Re: [Uta] draft-ietf-uta-mta-sts-04 Review
Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 23 April 2017 01:32 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF9C21293EB for <uta@ietfa.amsl.com>; Sat, 22 Apr 2017 18:32:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 50hAOrEKYXhD for <uta@ietfa.amsl.com>; Sat, 22 Apr 2017 18:32:03 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64AD9126DFB for <uta@ietf.org>; Sat, 22 Apr 2017 18:32:03 -0700 (PDT)
Received: from [172.31.98.10] (rrcs-24-30-253-116.nys.biz.rr.com [24.30.253.116]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id CF6AE7A32F1 for <uta@ietf.org>; Sun, 23 Apr 2017 01:32:00 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <CANtKdUd2cu3BntMDPWiL-WKiDn1YyUMQm6bakMw++s9F8=65LA@mail.gmail.com>
Date: Sat, 22 Apr 2017 21:31:58 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: uta@ietf.org
Message-Id: <5C69D23D-9C3E-45EA-98C7-862C3916F5B2@dukhovni.org>
References: <2DB01F3A9898AE41BB3266315D9FDA2704903D88@S-DC-ESTE03-B.net1.cec.eu.int> <CANtKdUe3CS3A_czWURR_h9Z0r803sX-MQMZOMHioZJnCaauEWw@mail.gmail.com> <5c361c89-907b-ff65-8a11-8df08e0e46af@isode.com> <CANtKdUd2cu3BntMDPWiL-WKiDn1YyUMQm6bakMw++s9F8=65LA@mail.gmail.com>
To: uta@ietf.org
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/HwJhjDVYWHPGHrPwyYpsS2Qr2OI>
Subject: Re: [Uta] draft-ietf-uta-mta-sts-04 Review
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Apr 2017 01:32:05 -0000
> On Apr 22, 2017, at 1:11 PM, Daniel Margolis <dmargolis@google.com> wrote: > > Thanks for the pointer. > > Yes, I of course have no objections to checking CRL or OCSP. Given the mixed > state of deployments among browsers, it merely seems worrisome to me to require > that. MAY seems like a good clarification to have here. MAY is fine. Postfix has no support for CRLs or OCSP. CRLs will never be supported, I might support OCSP stapling some day, but not very soon. Exim appears to have OCSP support, but last time I looked at the code, it seemed to be going through the motions, but not actually validating the OCSP response correctly. So indeed MUST is rather far from current or likely near-term practice. -- Viktor.
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Daniel Margolis
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Alexey Melnikov
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Viktor Dukhovni
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Daniel Margolis
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Jeremy Harris
- [Uta] draft-ietf-uta-mta-sts-04 Review Gerard.DRAPER-GIL