IETF Logo Mail Archive

[secdir] SecDir review of draft-ietf-uta-mta-sts

"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 18 April 2018 17:48 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBE5712778E for <secdir@ietfa.amsl.com>; Wed, 18 Apr 2018 10:48:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r63CcDDXX0hE for <secdir@ietfa.amsl.com>; Wed, 18 Apr 2018 10:48:21 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BD2D12778D for <secdir@ietf.org>; Wed, 18 Apr 2018 10:48:21 -0700 (PDT)
Received: from [10.32.60.122] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id w3IHlb80011587 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <secdir@ietf.org>; Wed, 18 Apr 2018 10:47:38 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.122]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: secdir <secdir@ietf.org>
Date: Wed, 18 Apr 2018 10:48:19 -0700
X-Mailer: MailMate (1.11.1r5471)
Message-ID: <7B59F727-7979-40C4-8C60-F501D25AA621@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/nZ0NcPHsoWhnxrVt4Z1wEx1D9CM>
Subject: [secdir] SecDir review of draft-ietf-uta-mta-sts
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 17:48:23 -0000

This document is an ambitious attempt to add STS (strict transport 
security) to SMTP. It carefully deals with all the traps and pitfalls 
that were found in developing STS for HTTP, DANE, and so on. I believe 
that it has hit all the obvious security issues how a determined 
attacker might cause a downgrade; in so doing, it has become a very 
complex protocol. However, the authors make a good argument for each of 
the complexities, which is admirable.

--Paul Hoffman

v2.23.0 | Report a Bug | By Email