Re: [Uta] Last call: <draft-ietf-uta-smtp-require-tls-03> "SMTP Require TLS Option"
Jeremy Harris <jgh@wizmail.org> Wed, 15 August 2018 17:13 UTC
Return-Path: <jgh@wizmail.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C516F131001 for <uta@ietfa.amsl.com>; Wed, 15 Aug 2018 10:13:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=wizmail.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I0e451mEXamB for <uta@ietfa.amsl.com>; Wed, 15 Aug 2018 10:13:26 -0700 (PDT)
Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2D2D413101E for <uta@ietf.org>; Wed, 15 Aug 2018 10:13:26 -0700 (PDT)
ARC-Seal: i=1; cv=none; a=rsa-sha256; d=wizmail.org; s=r201803; t=1534353206; b=iWaorIyros1zZBT/wBTwXiqrd+WqAfjewor+Lt5DVMtZcD9dS2D+0Fuk6niJsTNPtJr2xKybTh bv0Nw9rvY0rDD5BMCvndfPzYjHW7paZtcNZ+t+nB+tsgjLWc6J2QdVAd3O5XiNeunSBGcRqzxO kdit8vpJ+zeIb70vuYxBR4k=;
ARC-Authentication-Results: i=1; wizmail.org; iprev=pass (vgate18.wizint.net) smtp.client-ip=2a00:1940:107::1:2f:0; auth=pass (PLAIN) smtp.auth=jgh@wizmail.org
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed; d=wizmail.org; s=r201803; t=1534353206; bh=NpBblR2PVkIB0tNt975/dX7w0LnXn/NsmM+So/CVd4w=; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:MIME-Version:Date: Message-ID:From:References:To:Subject:DKIM-Signature; b=S21zSvOjSTZmmE+N+ws9Ah6TJYAY2ca/hE2YjU8S/aGVnnin+dZzbCPdgeWqaYiF7dmMsfnsWn 69xNywkVGHkByifFwGBztORqKeOOn9vtHQmfp0OVrR84Z123HzewDQ16BtsQT+YHSJyLxYwRiK RGcz10YVKZmKOAuBigVhwis=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wizmail.org ; s=r201803; h=Content-Transfer-Encoding:Content-Type:In-Reply-To: MIME-Version:Date:Message-ID:From:References:To:Subject:From:Sender:Reply-To: Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type: Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=HxkNRtnM12eIm1XkcnX/4rZ2cRVH3dDoXm5T839j5+M=; b=x iUjE4G4FiqWrq0tt+7xaJOiKA10iCETrq6hXaGWFnCnR4gQCFqbDfYJ0FySbqPg804wEPXbM4jrjb eMhDpoDv6Ip0D7NWMKCMjDZ19l4RRX+zuYOegp/LIsMdjn7Y0F8P4ezGH46ZiK50Y0A+0VsgPh07h zx85DO/XyQqmJVOE=;
Authentication-Results: wizmail.org; iprev=pass (vgate18.wizint.net) smtp.client-ip=2a00:1940:107::1:2f:0; auth=pass (PLAIN) smtp.auth=jgh@wizmail.org
Received: from vgate18.wizint.net ([2a00:1940:107::1:2f:0] helo=lap.dom.ain) by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.91.106) id 1fpzMK-0002Ef-5H for uta@ietf.org (return-path <jgh@wizmail.org>); Wed, 15 Aug 2018 17:13:24 +0000
To: uta@ietf.org
References: <002801d434a7$fab29f60$f017de20$@gmail.com>
From: Jeremy Harris <jgh@wizmail.org>
Openpgp: preference=signencrypt
Autocrypt: addr=jgh@wizmail.org; prefer-encrypt=mutual; keydata= xsBNBFWABsQBCADTFfb9EHGGiDel/iFzU0ag1RuoHfL/09z1y7iQlLynOAQTRRNwCWezmqpD p6zDFOf1Ldp0EdEQtUXva5g2lm3o56o+mnXrEQr11uZIcsfGIck7yV/y/17I7ApgXMPg/mcj ifOTM9C7+Ptghf3jUhj4ErYMFQLelBGEZZifnnAoHLOEAH70DENCI08PfYRRG6lZDB09nPW7 vVG8RbRUWjQyxQUWwXuq4gQohSFDqF4NE8zDHE/DgPJ/yFy+wFr2ab90DsE7vOYb42y95keK tTBp98/Y7/2xbzi8EYrXC+291dwZELMHnYLF5sO/fDcrDdwrde2cbZ+wtpJwtSYPNvVxABEB AAHNJkplcmVteSBIYXJyaXMgKG5vbmUpIDxqZ2hAd2l6bWFpbC5vcmc+wsB7BBMBAgAlAhsD BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCVYAYBAIZAQAKCRC85YyM5B8y34iFB/9wozIY