Re: [Trans] Draft agenda

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 24 February 2014 21:00 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6EC31A018D for <trans@ietfa.amsl.com>; Mon, 24 Feb 2014 13:00:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.4
X-Spam-Level: *
X-Spam-Status: No, score=1.4 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_48=0.6] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FIXIEWzyBlnf for <trans@ietfa.amsl.com>; Mon, 24 Feb 2014 13:00:56 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 19F771A0277 for <trans@ietf.org>; Mon, 24 Feb 2014 13:00:49 -0800 (PST)
Received: from fifthhorseman.net (dsl254-070-154.nyc1.dsl.speakeasy.net [216.254.70.154]) by che.mayfirst.org (Postfix) with ESMTPSA id 858ACF984 for <trans@ietf.org>; Mon, 24 Feb 2014 16:00:46 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id A0BFD1FF61; Mon, 24 Feb 2014 16:00:46 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: trans@ietf.org
In-Reply-To: <53063600.4020102@gmail.com>
References: <53063600.4020102@gmail.com>
User-Agent: Notmuch/0.17 (http://notmuchmail.org) Emacs/24.3.1 (x86_64-pc-linux-gnu)
Date: Mon, 24 Feb 2014 16:00:43 -0500
Message-ID: <878ut0usxw.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/VU7_OELWe_oNOAJPvLzBWc-BuRI
Subject: Re: [Trans] Draft agenda
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Feb 2014 21:00:58 -0000

On Thu 2014-02-20 12:06:08 -0500, Melinda Shore wrote:
> I've uploaded a first crack at an agenda to
> http://www.ietf.org/proceedings/89/agenda/agenda-89-trans.
> Please let me know if anything is missing, or if you'd like
> to request some time on the agenda.

Thanks for organizing, Melinda!  I'd like to try to make a bit of time
in the agenda to talk about the use of CT in the SMTP+STARTTLS
environment.

Given the current opportunistic mode that TLS is used for in SMTP, we
may decide that there is no reasonable intersection at all today, but i
think it would be worth putting the issue on people's radar with a brief
discussion.

For example, brief discussion of any of these questions might be useful:

 * Should submission (SMTP+STARTTLS on port 587, with some form of
   client authentication) servers enroll their certificates in the log?

 * Should submission clients (MUAs like Thunderbird or Outlook) verify
   SCTs?  If so, what would be a reasonable action for MUAs to take if
   an SCT is missing or does not validate?  Does this change if the MUA
   has a history of having seen a valid SCT for the submission server?
   Should MUA configuration indicate to the user whether a server's
   certificate is in the log or not?

 * Should submission servers that use client-side certs to authenticate
   their clients look for SCTs in their client's certs?  If so, how
   should they behave if a client's SCT is missing or does not validate?
 
 * Should regular (port 25, not submission) SMTP+STARTTLS clients verify
   the SCTs passed by the peer?  What should be done if an SCT is absent
   or doesn't verify?  What if there is a history of having seen a
   logged cert for that peer?

 * Should regular (port 25, not submission) SMTP+STARTTLS servers with
   client-cert-authenticated peers verify the SCTs passed by the peer?
   What should be done if an SCT is absent or doesn't verify?

 * Should certificates for submission or SMTP+STARTTLS contain any
   reference to the domains they accept e-mail for (or send e-mail
   from?), or should their certificates be limited to the hostname only?

 * What sort of log monitoring should an SMTP+STARTTLS or submission
   service operator do to avoid misissuance?  Does it differ in any way
   from the log monitoring that an HTTPS operator should do?

Regards,

    --dkg