Re: [Uta] reporting, was CBOR, XML, JSON (was Re: Updated SMTP STS Draft)
Neil Cook <neil.cook@noware.co.uk> Tue, 10 May 2016 16:04 UTC
Return-Path: <neil.cook@noware.co.uk>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 040DC12B007 for <uta@ietfa.amsl.com>; Tue, 10 May 2016 09:04:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.895
X-Spam-Level:
X-Spam-Status: No, score=-2.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.996] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X1miMZUt9TkA for <uta@ietfa.amsl.com>; Tue, 10 May 2016 09:04:37 -0700 (PDT)
Received: from mail.noware.co.uk (mail.noware.co.uk [192.241.243.54]) by ietfa.amsl.com (Postfix) with ESMTP id 3222012D1E9 for <uta@ietf.org>; Tue, 10 May 2016 09:04:37 -0700 (PDT)
Received: from [10.5.9.38] (unknown [185.30.24.219]) by mail.noware.co.uk (Postfix) with ESMTPSA id 55B3C1C856A; Tue, 10 May 2016 16:04:35 +0000 (UTC)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_600A5DCE-1F6D-400A-9B47-088A1F70BC69"; protocol="application/pgp-signature"; micalg="pgp-sha256"
X-Pgp-Agent: GPGMail 2.6b2
From: Neil Cook <neil.cook@noware.co.uk>
In-Reply-To: <CANtKdUeceBLiaUoc4KW8HHaOx28ZUMmm9hDXYCJkdv1V2C_OcA@mail.gmail.com>
Date: Tue, 10 May 2016 17:04:45 +0100
Message-Id: <E99C2034-2393-4740-BD43-3FE9EBEB0DFF@noware.co.uk>
References: <20160509235607.GZ3300@mournblade.imrryr.org> <20160510011534.9584.qmail@ary.lan> <20160510053615.GA3300@mournblade.imrryr.org> <CANtKdUeceBLiaUoc4KW8HHaOx28ZUMmm9hDXYCJkdv1V2C_OcA@mail.gmail.com>
To: Daniel Margolis <dmargolis@google.com>
X-Mailer: Apple Mail (2.3112)
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.1 cv=TdMYtHgh c=1 sm=1 tr=0 a=WmHeaI2fh3TtX9POIQ07DA==:117 a=WmHeaI2fh3TtX9POIQ07DA==:17 a=L9H7d07YOLsA:10:nop_no_from_header a=9cW_t1CCXrUA:10:nop_no_to_header a=s5jvgZ67dGcA:10:nop_no_subject_header a=1XWaLZrsAAAA:8 a=lyf1682xAAAA:8 a=48vgC7mUAAAA:8 a=VFvIdGU27GhF5fsdbs4A:9 a=YWUq_VHmFBA8dc2J:21 a=EuvqiBA9M3SnTI1i:21 a=CjuIK1q_8ugA:10:nop_charset_2 a=Tz8Nvgyam8T2YHHRcyMA:9 a=3Cis8rAMyr0Yf124:21 a=kl4YPfut-OHaW2G7:21 a=L-q9c0_lPK5n-ndO:21 a=_W_S_7VecoQA:10:nop_html a=x3jrCIfjt-4Dq3Xmqt8A:9 a=nJcEw6yWrPvoIXZ49MH8:22 a=22KFQSEqVl9V9wpDgu0m:22 a=w1C3t2QeGrPiZgrLijVG:22
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/7_wkiNuSmgbZv-3VwTRPeAN_RRk>
Cc: uta@ietf.org
Subject: Re: [Uta] reporting, was CBOR, XML, JSON (was Re: Updated SMTP STS Draft)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 May 2016 16:04:43 -0000
+1 for a separate draft on in-band reporting. Neil > On 10 May 2016, at 16:14, Daniel Margolis <dmargolis@google.com> wrote: > > Yeah, I think we've spent more time on this discussion than we would on some simple implementations. ;) > > I think Viktor is right that sending something other than "QUIT" is quite reasonable. Obviously some MTA operators may have trouble implementing it (like if their MTA doesn't support it and they don't want to write custom code), so for that reason and for the purposes of MITM transparency (as I noted up-thread) we should also support out-of-band reporting. (MTAs need not support STS in order to generate meaningful reports about, e.g., expired certs, so supporting reporting with no required MTA changes is a useful property.) > > I think we all agree that we should do both, in an ideal world. And the discussion of priorities here strikes me as mostly misplaced, since it mostly depends on what's easy for a given developer or host to implement; some will implement only one or the other, I imagine. > > So the only real question I have here is, should we include something about in-band reporting (the "QUIT" alternative) in the TLSRPT draft? I think not, as it seems a bit misplaced for the draft. But it seems like we could fairly easy write basically a one-pager describing this other verb. > > Does that make sense? Basically something like STARTTLS, where you say "TLSQUIT [some parameters about failure]" and if you don't get back a 221 you then do a "QUIT." > > (Viktor, if you want to draft something like this, I'm happy to proof read it...) > > Dan > > On Mon, May 9, 2016 at 10:36 PM, Viktor Dukhovni <ietf-dane@dukhovni.org <mailto:ietf-dane@dukhovni.org>> wrote: > On Tue, May 10, 2016 at 01:15:34AM -0000, John Levine wrote: > > > >Legacy MTAs also won't have STS support. We won't get new security > > >capabilitie ex nihilo. > > > > If you want to do the client stuff, you need new code in the MTA, but > > for the server side part, publishing a statement saying here's the > > names of my MXes and what their certificates should look like, you > > don't. Just stick the info on a web server, publish a DNS record or > > two to point at it, and you're all set. > > The proposal is exceedingly simple. Instead of just sending "QUIT" > when TLS peer authentication fails, (or STARTTLS is not offered), > the SMTP client may be able to send a one line TLS status command. > > Some MTAs would support this and some wouldn't. Over time likely > more would than won't. Lack of day-one support is not a valid > objection. > > I'm proposing an *additional* notification channel for can be more > timely, and does not require the use of any third parties to which > one discloses one's traffic details, or publication of any email > addresses for receiving reports that may get spammed, or require > custom plumbing for report processing. > > In Postfix, I can provide built-in support for the new verb in a > a way that consolidates notices for reporting to the system > administrator. > > Nothing you've said in this thread makes the proposal impractical > as an *additional* mechanism for notification. I am done with this > thread. Over and out. > > -- > Viktor. > > _______________________________________________ > Uta mailing list > Uta@ietf.org <mailto:Uta@ietf.org> > https://www.ietf.org/mailman/listinfo/uta <https://www.ietf.org/mailman/listinfo/uta> > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta
- Re: [Uta] draft-brotman-mta-sts/ Stephen Farrell
- Re: [Uta] draft-brotman-smtp-tlsrpt Viktor Dukhovni
- [Uta] Updated SMTP STS Draft Brotman, Alexander
- Re: [Uta] Updated SMTP STS Draft Leif Johansson
- Re: [Uta] Updated SMTP STS Draft Leif Johansson
- Re: [Uta] Updated SMTP STS Draft Mark Risher
- Re: [Uta] Updated SMTP STS Draft Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] draft-brotman-smtp-tlsrpt Brotman, Alexander
- Re: [Uta] Updated SMTP STS Draft Aaron Zauner
- Re: [Uta] Updated SMTP STS Draft John Levine
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] Updated SMTP STS Draft Jim Fenton
- Re: [Uta] Updated SMTP STS Draft John Levine
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] Updated SMTP STS Draft Daniel Margolis
- Re: [Uta] draft-brotman-smtp-tlsrpt John Levine
- Re: [Uta] draft-brotman-mta-sts/ John R Levine
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-smtp-tlsrpt Viktor Dukhovni
- Re: [Uta] draft-brotman-smtp-tlsrpt John Levine
- Re: [Uta] draft-brotman-mta-sts/ Brotman, Alexander
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Neil Cook
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ ned+uta
- Re: [Uta] Updated SMTP STS Draft Leif Johansson
- Re: [Uta] Updated SMTP STS Draft John Levine
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Mark Risher
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ John R Levine
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] draft-brotman-mta-sts/ Binu Ramakrishnan
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] Updated SMTP STS Draft Mark Risher
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ Daniel Margolis
- Re: [Uta] draft-brotman-mta-sts/ Viktor Dukhovni
- Re: [Uta] draft-brotman-mta-sts/ Mark Risher
- [Uta] CBOR, XML, JSON (was Re: Updated SMTP STS D… Chris Newman
- Re: [Uta] draft-brotman-mta-sts/ John Levine
- Re: [Uta] special hostnames, was draft-brotman-mt… John Levine
- Re: [Uta] special hostnames, was draft-brotman-mt… Viktor Dukhovni
- Re: [Uta] special hostnames, was draft-brotman-mt… John Levine
- Re: [Uta] special hostnames, was draft-brotman-mt… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] Updated SMTP STS Draft Alexey Melnikov
- Re: [Uta] draft-brotman-smtp-tlsrpt Leif Johansson
- Re: [Uta] draft-brotman-smtp-tlsrpt Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] draft-brotman-smtp-tlsrpt Kurt Andersen (b)
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John R Levine
- Re: [Uta] draft-brotman-smtp-tlsrpt Orit Levin
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Binu Ramakrishnan
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John R Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John R Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Daniel Margolis
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John R Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Orit Levin
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Orit Levin
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… John Levine
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Daniel Margolis
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Daniel Margolis
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Neil Cook
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Chris Newman
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Daniel Margolis
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John R Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Chris Newman
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John R Levine
- Re: [Uta] DNSSEC or the lack thereof, was reporti… John Levine
- Re: [Uta] DNSSEC or the lack thereof, was reporti… Viktor Dukhovni
- Re: [Uta] DNSSEC or the lack thereof, was reporti… John Levine
- Re: [Uta] DNSSEC or the lack thereof, was reporti… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John R Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Jim Fenton
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Viktor Dukhovni
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… John R Levine
- Re: [Uta] reporting, was CBOR, XML, JSON (was Re:… Aaron Zauner
- Re: [Uta] CBOR, XML, JSON (was Re: Updated SMTP S… Sean Leonard