RogNdY1aejFFixb6++y4b1riyjMvWEULeEzDlQ0lMT6Z3PxXhZILD4y4aP7Kzx0ozXa5qaKy 41EAPKQoPipnRAH04QytJbIERvz8Tot/LeCVKUc0G9DVxOPBD03czTgqgz4EjV2qvnLF+rTU 0YBevrNCluKosGSd+3RvLWVu0hBhn9pELKfXJNSQXZb+TpHDhSDZ/gCrglBEOhA6YWbDb/4g z+5TFKdk+B++iAQZSHv7zISabjN+BPYgI47A+MU4JycoXaAUnMc0l5ba6fGNaIrzruE4aAZr lP5o+7mlU9Mm0QJqdqYxYPAiplJGrZv+YXH1fp5ueEK3l+NGzsBNBFWABsQBCADphLHaKToR uR/E7THerBiCjDatwCaETOKOTY2zRBQpaQ32p/F2XIGLS8Cc27+grZSKQ6ZX0ZN47O+AFyFH F8DH90IXZFpJR3Rb8zgXT8jnLX08DM31eECZHnRzFhGlOmq6WAUlqB3GKCPUCY2c4eTRXyoX LteTxrXCYoj45y/YmvlZrlonBNjPBAyHiO/LNz+V7fZtNsN7N/XGrnLbcdNfNd+SD1ENmbLJ 8RvyymxguTyB/ka9JdjHHIoQEJ6L166B3hhfCHpt8iC0GPZkti9IMl0NoJ029jJm3Jq1qEce EBn5H5QMGn6Fq64iXwTsO1TMNUwpWx8pjvV7wVIxjI8ZABEBAAHCwF8EGAECAAkFAlWABsQC GwwACgkQvOWMjOQfMt9N6Af8CS2CTrMQFdhkGEtBXmL4ifD8UHFkBRBGmM8ZL2fWUBTZXT8m rdRMOK6tcPnKWaCvWvKr0knt970j/DyAgFmH8hgOi3yctigFecVDjjilAeCJMq38s1tYKYiL DbBdHWtdkA9uHZwq3lfd3QxcEEO3QamQF+dO7h8gAOXlG+po87Hm+E0wz4swIB8+S37Jzrx9 uu0LSFDfJCTK+TIKGa5Un8LxPxyq9WnnNDh72zK7BiRidk/s40KcNod83NM4Hn/sbGfyLa8s S0F3ME0S+ocSMOiu/ZHHOiwpLYNbwTJ7stZxGsrguWeT9P+amxbA/YlK95LedstwvN+WcHZ7 d++Arg==
Message-ID: <a442b9c5-381b-215d-c8ae-96a5270c57d2@wizmail.org>
Date: Wed, 15 Aug 2018 18:13:20 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <002801d434a7$fab29f60$f017de20$@gmail.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Pcms-Received-Sender: vgate18.wizint.net ([2a00:1940:107::1:2f:0] helo=lap.dom.ain) with esmtpsa
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/Bzr0kcoMIuvdj99BTx9VVXD2p94>
Subject: Re: [Uta] Last call: <draft-ietf-uta-smtp-require-tls-03> "SMTP Require TLS Option"
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 17:13:28 -0000
On 08/15/2018 03:55 PM, Valery Smyslov wrote: > o Following the negotiation of STARTTLS, the SMTP server MUST > advertise in the subsequent EHLO response that it supports > REQUIRETLS. > > 2. I also have a question regarding the last bullet above - why advertising > REQUIRETLS is linked with negotiation of STARTTLS? > It is my understanding that TLS session may be established > without negotiation STARTTLS (as recommended by RFC8314), > so why the last bullet doesn't say just: "The SMTP server must > advertise in the EHLO response that it supports REQUIRETLS"? It would not be logically consistent to offer REQUIRETLS in a plaintext session, since it cannot be supported. I'd be happy if the wording only required the TLS is active for it to be advertised, so covering both STARTTLS and TLS-on-connect usage. The first bullet doesn't quite cover that as it is talking about the REQUIRETLS option on the MAIL command. If the requirement on the service extension advertising is sufficiently tight, it would be enough to say "if the <extension> was not advertised by the server, the client MAY NOT <use the option>". [ That is common for ESMTP service extensions; do we have to say it? ] -- Jeremy
- [Uta] Last call: <draft-ietf-uta-smtp-require-tls… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jim Fenton
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jeremy Harris
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Viktor Dukhovni
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jim Fenton