IETF Logo Mail Archive

Re: [Uta] Last Call: <draft-ietf-uta-smtp-require-tls-07.txt> (SMTP Require TLS Option) to Proposed Standard

Jim Fenton <fenton@bluepopcorn.net> Mon, 28 January 2019 03:25 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 92DD8130F09; Sun, 27 Jan 2019 19:25:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bt_-GTmiMJMU; Sun, 27 Jan 2019 19:25:36 -0800 (PST)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 301F312426A; Sun, 27 Jan 2019 19:25:35 -0800 (PST)
Received: from [IPv6:2601:647:4300:2290:62a4:4cff:fe65:83dd] ([IPv6:2601:647:4300:2290:62a4:4cff:fe65:83dd]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x0S3PWjP024984 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Sun, 27 Jan 2019 19:25:33 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1548645935; bh=FSg3u6Oavklvq9vKyDnYu3ydOCrLaTF9YjThM+evzwQ=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=ILKdPa9amnbsKBOIBxAplv/U+O2LF4EWFMWmpsuZxGs9jXTRLyhbmEYotfhjChiii bSVFyfjsm7uWZy3XjgYw95tqsUOnjxl4bOSbsKEbypfwZ+2XOq5xhdRXert+9S4QrK AmE1S+n1P/+j31e4orkGTpfjyXoDnv3/ExqOSNX4=
To: Stephan Bosch <stephan@rename-it.nl>, uta@ietf.org
Cc: draft-ietf-uta-smtp-require-tls@ietf.org
References: <154842843614.29150.7231551831323471834.idtracker@ietfa.amsl.com> <8c6ca7b1-5803-bb2d-f3bd-d0b1053c6a27@rename-it.nl> <57bdba07-f9b6-2956-7c27-c64b6666f536@bluepopcorn.net> <ac3c7874-7c14-db61-ff82-5df3cd99ded2@rename-it.nl>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <f4e4d166-1563-28c2-cb0b-d67ea638245d@bluepopcorn.net>
Date: Sun, 27 Jan 2019 19:25:23 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <ac3c7874-7c14-db61-ff82-5df3cd99ded2@rename-it.nl>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/4Yar2foEWjOicVq5QAHSndRJYCw>
Subject: Re: [Uta] Last Call: <draft-ietf-uta-smtp-require-tls-07.txt> (SMTP Require TLS Option) to Proposed Standard
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Jan 2019 03:25:37 -0000

On 1/27/19 2:32 AM, Stephan Bosch wrote:
>
> Op 27/01/2019 om 06:13 schreef Jim Fenton:
>> The draft discusses situations where intermediaries (relays) might
>> generate bounce messages and the like, but doesn't deal with what are
>> effectively reply messages back to the originator of the message.
>> Hopefully the originator knows that a reply might be generated by the
>> recipient, by the sieve mechanisms you describe but also by things like
>> the vacation autoresponder, tools built into products like Exchange, and
>> for that matter, manual replies by the recipient of the message. These
>> are separate messages, and I was hoping that was understood. But we
>> could add a comment recommending the use of MTA-STS or DANE policies to
>> try to make sure that replies are covered as well, if not.
>
> Note that replies aren't the only thing Sieve can do. The mentioned 
> "redirect" action is forwarding the same message to a different 
> recipient, much like an MTA can do directly. Rules in this RFC state 
> that REQUIRETLS must be forwarded to the next hop in that case, so 
> does that apply to Sieve as well? The notify action creates a 
> notification message based on the incoming message and sends it 
> elsewhere, which also is not a reply (and can be something other than 
> email). What happens there?

Nothing particularly happens; once the message has reached its 
destination, any number of things can happen to it. Some of these are 
automatic like Sieve (and yes, it can forward the message elsewhere, 
even via a different medium, and not just reply to the sender) and some 
are manual (the recipient takes some action, not necessarily via email, 
as a result of receiving the message). The anticipated use case for this 
is one where the sender is sending a message to a recipient that will 
treat it with some sensitivity. For example, a reporter in a foreign 
jurisdiction that is sending something to their editor. We would expect 
that editor not to do something that compromises such reports.

If you think more discussion of this, that can be added (with the 
concurrence of the WG, of course).

>
>> I'm afraid I don't understand the relationship of all this with LMTP.
>> Can you clarify?
>
> There isn't much of a relationship. LMTP is where Sieve is usually 
> executed (can also be used at MTA level). The fact that REQUIRETLS 
> gets propagated all the way to LMTP means that such Sieve interpreters 
> can be made to do something with that parameter. I'd imagine that at 
> least the "redirect" action would have the same requirements as an MTA 
> forwarding the message directly (without first passing through LMTP 
> and Sieve).
Thank you.
>
> All this is of course up for discussion and that is why I bring this 
> up. You do discuss mailing lists, but statements about Sieve (or 
> similar mail filtering for that matter) are omitted.


I agree that the discussion of mailing lists but not other mechanisms 
like Sieve is perhaps incomplete by being too specific. Perhaps a more 
general discussion of what can happen at the recipient address is needed.

-Jim

v2.23.0 | Report a Bug | By Email