IETF Logo Mail Archive

Re: [Uta] "webby" STS and DANE/DNSSEC co-existence

Leif Johansson <leifj@sunet.se> Thu, 28 April 2016 20:26 UTC

Return-Path: <leifj@sunet.se>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C2FBA12D9B6 for <uta@ietfa.amsl.com>; Thu, 28 Apr 2016 13:26:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sunet.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RQaCOtcAOTdK for <uta@ietfa.amsl.com>; Thu, 28 Apr 2016 13:26:44 -0700 (PDT)
Received: from e-mailfilter01.sunet.se (e-mailfilter01.sunet.se [IPv6:2001:6b0:8:2::201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1762012D9A0 for <uta@ietf.org>; Thu, 28 Apr 2016 13:26:43 -0700 (PDT)
Received: from smtp1.sunet.se (smtp1.sunet.se [192.36.171.214]) by e-mailfilter01.sunet.se (8.14.4/8.14.4/Debian-4) with ESMTP id u3SKQf8s025661 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <uta@ietf.org>; Thu, 28 Apr 2016 22:26:41 +0200
Received: from kerio.sunet.se (kerio.sunet.se [192.36.171.210]) by smtp1.sunet.se (8.14.9/8.14.7) with ESMTP id u3SKQctC008079 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO) for <uta@ietf.org>; Thu, 28 Apr 2016 22:26:41 +0200 (CEST)
VBR-Info: md=sunet.se; mc=all; mv=swamid.se
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=sunet.se; s=default; t=1461875201; bh=Agru5MSTxIf/Mo8xWZ8MPmzvueCIkNgnzheF4WD/T+g=; h=Subject:To:References:From:Date:In-Reply-To; b=UVwemP3WKl57NrXts/NaqD9To+j6x4UPAIKEOIJFZmfRWN9KpzajP5Ws+knRDlna3 e0m4tkj7voahoUgqzVbg8wIJicqnpuuRWflMX34ym+Egj8Scmaoj7AnW9jUpmX0NBh 5XHRf5oH4EaSKJx9LEpaXblVltLZDt2MH80gb+Q0=
X-Footer: c3VuZXQuc2U=
Received: from [10.0.0.107] ([62.102.145.131]) (authenticated user leifj@sunet.se) by kerio.sunet.se (Kerio Connect 9.0.1) with ESMTPSA (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128 bits)) for uta@ietf.org; Thu, 28 Apr 2016 22:26:37 +0200
To: uta@ietf.org
References: <571FFAC8.6090706@KingsMountain.com> <5721EE5D.3090507@cs.tcd.ie>
From: Leif Johansson <leifj@sunet.se>
Message-ID: <572271FD.1070503@sunet.se>
Date: Thu, 28 Apr 2016 22:26:37 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <5721EE5D.3090507@cs.tcd.ie>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
X-CanIt-Geo: ip=192.36.171.210; country=SE; latitude=59.3294; longitude=18.0686; http://maps.google.com/maps?q=59.3294,18.0686&z=6
X-CanItPRO-Stream: outbound-sunet-se:outbound (inherits from outbound-sunet-se:default, sunet-se:default, base:default)
X-Canit-Stats-ID: 09QLUqF6E - 6537c1fb6099 - 20160428
X-CanIt-Archive-Cluster: PfMRe/vJWMiXwM2YIH5BVExnUnw
Received-SPF: neutral (e-mailfilter01.sunet.se: 192.36.171.210 is neither permitted nor denied by domain leifj@sunet.se) receiver=e-mailfilter01.sunet.se; client-ip=192.36.171.210; envelope-from=<leifj@sunet.se>; helo=smtp1.sunet.se; identity=mailfrom
X-Scanned-By: CanIt (www . roaringpenguin . com) on 192.36.171.201
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/AIsFu0cZTKei9iSk5DpXCQbnpXw>
Subject: Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 20:26:47 -0000

On 2016-04-28 13:05, Stephen Farrell wrote:
> 
> Hi Jeff,
> 
> On 27/04/16 00:33, =JeffH wrote:
>> On 4/11/16, 1:45 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>>    >
>>    > With no hats, I'd like to argue that the WG should pursue
>>    > the "webby" STS proposal, ...
>>
>> just to ensure this thread is pedantically clear, when you said the
>> above, you were referring to..
>>
>>      https://datatracker.ietf.org/doc/draft-margolis-smtp-sts
>>      (which has now morphed in to two separate I-Ds)
> 
> Well not particularly those drafts but yes I was referring to the
> ideas embodied therein. (But yeah, those are the drafts we have
> with those ideas in:-)

yes

> 
>>
>> ..and possibly also..
>>
>>      https://tools.ietf.org/html/draft-ietf-uta-email-deep
> 
> To the extent we want deep to be consistent with the above drafts,
> yes, the same discussion should be relevant.
> 
> And in case it helps, I think we do need the webby approach in
> addition to the DNSSEC based approach because DNSSEC, while being
> the correct solution here, doesn't yet have sufficient deployment.
> I also hope that the webby approach will not further damage DNSSEC
> deployment in this case - I figure DANE/DNSSEC will have enough
> advantages over the webby approach that it'll continue to be used,
> and hence that at least some of the biggest mail providers will
> need to at least be able to verify DANE/DNSSEC stuff so the webby
> thing will I hope end up as a stopgap.
> 
> Cheers,
> S.
> 
>>
>> ..yes?
>>
>> thx, hth,
>>
>> =JeffH
>>
>> _______________________________________________
>> Uta mailing list
>> Uta@ietf.org
>> https://www.ietf.org/mailman/listinfo/uta
>>
> 
> 
> 
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>

v2.23.0 | Report a Bug | By Email