:2607:f8b0:4003:c01::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B5D71B2C39 for <perpass@ietf.org>; Wed, 17 Feb 2016 19:47:47 -0800 (PST)
Received: by mail-ob0-x233.google.com with SMTP id wb13so48331106obb.1 for <perpass@ietf.org>; Wed, 17 Feb 2016 19:47:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=shaftek-biz.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=Xr7boRlICqsDJ8h7qzlStQrdmGBca4j9AJd0ctttgKY=; b=bTmR1a+2aY4MsycG0oiRKDxQ72Dkqys6thD9u39rZSzr+7MvJ01MPgpcBWz+sqWC/W biVh46qkuneKDt7/ZCZUmWNFmu3QvY95MBV61A3o7Jh7EKWlVQBvqnJJXGnj2bJ4UGdE 9lEcQAf1gMQw/oAspRHy1zj6lYxEhRaFkxwLXF9TgtmNFjcKbA8Z6x0a/Mk5iPKINFrA mCd0lRGdXoXoIAjeKB0mCpET/v2qN6XT1/moFRt/DuTFW2aNtPtdLfj1c8icmrU5t9bH d6tWRi27LBmSBGuaRpcJqLk+h4Qfc9e0tJgxN6LK6AOesQOPr5h33sei5vEe30Ugfsys paDA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=Xr7boRlICqsDJ8h7qzlStQrdmGBca4j9AJd0ctttgKY=; b=lJl1wLMA3Hhm1l3x59x3V5S8P9zFGF6yI6t8dUfrBn/8SVD9el7hQna2WggDqi3mxA 718j+/AIZfXwgczsx3ydnn78+owbIk7XlNyuEb70dDxSz8QqTKqM4AFi7MVEe6w9PDbr L1yrnp94YAOL4Mawy7MUl1HnJw51ANa0DCNMXumcXOdt/mqugZPNWBRGgtNJFvDzsMI/ nJegSBF5WDPgBH4T3CElBdZuLhWO8mv6estVg76dS8Qsj5WlH89jzKJGI24m2l+SdoAC LIq/qsDS5j93uy5bqDZZ7ZD+0Hlnc72Uxmc6VnNzFnyFq/tP2y1RseJPoatsH9RL+Ir1 ymhA==
X-Gm-Message-State: AG10YOTUohtpnkpGt/lzTETOIBKbC6YwP145qolB9k9yWqx5kiBFyvJ95HWgBDcIKGfV+HUFN3qZYQXNkkGnquYu
X-Received: by 10.202.85.12 with SMTP id j12mr4292835oib.96.1455767266507; Wed, 17 Feb 2016 19:47:46 -0800 (PST)
MIME-Version: 1.0
Received: by 10.202.187.69 with HTTP; Wed, 17 Feb 2016 19:47:07 -0800 (PST)
In-Reply-To: <56C53DC3.4050806@bluepopcorn.net>
References: <20160213233657.2473.73478.idtracker@ietfa.amsl.com> <56C0DBC0.2070506@bluepopcorn.net> <CAF5Urx-SUviahM5v0mZ7Z4dD1hWrSjGpfS9A4L=2KeoEa2TGCw@mail.gmail.com> <56C53DC3.4050806@bluepopcorn.net>
From: Yakov Shafranovich <yakov@shaftek.biz>
Date: Wed, 17 Feb 2016 22:47:07 -0500
Message-ID: <CAF5Urx9TV6ebCQ2j0kEw_WsMk10=p5ucNP01XZc6ypMzQVbM7w@mail.gmail.com>
To: Jim Fenton <fenton@bluepopcorn.net>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/7kCPx90erv_9WPrc6qbNumsur4g>
Cc: perpass list <perpass@ietf.org>
Subject: Re: [perpass] Fwd: New Version Notification for draft-fenton-smtp-require-tls-01.txt
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 03:47:49 -0000

On Wed, Feb 17, 2016 at 10:42 PM, Jim Fenton <fenton@bluepopcorn.net> wrote:
> On 2/17/16 2:13 PM, Yakov Shafranovich wrote:
>>
>> Section 3.4 - delivery:
>> It is unclear what "delivery" means here, especially considering that
>> SMTP may relay messages to another server, perhaps reference RFC 5598?
>> Also, the parts in section 1 and the optional parameter in section 2
>> should play together with this, perhaps by requiring TLS in IMAP, etc.
>> or not. Either way, this may need clarification.
>
> I have been trying to void "boiling the ocean" by constraining this
> feature to SMTP. From the context, it should be clear that by delivery I
> was referring to protocols such as IMAP and POP, although webmail
> applies here as well. Are you suggesting that this requirement should be
> a MUST rather than the SHOULD I proposed?
>>

Maybe a MUST for SMTP relays following this one, and SHOULD for non-SMTP?


>>
>> One other comment - perhaps some sort of limiting digital signatures
>> for headers only like DKIM can be employed by the receiving MTA to
>> certify that the receipt and transmission was effective? I am thinking
>> along the lines of Received headers or DKIM headers, which would allow
>> traceability.
>
> This seems to be a separate feature - authenticated return receipts.
> This might be useful, but I don't think it belongs here.  I would hope
> that MTAs would add information about REQUIRETLS to their Received:
> header fields, much as they do about the use of TLS for messages they
> receive, but I haven't worked out quite how to specify that yet.

+1 on the received headers.

Thanks