IETF Logo Mail Archive

Re: [Uta] Email over TLS drafts

"Orit Levin (LCA)" <oritl@microsoft.com> Wed, 26 February 2014 13:45 UTC

Return-Path: <oritl@microsoft.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4B42A1A0348 for <uta@ietfa.amsl.com>; Wed, 26 Feb 2014 05:45:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id n7ume06DxPG7 for <uta@ietfa.amsl.com>; Wed, 26 Feb 2014 05:45:42 -0800 (PST)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1blp0185.outbound.protection.outlook.com [207.46.163.185]) by ietfa.amsl.com (Postfix) with ESMTP id 11DB61A0343 for <uta@ietf.org>; Wed, 26 Feb 2014 05:45:38 -0800 (PST)
Received: from BL2PR03MB290.namprd03.prod.outlook.com (10.141.68.19) by BL2PR03MB592.namprd03.prod.outlook.com (10.255.109.35) with Microsoft SMTP Server (TLS) id 15.0.883.10; Wed, 26 Feb 2014 13:45:35 +0000
Received: from BL2PR03MB290.namprd03.prod.outlook.com ([10.141.68.19]) by BL2PR03MB290.namprd03.prod.outlook.com ([10.141.68.19]) with mapi id 15.00.0883.010; Wed, 26 Feb 2014 13:45:35 +0000
From: "Orit Levin (LCA)" <oritl@microsoft.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Thread-Topic: Email over TLS drafts
Thread-Index: Ac8w23U47Wyus96JSTSr96rckaErlwBhlmYAACUEkhA=
Date: Wed, 26 Feb 2014 13:45:35 +0000
Message-ID: <148a6b4e36004633b253eefde94f6237@BL2PR03MB290.namprd03.prod.outlook.com>
References: <f43cbf441ed743f08b70201a7da1a119@BL2PR03MB290.namprd03.prod.outlook.com> <530CF24C.9030302@isode.com>
In-Reply-To: <530CF24C.9030302@isode.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [195.99.168.174]
x-forefront-prvs: 0134AD334F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(199002)(479174003)(189002)(13464003)(24454002)(51704005)(51914003)(377454003)(81686001)(81816001)(76576001)(76786001)(76796001)(74876001)(69226001)(81342001)(74706001)(81542001)(93136001)(53806001)(74366001)(51856001)(19580405001)(19580395003)(79102001)(83322001)(54316002)(94316002)(56776001)(93516002)(77982001)(54356001)(76482001)(59766001)(86362001)(74316001)(83072002)(85852003)(80022001)(74662001)(74502001)(66066001)(47446002)(87936001)(90146001)(49866001)(47736001)(47976001)(50986001)(80976001)(63696002)(33646001)(31966008)(65816001)(4396001)(56816005)(85306002)(95416001)(46102001)(94946001)(2656002)(87266001)(86612001)(92566001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2PR03MB592; H:BL2PR03MB290.namprd03.prod.outlook.com; CLIP:195.99.168.174; FPR:E6B0D1D5.AC3A97F1.7DD36D6B.42E8E97D.2050C; MLV:sfv; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/2aSABNjYW0pJuK4HUHxJiEj7Fgk
Cc: "uta@ietf.org" <uta@ietf.org>, "chris.newman@oracle.com" <chris.newman@oracle.com>, "moore@network-heretics.com" <moore@network-heretics.com>
Subject: Re: [Uta] Email over TLS drafts
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Feb 2014 13:45:45 -0000

Alexey,
Thanks for the answers!
Please, see inline.

Cheers,
Orit.


> -----Original Message-----
> From: Alexey Melnikov [mailto:alexey.melnikov@isode.com]
> Sent: Tuesday, February 25, 2014 11:43 AM
> To: Orit Levin (LCA)
> Cc: moore@network-heretics.com; chris.newman@oracle.com; uta@ietf.org
> Subject: Re: Email over TLS drafts
> 
> Hi,
> 
> On 23/02/2014 22:47, Orit Levin (LCA) wrote:
> > Dear authors,
> > In preparation for the London meeting, a few questions/comments about
> the email drafts:
> >
> > First, both drafts address the interface between MUA and MSA only,
> correct?
> Yes. Earlier discussions pointed out that TLS deployment realities for
> MTA-to-MTA links are a bit different from MUA-to-MSA. In particular
> certificate verification rules might be different.
> > It would be interesting to show (in the presentation), what the situation
> looks like for other email interfaces (e.g., between MTAs).
> >
> > draft-newman-email-deep-01
> >
> > - I think that merging the two drafts was the right move. It allows readers
> to see the whole range of techniques for consideration. That being said, the
> draft includes both (1) suggestions for preferred methods of operation
> based on existing standards and (2) new mechanisms to enhance privacy
> when email protocols are secured by TLS.  Would you consider discussing  the
> two categories using parallel tracks (drafts) in order to streamline the work?
> I am not an editor, but I am personally Ok with both being discussed in
> the same draft. If the WG ends up not quickly converging on new bits, it
> might be worth discussing the split.
> > - I am curious why the proposed latch mechanism (defined and used in
> sections 4, 6, and 7) has been considered for email applications specifically. I
> understand that you need some kind of an "application" or "signalling" or
> "management" protocol to implement the mechanism, but potentially it
> could be a common one to serve any application. This question seems
> especially applicable to the latches' definitions themselves.
> I think trying this out for email first and then generalizing later is
> the best course of action.
 
OL: I addressed these in my previous email. I think, we all are in rough agreement here. ;-)

> > draft-melnikov-email-tls-certs-01
> >
> > This draft seems to specify the preferred methods of operation based on
> existing standards. It would helpful to show (in presentation and in the
> document) which of the recommendations are about putting constraints on
> the existing standard vs. what statements are real changes to the standard
> and thus require replacing sections in the existing RFC.
> 
> This intends to replace SMTP Submission TLS server verification procedure,
> because RFC 3207 is underspecified in this respect.
> It also intends to replace IMAP TLS server verification procedure from RFC
> 3501. If you think it would help the discussion, I can quote specific text being
> replaced and what is the practical difference for implementations. draft-
> melnikov-email-tls-certs is a profile of RFC 6125, so it is using different
> terminology, which makes understanding the difference a bit trickier.
> 

OL: I am concerned about the readability for two distinct types of readers: newcomers (both implementers and deployers) vs.  those familiar with the existing RFCs. Replacing a chapter with the new text  would work for the former, while a diff-like implementation guide would help the latter...  So it seems that both are needed in the same document... As a precedent, RFC3261 Section 28 comes to mind... (Luckily, our case is not as long as that of SIP.) It would be interesting to know what other think. 

> > Are any of the suggested recommendations in this draft would apply to
> applications other than email?
> I think this is quite specific to email. I know that XMPP and HTTP
> differ slightly from what is proposed for email.

OL: That's totally cool from my perspective. Just making sure that we all are paying attention to the "generic" angle.
 

> > Thanks and looking forward to your presentations in London,
> > Orit.

v2.23.0 | Report a Bug | By Email