Re: [Uta] Adoption of draft-rsalz-use-san
Valery Smyslov <valery@smyslov.net> Mon, 15 March 2021 13:11 UTC
Return-Path: <valery@smyslov.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D24B3A1146 for <uta@ietfa.amsl.com>; Mon, 15 Mar 2021 06:11:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.119
X-Spam-Level:
X-Spam-Status: No, score=-2.119 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=smyslov.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lea657Fu2xd6 for <uta@ietfa.amsl.com>; Mon, 15 Mar 2021 06:11:46 -0700 (PDT)
Received: from direct.host-care.com (direct.host-care.com [198.136.54.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0722E3A1143 for <uta@ietf.org>; Mon, 15 Mar 2021 06:11:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smyslov.net ; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :Date:Subject:In-Reply-To:References:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=4b3KEYauj7VbEmw6C0x34VgKqExFzB7UfyxNjhDeFac=; b=xs0wRUm3cKCktzuC273+qEjddS ncFXUCtAqlfnVcZfr5U3CXgIWQwUbBzsJ0Ie4Nt0uYAMah7YWk5zM5+5NfYIFafGGZG4t07cPy0SC 3T1YPIaULi7AIj6zPfa99/QCwn4WkD8h2vZQp5binB7XWal+cVhV++lQdm8zJI7y9W7/gNa1lWOkp 5vee+kGzmINMTjG50gG2xQQHIAtYsRPfVi+qQzKJzX0kxlPBicH972IryhXT4moHmOYQr7TGBCe6O Ax/TffWRLU4UnWKXakp0mtDKV200r7N69pqhqRaqEPqG0e4kEI0gqzQNGI/FZZe5u/FJUq6TutQjz 8yPQXjew==;
Received: from [93.188.44.203] (port=49457 helo=buildpc) by direct.host-care.com with esmtpsa (TLS1.2) tls TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from <valery@smyslov.net>) id 1lLn0Y-0002q9-Lr; Mon, 15 Mar 2021 09:11:43 -0400
From: Valery Smyslov <valery@smyslov.net>
To: 'Henning Krause' <mail=40henningkrause.eu@dmarc.ietf.org>, uta@ietf.org
References: <004201d718e1$007959a0$016c0ce0$@gmail.com> <E4D5BAE4-6BCA-4405-B9AA-D83F0F784A81@cisco.com> <5EA0DD1C-4977-4E2E-9D16-6762EA366AD9@dukhovni.org> <DB7PR08MB3498CFF6C5D08CB5D5074216BB6C9@DB7PR08MB3498.eurprd08.prod.outlook.com>
In-Reply-To: <DB7PR08MB3498CFF6C5D08CB5D5074216BB6C9@DB7PR08MB3498.eurprd08.prod.outlook.com>
Date: Mon, 15 Mar 2021 16:11:37 +0300
Message-ID: <057d01d7199c$bec827e0$3c5877a0$@smyslov.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQK314W41wwTCohf+2UCfwJ+TWtjZwG3PqTHAr9r3c0CyWRH+aiJiYQQ
Content-Language: ru
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - direct.host-care.com
X-AntiAbuse: Original Domain - ietf.org
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - smyslov.net
X-Get-Message-Sender-Via: direct.host-care.com: authenticated_id: valery@smyslov.net
X-Authenticated-Sender: direct.host-care.com: valery@smyslov.net
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/G-8iNCMorKtIDJITuraphqsIJkE>
Subject: Re: [Uta] Adoption of draft-rsalz-use-san
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Mar 2021 13:11:48 -0000
Hi Henning, > Hi, > > As a developer for an email security gateway, I'm all in favor of validating the SAN instead of the CN on the > SMTP level. > > And though SMTP mostly uses opportunistic TLS, mandatory use of TLS is increasing with more people > adopting MTA-STS. > > Now, the proposed RFC is specifically scoped to TLS certificates. I think pushing the same thing for SMIME > certificates would also be useful. I don't think S/MIME is in scope of UTA charter... Regards, Valery. > Kind regards, > Henning > > > -----Original Message----- > > From: Uta [mailto:uta-bounces@ietf.org] On Behalf Of Viktor