Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP STS Draft)
Aaron Zauner <azet@azet.org> Thu, 05 May 2016 16:18 UTC
Return-Path: <azet@azet.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A34EB12D815 for <uta@ietfa.amsl.com>; Thu, 5 May 2016 09:18:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=azet.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8TlDjT-TXox9 for <uta@ietfa.amsl.com>; Thu, 5 May 2016 09:18:13 -0700 (PDT)
Received: from mail-pa0-x232.google.com (mail-pa0-x232.google.com [IPv6:2607:f8b0:400e:c03::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA1AF12D773 for <uta@ietf.org>; Thu, 5 May 2016 09:17:39 -0700 (PDT)
Received: by mail-pa0-x232.google.com with SMTP id xk12so37777691pac.0 for <uta@ietf.org>; Thu, 05 May 2016 09:17:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=qSHa4cGFLFE8ytZDrGTNm0TIWLuJQFrtsX/jVu+/MP4=; b=WUF17drbbR1uJHS/tKbC/WeK0FxWXLrgguHH/J+X5Dee/zooFynD5F/f1qBXsMpt+m VY/JQ8hIsjcforEsdhFFY2NuSgurVNfGYBBA5E/bbW+gJ5ksx+osqn1r5DuqqrF95mHY DVl37zjj9WPlGQGDZCV4PbRX7fMSo+4GclhPY=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=qSHa4cGFLFE8ytZDrGTNm0TIWLuJQFrtsX/jVu+/MP4=; b=Ym29YfZiLXroXGeU+YGOduqGKWhd8/sgR9di1mvtUQNlWoX4GH7CzDaWf1jFIqUku2 U3tBUO9gK+uc2yTunRDUCGvXt5I9ngI8CwIBmKV2MR7A6gtCm4aAKuR6HQEFehkS+gqL kmo/O39JRH5BW8iFtxpeekZix+O/GXRRet9C8vaS5RZsOGO5EM8C+Jw8DTlLZRE8yxfr 2rAqQ2FZshDe3ecsLrmh6U6iuhF12ECmgFlyp6UNboprBIpFlUP7R2oPiN+LpX2Dt0QJ rP0KL+iOUo1kcr7IEkOyKS8ebefrQl5avZxS3VGDvWU7ZDxBIuH0Kxmm6TgBRrtOqcfQ aAQQ==
X-Gm-Message-State: AOPr4FU/aTzhwYPUncuPZZHcSwWygMDKd5XDtwhTdX63orodGhP8+zVleID5zMoqiNTccw==
X-Received: by 10.66.1.135 with SMTP id 7mr21849768pam.106.1462465059409; Thu, 05 May 2016 09:17:39 -0700 (PDT)
Received: from [192.168.1.234] (ppp-49-237-254-226.revip6.asianet.co.th. [49.237.254.226]) by smtp.gmail.com with ESMTPSA id 199sm14803514pfc.15.2016.05.05.09.17.36 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 05 May 2016 09:17:38 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_C0FD9DE3-C69E-4E77-89A8-9BD024115B46"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Aaron Zauner <azet@azet.org>
In-Reply-To: <alpine.OSX.2.11.1605051057310.39064@ary.lan>
Date: Thu, 05 May 2016 23:17:29 +0700
Message-Id: <5CAA2C26-D339-4BFE-8328-0B33E3652025@azet.org>
References: <20160505141746.27164.qmail@ary.lan> <BF2136BB-6406-4796-8575-6C42043F37FD@azet.org> <alpine.OSX.2.11.1605051057310.39064@ary.lan>
To: John R Levine <johnl@taugh.com>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/-23hDJoGYaEgnQOXSgg80KQq0XI>
Cc: uta@ietf.org
Subject: Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP STS Draft)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2016 16:18:14 -0000
> On 05 May 2016, at 22:04, John R Levine <johnl@taugh.com> wrote: > >>> People have beens mailing around vast numbers of DMARC reports, most >>> of which have an application/gzip body. If there have been attacks >>> using DEFLATE bugs, nobody's gotten around to reporting them. >> >> I'm not much worried about attacks on DEFLATE and SMTP traffic. But as I understand from the draft, there's also an option to report back via HTTPS. Here DEFLATE may become a security issue. > > I don't see why. HTTP has had gzip encoding since http/1.0 twenty years ago, but I only defined application/gzip for mail in 2012. Your browser probably decodes deflated pages dozens of times a day. Exactly. And this is an open security issue today. It's the reason why people needed to come up with 'first party cookies'. https://github.com/dionyziz/rupture > Also, remember the DMARC experience, that in practice nobody is interested in http reports if they can send mail. You might ask around and see if you can find anyone who would send http reports if they had the option to do so. I implemented the http option from the DMARC draft (sort of, given that the draft language was a mess) and the number of attempts I saw was zero. I think STS is quite different from DMARC if many respects, but I'm interested in the authors opinions on that - would they prefer mail delivery or https? does it depend on deployment/hosting environment etc. Aaron
