[lamps] Re: CMCbis: SMTP-over-TLS SecCon
Russ Housley <housley@vigilsec.com> Thu, 20 November 2025 16:56 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@mail2.ietf.org
Delivered-To: spasm@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 946A08D5597E for <spasm@mail2.ietf.org>; Thu, 20 Nov 2025 08:56:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7ORC14CUw6lh for <spasm@mail2.ietf.org>; Thu, 20 Nov 2025 08:56:46 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id CB22F8D554E3 for <spasm@ietf.org>; Thu, 20 Nov 2025 08:56:21 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id A41331A2914; Thu, 20 Nov 2025 11:56:21 -0500 (EST)
Received: from smtpclient.apple (pool-96-255-71-95.washdc.fios.verizon.net [96.255.71.95]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 88D1F1A2A7F; Thu, 20 Nov 2025 11:56:21 -0500 (EST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3826.700.81\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <062F0270-CD3C-47E4-9681-7D1D4D6ADA39@sn3rd.com>
Date: Thu, 20 Nov 2025 11:56:11 -0500
Content-Transfer-Encoding: quoted-printable
Message-Id: <8595A916-49FE-4C57-A632-C00CB8AC2D1C@vigilsec.com>
References: <062F0270-CD3C-47E4-9681-7D1D4D6ADA39@sn3rd.com>
To: Sean Turner <sean@sn3rd.com>
X-Mailer: Apple Mail (2.3826.700.81)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=content-type:mime-version:subject:from:in-reply-to:date:cc:content-transfer-encoding:message-id:references:to; s=pair-202402141609; bh=kyJ7xVYw77lzhNMkLw29nvLPn1Ox0L7QlUQaYnF7h3I=; b=M6OMFXFlbqx7kmM/nDL0ga2QjK5QNZd20wWY0JVppFdg3jkN7P0/09Gdz1CQyPhANPN1qbIBg09lMIUKhy4JVVaOtSIbxVvQenD3M3t5Ntn3s77n6e24LGlFwYhtEvsat339wNZWgzMA9MgaaPWZ/9FRZNpW9bY/KaF1CsJSX7U8UmXjnMyKHBB3WbWctK6Sk7jA/I3bjYV50xkd6/enMehjwHwCiezGxRHDaaZKOY8nuY7f0XEPIsJJHN4g60yoDHd42+r1mjvqErmRreMUj1ZqegiKq4zsQvOJee5JdNPEKwN3L10mOt58yEZP0T8tmlOlTY2axtFv+gj2CffOPw==
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Message-ID-Hash: GQHODMADZ3OVYNXMCBKOLHZEBOGKVYR2
X-Message-ID-Hash: GQHODMADZ3OVYNXMCBKOLHZEBOGKVYR2
X-MailFrom: housley@vigilsec.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: LAMPS <spasm@ietf.org>, Ben Kaduk <kaduk@mit.edu>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [lamps] Re: CMCbis: SMTP-over-TLS SecCon
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/a3XIvNneozsc3IKQx9vfDlLHCAk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>
I think that MAY in the last sentence is correct. They text rightly points out that the downside of requesting end-to-end use authenticated TLS is failure to deliver the message altogether. CMC does not rely on this protection, so MAY is the right balance. Also: s/may not be/might not be/ Russ > On Nov 20, 2025, at 11:32 AM, Sean Turner <sean@sn3rd.com> wrote: > > Hi! Viktor provided what I think is some good text for delivering CMC Requests/Responses over SMTP - see: > https://github.com/lamps-wg/cmcbis/pull/210 > What do people think about the MAY? Should it be a SHOULD? > > Cheers, > spt > _______________________________________________ > Spasm mailing list -- spasm@ietf.org > To unsubscribe send an email to spasm-leave@ietf.org
- [lamps] CMCbis: SMTP-over-TLS SecCon Sean Turner
- [lamps] Re: CMCbis: SMTP-over-TLS SecCon Russ Housley
- [lamps] Re: CMCbis: SMTP-over-TLS SecCon Eliot Lear
- [lamps] Re: CMCbis: SMTP-over-TLS SecCon Benjamin Kaduk