IETF Logo Mail Archive

Re: [Trans] CT for opportunistic STARTTLS in SMTP

Trevor Freeman <trevorf@exchange.microsoft.com> Tue, 25 February 2014 20:20 UTC

Return-Path: <trevorf@exchange.microsoft.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D84041A0254 for <trans@ietfa.amsl.com>; Tue, 25 Feb 2014 12:20:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hT4B1HD-bnfC for <trans@ietfa.amsl.com>; Tue, 25 Feb 2014 12:20:26 -0800 (PST)
Received: from na01-by1-obe.outbound.o365filtering.com (na01-by1-obe.ptr.o365filtering.com [64.4.22.87]) by ietfa.amsl.com (Postfix) with ESMTP id 006A91A0275 for <trans@ietf.org>; Tue, 25 Feb 2014 12:20:25 -0800 (PST)
Received: from BL2SR01CA104.namsdf01.sdf.exchangelabs.com (10.255.109.149) by BL2SR01MB592.namsdf01.sdf.exchangelabs.com (10.255.109.163) with Microsoft SMTP Server (TLS) id 15.0.898.5; Tue, 25 Feb 2014 19:47:39 +0000
Received: from BY1FFOFD004.ffo.gbl (2a01:111:f400:7c00::87) by BL2SR01CA104.outlook.office365.com (2a01:111:e400:c01::21) with Microsoft SMTP Server (TLS) id 15.0.898.5 via Frontend Transport; Tue, 25 Feb 2014 19:47:38 +0000
Received: from hybrid.exchange.microsoft.com (131.107.159.99) by BY1FFOFD004.mail.o365filtering.com (10.1.16.61) with Microsoft SMTP Server (TLS) id 15.0.898.4 via Frontend Transport; Tue, 25 Feb 2014 19:47:38 +0000
Received: from DFM-TK5MBX15-07.exchange.corp.microsoft.com (157.54.109.46) by DFM-TK5EDG15-01.exchange.corp.microsoft.com (157.54.27.96) with Microsoft SMTP Server (TLS) id 15.0.847.32; Tue, 25 Feb 2014 11:47:33 -0800
Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com (157.54.109.44) by DFM-TK5MBX15-07.exchange.corp.microsoft.com (157.54.109.46) with Microsoft SMTP Server (TLS) id 15.0.847.32; Tue, 25 Feb 2014 11:47:32 -0800
Received: from DFM-TK5MBX15-05.exchange.corp.microsoft.com ([169.254.5.15]) by DFM-TK5MBX15-05.exchange.corp.microsoft.com ([169.254.5.15]) with mapi id 15.00.0847.027; Tue, 25 Feb 2014 11:47:32 -0800
From: Trevor Freeman <trevorf@exchange.microsoft.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>, Ben Laurie <benl@google.com>
Thread-Topic: [Trans] CT for opportunistic STARTTLS in SMTP
Thread-Index: AQHPMktUK1TcKUm7rUKelX8JKB3CNJrGwbEAgAAE1oD//5WxkA==
Date: Tue, 25 Feb 2014 19:47:31 +0000
Message-ID: <2c3b987f362f479fa0d437513b65efa5@DFM-TK5MBX15-05.exchange.corp.microsoft.com>
References: <53063600.4020102@gmail.com> <878ut0usxw.fsf@alice.fifthhorseman.net> <CAMm+LwjANZrgKXxRD-f4POdn7vz9_f1W2Mj8xTGEFVO9-3Unng@mail.gmail.com> <530BB8E3.30303@gmail.com> <530BBCE6.1070100@fifthhorseman.net> <CABrd9SQeReQ_LMFxYJhA2NBCPKCsUXiHjmaF5UgOUEvi-ZJovg@mail.gmail.com> <DEEC5007-F38F-4A20-ADA3-A612C31326C4@vpnc.org> <CABrd9ST9U_KK1bTGAGeUFyr8Gx7GWkau9HiPfcgyOwjnozXuFA@mail.gmail.com> <200B1469-C0AB-4560-B799-F09D4C7221EA@vpnc.org>
In-Reply-To: <200B1469-C0AB-4560-B799-F09D4C7221EA@vpnc.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [157.59.235.233]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:131.107.159.99; CTRY:US; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10009001)(13464003)(51704005)(24454002)(377454003)(199002)(189002)(83072002)(81342001)(81686001)(79102001)(19580405001)(19580395003)(33646001)(93516002)(85852003)(90146001)(77096001)(77982001)(59766001)(15975445006)(50466002)(44976005)(81816001)(74706001)(56816005)(92566001)(76786001)(76796001)(74876001)(6806004)(54316002)(56776001)(81542001)(76482001)(80976001)(74502001)(47446002)(74662001)(53806001)(94946001)(93886001)(84676001)(54356001)(31966008)(94316002)(2656002)(87936001)(20776003)(63696002)(47776003)(80022001)(87266001)(65816001)(50986001)(93136001)(83322001)(46102001)(85306002)(49866001)(47736001)(74366001)(95666003)(23726002)(69226001)(95416001)(51856001)(46406003)(4396001)(66066001)(47976001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2SR01MB592; H:hybrid.exchange.microsoft.com; FPR:3CF4CDBE.BF264FCA.BD6DB347.4AECDAFD.2025B; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Forefront-PRVS: 01334458E5
X-OriginatorOrg: exchange.microsoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/_PB2x36CIerkKYuZsTZlVyjGwBQ
Cc: "trans@ietf.org" <trans@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [Trans] CT for opportunistic STARTTLS in SMTP
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 20:20:29 -0000

I don't see the relevance of CT to opportunistic STARTTLS.

Opportunistic STARTTLS is a feature of the sender whereby the sender picks STARTTLS if offered, but otherwise will send the email.  If the alternative was send unprotected over plain TCP, you may as well negotiate TLS if offered.  Moreover, if TLS negotiation fails for whatever reason, the send remembers the fact and done not attempt to negotiate next time. 

The sender does have a list of SMTP domains where it requires TLS authentication, but that is mandatory  STARTTLS. 

-----Original Message-----
From: Trans [mailto:trans-bounces@ietf.org] On Behalf Of Paul Hoffman
Sent: Tuesday, February 25, 2014 9:54 AM
To: Ben Laurie
Cc: trans@ietf.org; Daniel Kahn Gillmor
Subject: Re: [Trans] CT for opportunistic STARTTLS in SMTP

On Feb 25, 2014, at 9:36 AM, Ben Laurie <benl@google.com> wrote:

>> At the earlier CT meeting, I think someone proposed that there could be a check that the cert was in actual use at the place it said it was.
> 
> That does not seem effective to me.

It is more effective than doing nothing; it may not be effective enough to prevent overwhelm by spam. I was just pointing it out as something that was proposed, not well-thought-out.

--Paul Hoffman
_______________________________________________
Trans mailing list
Trans@ietf.org
https://www.ietf.org/mailman/listinfo/trans

v2.46.0 | Report a Bug | By Email | System Status