- Re: [Uta] draft-brotman-mta-sts/ Stephen Farrell
- Re: [Uta] draft-brotman-smtp-tlsrpt Viktor Dukhovni
- [Uta] Updated SMTP STS Draft Brotman, Alexander
- Re: [Uta] Updated SMTP STS Draft Leif Johansson
- Re: [Uta] Updated SMTP STS Draft Leif Johansson
- Re: [Uta] Updated SMTP STS Draft Mark Risher
- Re: [Uta] Updated SMTP STS Draft Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] draft-brotman-smtp-tlsrpt Brotman, Alexander
- Re: [Uta] Updated SMTP STS Draft Aaron Zauner
- Re: [Uta] Updated SMTP STS Draft John Levine
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] Updated SMTP STS Draft Jim Fenton
- Re: [Uta] Updated SMTP STS Draft John Levine
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] Updated SMTP STS Draft Daniel Margolis
- Re: [Uta] draft-brotman-smtp-tlsrpt John Levine
- Re: [Uta] draft-brotman-mta-sts/ John R Levine
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-smtp-tlsrpt Viktor Dukhovni
- Re: [Uta] draft-brotman-smtp-tlsrpt John Levine
- Re: [Uta] draft-brotman-mta-sts/ Brotman, Alexander
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Neil Cook
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ ned+uta
- Re: [Uta] Updated SMTP STS Draft Leif Johansson
- Re: [Uta] Updated SMTP STS Draft John Levine
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Mark Risher
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ John R Levine
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Binu Ramakrishnan
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] Updated SMTP STS Draft Mark Risher
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ Mark Risher
- [Uta] CBOR, XML, JSON (was Re: Updated SMTP STS D… Chris Newman
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] special hostnames, was draft-brotman-mt… John Levine
- Re: [Uta] special hostnames, was draft-brotman-mt… Viktor Dukhovni
- Re: [Uta] special hostnames, was draft-brotman-mt… John Levine
- Re: [Uta] special hostnames, was draft-brotman-mt… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] Updated SMTP STS Draft Alexey Melnikov
- Re: [Uta] draft-brotman-smtp-tlsrpt Leif Johansson
- Re: [Uta] draft-brotman-smtp-tlsrpt Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] draft-brotman-smtp-tlsrpt Kurt Andersen (b)
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John R Levine
- Re: [Uta] draft-brotman-smtp-tlsrpt Orit Levin
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Binu Ramakrishnan
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John R Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John R Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John R Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Orit Levin
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Orit Levin
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Daniel Margolis
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Daniel Margolis
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Neil Cook
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Chris Newman
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Daniel Margolis
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John R Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Chris Newman
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John R Levine
- Re: [Uta] DNSSEC or the lack thereof, was reporti… John Levine
- Re: [Uta] DNSSEC or the lack thereof, was reporti… Viktor Dukhovni
- Re: [Uta] DNSSEC or the lack thereof, was reporti… John Levine
- Re: [Uta] DNSSEC or the lack thereof, was reporti… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John R Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Jim Fenton
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John R Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Sean Leonard