Dukhovni > > Sent: Montag, 15. März 2021 11:32 > > To: uta@ietf.org > > Subject: Re: [Uta] Adoption of draft-rsalz-use-san > > > > > On Mar 15, 2021, at 7:58 AM, Eliot Lear <lear=40cisco.com@dmarc.ietf.org> > > wrote: > > > > > > Architecturally, Rich is nailing it. We should be encouraging the use of > > SANs. However, use of SANs beyond the scope of the web may not be > > entirely ubiquitous, and so we should either be a bit more targeted, or slow > > roll the other uses with some backward compatibility language. Personally I > > like the latter approach. We shouldn’t hold up deprecation across the web > > due to the other uses, but we should encourage those other uses to move > > off of subject. > > > > > > If Rich and others are ok with that, I’m all for adoption. > > > > Certificates are barely checked in SMTP at all (opportunistic and at that), but > > to the extent that they are, I am not aware of anyone who's got meaningful > > certificates that only have a matching CN and no matching SAN. > > > > It is fine to deprecate the requirement to support CNs in the absence of a > > DNS-ID SAN also for SMTP (not just Web). Long overdue. > > > > -- > > Viktor. > > > > _______________________________________________ > > Uta mailing list > > Uta@ietf.org > > https://www.ietf.org/mailman/listinfo/uta > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta
- [Uta] Adoption of draft-rsalz-use-san Valery Smyslov
- Re: [Uta] Adoption of draft-rsalz-use-san Loganaden Velvindron
- Re: [Uta] Adoption of draft-rsalz-use-san Alexey Melnikov
- Re: [Uta] Adoption of draft-rsalz-use-san Olle E. Johansson
- Re: [Uta] Adoption of draft-rsalz-use-san Brian Smith
- Re: [Uta] Adoption of draft-rsalz-use-san Eliot Lear
- Re: [Uta] Adoption of draft-rsalz-use-san Viktor Dukhovni
- Re: [Uta] Adoption of draft-rsalz-use-san Henning Krause
- Re: [Uta] Adoption of draft-rsalz-use-san Eliot Lear
- Re: [Uta] Adoption of draft-rsalz-use-san Valery Smyslov
- Re: [Uta] Adoption of draft-rsalz-use-san Salz, Rich
- Re: [Uta] Adoption of draft-rsalz-use-san Salz, Rich
- Re: [Uta] Adoption of draft-rsalz-use-san Eliot Lear
- Re: [Uta] Adoption of draft-rsalz-use-san Salz, Rich
- Re: [Uta] Adoption of draft-rsalz-use-san Salz, Rich
- Re: [Uta] Adoption of draft-rsalz-use-san Leif Johansson
- [Uta] Depreciation (was Re: Adoption of draft-rsa… Watson Ladd
- Re: [Uta] Depreciation (was Re: Adoption of draft… Eliot Lear
- Re: [Uta] Adoption of draft-rsalz-use-san Nico Williams
- Re: [Uta] Adoption of draft-rsalz-use-san Viktor Dukhovni
- Re: [Uta] Adoption of draft-rsalz-use-san Eliot Lear
- Re: [Uta] Adoption of draft-rsalz-use-san Viktor Dukhovni
- Re: [Uta] Adoption of draft-rsalz-use-san Brian Smith
- Re: [Uta] Adoption of draft-rsalz-use-san Salz, Rich
- Re: [Uta] Adoption of draft-rsalz-use-san Hubert Kario
- Re: [Uta] Depreciation (was Re: Adoption of draft… Hubert Kario
- Re: [Uta] Depreciation (was Re: Adoption of draft… Eliot Lear (elear)
- Re: [Uta] Depreciation (was Re: Adoption of draft… Hubert Kario
- Re: [Uta] Depreciation (was Re: Adoption of draft… Eliot Lear
- Re: [Uta] Depreciation (was Re: Adoption of draft… Nico Williams
- Re: [Uta] Depreciation (was Re: Adoption of draft… Nico Williams
- Re: [Uta] Adoption of draft-rsalz-use-san Valery Smyslov
- Re: [Uta] Adoption of draft-rsalz-use-san Salz, Rich
- Re: [Uta] Adoption of draft-rsalz-use-san Valery Smyslov