IETF Logo Mail Archive

Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 21 February 2019 10:16 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F99D12D827; Thu, 21 Feb 2019 02:16:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=tbGxaNQ/; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=Vv75fj4R
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1IcfsdgnDzm2; Thu, 21 Feb 2019 02:16:14 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3D371276D0; Thu, 21 Feb 2019 02:16:13 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id A285921CFC; Thu, 21 Feb 2019 05:16:12 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Thu, 21 Feb 2019 05:16:12 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=k NsNOcf0Dnvbp9chcu6uy65Jj1/5yXD9yYBPcwJiz44=; b=tbGxaNQ/EPqrXgtub AHwrpOZlUn2UHfPbPHXTwTdiD4w7MWLuV+EruM3rApJlB44z1cb7u+kTcB6Va02g FPbijP3LYZlfg/MedO1V4+CI4GOh+5B/7w3CqBdi/iuKO17ypgxKKccMKkZAUI9J MvfK6FLvUnVJu+GUZZJxt30KAA9Ayjt/44RG5/JEukCYzMFMl5O0jj56GEMVj4y2 JiWoP49HaNWIVh4Q+FiTZKftKXyVFy6S4jNnw45N9A3wkHNju3SpWFU8IHwU4X90 4sfk67jEearG84z/nr2yIthMBOemwEX/JaZKwrZF6OQSRZscHOLG0HtAVClXxgc8 jHu7Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=kNsNOcf0Dnvbp9chcu6uy65Jj1/5yXD9yYBPcwJiz 44=; b=Vv75fj4RdU5gaM51zjzcBDyZ1TsUXN1uxetfXg8BCNH9uuOxjBbvfXwbq 9nNIjpg9b3SDf9Ocgyzkea2i6Kk6J3oh534bJgYfXBypjB1Ibpufyd8IICJqk9dQ I3dV5/egK/xIXY8gIJ24FlAD+sIN2+SaiaGXoNxtJRNaKIu4qqNBsYWfj+I+vmbX 4xZJ2B+DhCZiHPCrvHVnWrrZXAEgp8SnI/fLiteKtBEv6fZuKoe/dMSB+6/SUvno NC0ydgU+yRNaxgkfVlpjrWa0jONY0VLX6DCj0aYHvTUdw94cxBb/uQc1ymeooRhc 4qC8xLBeF9BkKFems5se3anQ/pqaQ==
X-ME-Sender: <xms:bHpuXBzXIxcv2jdmKxFyEBmi6C3xaWNiEYwprTRCBg_AvWzemvRSiQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdekgdduheculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurheptggguffhofgjfffgkfhfvfesthhqmhdthhdtvdenucfhrhhomheptehlvgig vgihucfovghlnhhikhhovhcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrdhfmh eqnecukfhppeejjedrleejrddugeehrdehheenucfrrghrrghmpehmrghilhhfrhhomhep rggrmhgvlhhnihhkohhvsehfrghsthhmrghilhdrfhhmnecuvehluhhsthgvrhfuihiivg eptd
X-ME-Proxy: <xmx:bHpuXEjH09eHvs6iWzJ_wRg7oa8UU9IorhUUYld1sWLoaNY0a187Wg> <xmx:bHpuXEwNYTmarlK4m-NZWbqz2mw-94xcYKUfteVArVfFuaIYbH5Hmg> <xmx:bHpuXPJstjRPUlt141N5K6Vs3_LVOzlmUss67lVbj-K3u__1AixKXg> <xmx:bHpuXHKDfA9Q4Pkmv5Vx2wzRoo6HO-62h45vvCFhxQLLHD8W0H2kAQ>
Received: from [192.168.0.9] (cpc121086-nmal24-2-0-cust54.19-2.cable.virginm.net [77.97.145.55]) by mail.messagingengine.com (Postfix) with ESMTPA id BFFC210312; Thu, 21 Feb 2019 05:16:11 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Alexey Melnikov <aamelnikov@fastmail.fm>
X-Mailer: iPad Mail (14F89)
In-Reply-To: <155072491254.20210.15187912705241578950.idtracker@ietfa.amsl.com>
Date: Thu, 21 Feb 2019 10:24:17 +0000
Cc: The IESG <iesg@ietf.org>, uta@ietf.org, uta-chairs@ietf.org, valery@smyslov.net, draft-ietf-uta-smtp-require-tls@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <3EF4E85D-6836-4A08-9638-82F88F28A5A3@fastmail.fm>
References: <155072491254.20210.15187912705241578950.idtracker@ietfa.amsl.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/RWJN-Vbct-iD8XF3H9RiAqJjQYw>
Subject: Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 10:16:16 -0000

Hi Benjamin,
A couple of comments on some of your DISCUSS points:

> On 21 Feb 2019, at 04:55, Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> I'm also concerned about the apparent new burden placed on senders to
> actively decide whether every outgoing message requires end-to-end TLS
> protection or is safe to forward without TLS, especially in light of the
> apparent goal (see next paragraph) of quickly achieving (near-)universal
> deployment.

While I have sympathy toward the feeling that some users would be unable to decide, there are certain classes of email messages that would require either "yes" or "no" option. For example, banking statements sent in email might always require "yes".

>  There doesn't seem to be much in this document to justify
> the stance that the default "don't care" option should be removed.

The default option is always present (as it is the default SMTP behaviour) when the client chooses not to use the extension. So "don't care" option is always possible.
> 
> The "must chain forward to final delivery" property for the REQUIRETLS
> option seems to present some incremental deployment difficulties, in that
> it will be nigh-impossible to successfully deliver such a message until
> there is fairly significant deployment coverage.  E.g., if any major email
> hosting provider does not implement, then it will forever remain a niche
> technology.  What indication to we have that this technology can succeed as
> specified?

There are several SMTP extensions on Standards Track that have similar properties. IETF generally didn't require "prove that it gets deployed" for them. There are already some implementations (as per the write-up).

>  If we anticipate it becoming a part of the de facto core,
> mandatory, SMTP feature set, should we not indicate that by an Updates:
> relationship?

We haven't done this in the past even for widely deployed SMTP extensions. This is not a reason not to do this in the future, but I think starting with this extension would cause more confusion.

Best Regards,
Alexey

v2.23.0 | Report a Bug | By Email