Re: [Uta] Email over TLS drafts
"Orit Levin (LCA)" <oritl@microsoft.com> Wed, 26 February 2014 13:45 UTC
Return-Path: <oritl@microsoft.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B42A1A0348 for <uta@ietfa.amsl.com>; Wed, 26 Feb 2014 05:45:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n7ume06DxPG7 for <uta@ietfa.amsl.com>; Wed, 26 Feb 2014 05:45:42 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0185.outbound.protection.outlook.com [207.46.163.185]) by ietfa.amsl.com (Postfix) with ESMTP id 11DB61A0343 for <uta@ietf.org>; Wed, 26 Feb 2014 05:45:38 -0800 (PST)
Received: from BL2PR03MB290.namprd03.prod.outlook.com (10.141.68.19) by BL2PR03MB592.namprd03.prod.outlook.com (10.255.109.35) with Microsoft SMTP Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 13:45:35 +0000
Received: from BL2PR03MB290.namprd03.prod.outlook.com ([10.141.68.19]) by BL2PR03MB290.namprd03.prod.outlook.com ([10.141.68.19]) with mapi id 15.00.0883.010; Wed, 26 Feb 2014 13:45:35 +0000
From: "Orit Levin (LCA)" <oritl@microsoft.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Thread-Topic: Email over TLS drafts
Thread-Index: Ac8w23U47Wyus96JSTSr96rckaErlwBhlmYAACUEkhA=
Date: Wed, 26 Feb 2014 13:45:35 +0000
Message-ID: <148a6b4e36004633b253eefde94f6237@BL2PR03MB290.namprd03.prod.outlook.com>
References: <f43cbf441ed743f08b70201a7da1a119@BL2PR03MB290.namprd03.prod.outlook.com> <530CF24C.9030302@isode.com>
In-Reply-To: <530CF24C.9030302@isode.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [195.99.168.174]
x-forefront-prvs: 0134AD334F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(199002)(479174003)(189002)(13464003)(24454002)(51704005)(51914003)(377454003)(81686001)(81816001)(76576001)(76786001)(76796001)(74876001)(69226001)(81342001)(74706001)(81542001)(93136001)(53806001)(74366001)(51856001)(19580405001)(19580395003)(79102001)(83322001)(54316002)(94316002)(56776001)(93516002)(77982001)(54356001)(76482001)(59766001)(86362001)(74316001)(83072002)(85852003)(80022001)(74662001)(74502001)(66066001)(47446002)(87936001)(90146001)(49866001)(47736001)(47976001)(50986001)(80976001)(63696002)(33646001)(31966008)(65816001)(4396001)(56816005)(85306002)(95416001)(46102001)(94946001)(2656002)(87266001)(86612001)(92566001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2PR03MB592; H:BL2PR03MB290.namprd03.prod.outlook.com; CLIP:195.99.168.174; FPR:E6B0D1D5.AC3A97F1.7DD36D6B.42E8E97D.2050C; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/2aSABNjYW0pJuK4HUHxJiEj7Fgk
Cc: "uta@ietf.org" <uta@ietf.org>, "chris.newman@oracle.com" <chris.newman@oracle.com>, "moore@network-heretics.com" <moore@network-heretics.com>
Subject: Re: [Uta] Email over TLS drafts
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2014 13:45:45 -0000
Alexey, Thanks for the answers! Please, see inline. Cheers, Orit. > -----Original Message----- > From: Alexey Melnikov [mailto:alexey.melnikov@isode.com] > Sent: Tuesday, February 25, 2014 11:43 AM > To: Orit Levin (LCA) > Cc: moore@network-heretics.com; chris.newman@oracle.com; uta@ietf.org > Subject: Re: Email over TLS drafts > > Hi, > > On 23/02/2014 22:47, Orit Levin (LCA) wrote: > > Dear authors, > > In preparation for the London meeting, a few questions/comments about > the email drafts: > > > > First, both drafts address the interface between MUA and MSA only, > correct? > Yes. Earlier discussions pointed out that TLS deployment realities for > MTA-to-MTA links are a bit different from MUA-to-MSA. In particular > certificate verification rules might be different. > > It would be interesting to show (in the presentation), what the situation > looks like for other email interfaces (e.g., between MTAs). > > > > draft-newman-email-deep-01 > > > > - I think that merging the two drafts was the right move. It allows readers > to see the whole range of techniques for consideration. That being said, the > draft includes both (1) suggestions for preferred methods of operation > based on existing standards and (2) new mechanisms to enhance privacy > when email protocols are secured by TLS. Would you consider discussing the > two categories using parallel tracks (drafts) in order to streamline the work? > I am not an editor, but I am personally Ok with both being discussed in > the same draft. If the WG ends up not quickly converging on new bits, it > might be worth discussing the split. > > - I am curious why the proposed latch mechanism (defined and used in > sections 4, 6, and 7) has been considered for email applications specifically. I > understand that you need some kind of an "application" or "signalling" or > "management" protocol to implement the mechanism, but potentially it > could be a common one to serve any application. This question seems > especially applicable to the latches' definitions themselves. > I think trying this out for email first and then generalizing later is > the best course of action. OL: I addressed these in my previous email. I think, we all are in rough agreement here. ;-) > > draft-melnikov-email-tls-certs-01 > > > > This draft seems to specify the preferred methods of operation based on > existing standards. It would helpful to show (in presentation and in the > document) which of the recommendations are about putting constraints on > the existing standard vs. what statements are real changes to the standard > and thus require replacing sections in the existing RFC. > > This intends to replace SMTP Submission TLS server verification procedure, > because RFC 3207 is underspecified in this respect. > It also intends to replace IMAP TLS server verification procedure from RFC > 3501. If you think it would help the discussion, I can quote specific text being > replaced and what is the practical difference for implementations. draft- > melnikov-email-tls-certs is a profile of RFC 6125, so it is using different > terminology, which makes understanding the difference a bit trickier. > OL: I am concerned about the readability for two distinct types of readers: newcomers (both implementers and deployers) vs. those familiar with the existing RFCs. Replacing a chapter with the new text would work for the former, while a diff-like implementation guide would help the latter... So it seems that both are needed in the same document... As a precedent, RFC3261 Section 28 comes to mind... (Luckily, our case is not as long as that of SIP.) It would be interesting to know what other think. > > Are any of the suggested recommendations in this draft would apply to > applications other than email? > I think this is quite specific to email. I know that XMPP and HTTP > differ slightly from what is proposed for email. OL: That's totally cool from my perspective. Just making sure that we all are paying attention to the "generic" angle. > > Thanks and looking forward to your presentations in London, > > Orit.
- [Uta] Email over TLS drafts Orit Levin (LCA)
- Re: [Uta] Email over TLS drafts Keith Moore
- Re: [Uta] Email over TLS drafts Alexey Melnikov
- Re: [Uta] Email over TLS drafts Orit Levin (LCA)
- Re: [Uta] Email over TLS drafts Orit Levin (LCA)