[secdir] SecDir review of draft-ietf-uta-mta-sts
"Paul Hoffman" <paul.hoffman@vpnc.org> Wed, 18 April 2018 17:48 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DBE5712778E for <secdir@ietfa.amsl.com>; Wed, 18 Apr 2018 10:48:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r63CcDDXX0hE for <secdir@ietfa.amsl.com>; Wed, 18 Apr 2018 10:48:21 -0700 (PDT)
Received: from mail.proper.com (Opus1.Proper.COM [207.182.41.91]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8BD2D12778D for <secdir@ietf.org>; Wed, 18 Apr 2018 10:48:21 -0700 (PDT)
Received: from [10.32.60.122] (50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141]) (authenticated bits=0) by mail.proper.com (8.15.2/8.15.2) with ESMTPSA id w3IHlb80011587 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for <secdir@ietf.org>; Wed, 18 Apr 2018 10:47:38 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: mail.proper.com: Host 50-1-51-141.dsl.dynamic.fusionbroadband.com [50.1.51.141] claimed to be [10.32.60.122]
From: Paul Hoffman <paul.hoffman@vpnc.org>
To: secdir <secdir@ietf.org>
Date: Wed, 18 Apr 2018 10:48:19 -0700
X-Mailer: MailMate (1.11.1r5471)
Message-ID: <7B59F727-7979-40C4-8C60-F501D25AA621@vpnc.org>
MIME-Version: 1.0
Content-Type: text/plain; format="flowed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/nZ0NcPHsoWhnxrVt4Z1wEx1D9CM>
Subject: [secdir] SecDir review of draft-ietf-uta-mta-sts
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 17:48:23 -0000
This document is an ambitious attempt to add STS (strict transport security) to SMTP. It carefully deals with all the traps and pitfalls that were found in developing STS for HTTP, DANE, and so on. I believe that it has hit all the obvious security issues how a determined attacker might cause a downgrade; in so doing, it has become a very complex protocol. However, the authors make a good argument for each of the complexities, which is admirable. --Paul Hoffman
- [secdir] SecDir review of draft-ietf-uta-mta-sts Paul Hoffman