Re: [Uta] [saag] UTA WG report
Jim Fenton <fenton@bluepopcorn.net> Thu, 30 March 2017 21:26 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 36CE3129498 for <uta@ietfa.amsl.com>; Thu, 30 Mar 2017 14:26:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.991
X-Spam-Level:
X-Spam-Status: No, score=-1.991 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b5QfUDQlj4n6 for <uta@ietfa.amsl.com>; Thu, 30 Mar 2017 14:26:47 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90862127B31 for <uta@ietf.org>; Thu, 30 Mar 2017 14:26:45 -0700 (PDT)
Received: from dhcp-8607.meeting.ietf.org (dhcp-8607.meeting.ietf.org [31.133.134.7]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u1) with ESMTP id v2ULQgiR026632 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 30 Mar 2017 14:26:44 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1490909204; bh=KWQerahjMEmMaEQuqWuLpez8rdzZKK/enpYw5GE+Y+c=; h=Subject:To:References:From:Date:In-Reply-To; b=BY4/QavvRd4A0AkR0FWFvn2DGRj1dNyQkqh+ou+X99R+95ldWv9lVqye3z59YaGxP tfeawny317PXUrAfA7rLpBqfSNZqL0V0g7oRizYaXVY56Yy4xNMgael/OM0FyidLYr 8N1kapcLX96vRBQu952eAZb1ooRcNv/m0S3+oyak=
To: Orit Levin <oritl@microsoft.com>, Keith Moore <moore@network-heretics.com>, "uta@ietf.org" <uta@ietf.org>
References: <CY1PR0301MB212290BDEA02EDE3ECEE0724AD340@CY1PR0301MB2122.namprd03.prod.outlook.com> <866da370-1475-c4cb-f86a-7a92b3778160@network-heretics.com> <CY1PR0301MB21225D1659C24FD946B66E5AAD340@CY1PR0301MB2122.namprd03.prod.outlook.com>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <5356f074-6aa0-e6f6-1dde-173b1772ad69@bluepopcorn.net>
Date: Thu, 30 Mar 2017 14:26:41 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <CY1PR0301MB21225D1659C24FD946B66E5AAD340@CY1PR0301MB2122.namprd03.prod.outlook.com>
Content-Type: multipart/alternative; boundary="------------DCFF82778DEC2FC08C9AED11"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/STABUuwWGFsg7cSZ-3cQ5XqorUY>
Subject: Re: [Uta] [saag] UTA WG report
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Mar 2017 21:26:59 -0000
[removing saag list because this is probably at a lower level of detail than appropriate there. But feel free to add them if I'm wrong] My sense that there is a "BCP part" to the draft is probably more clearly stated that there are really two different things described in the draft, as the draft itself says in section 5 paragraph 4: "Note that security directives are a separate mechanism from minimum confidentiality assurance levels." It appears to me that it's possible independently to implement/deploy confidentiality assurance levels and security directives. So I would split them up into separate documents. I still see confidentiality assurance levels as more of a BCP-ish mechanism. It defines particular security requirements for MUA-MTA connections to meet Confidentiality Assurance Level (CAL) 1, and different ones for CAL 0. That seems like a best current practice to me. I think we should tease these two things apart into separate specifications so that it's clear you can have one or the other or both. But the categorization of these two things doesn't really matter to me (whether CAL is a standards-track protocol or a BCP, specifically). -Jim On 3/30/17 1:50 PM, Orit Levin wrote: > > Keith, > > Great intro to gathering the very much needed feedback. > > Adding UTA so we can continue the discussion there. > > Thanks, > > Orit. > > > > *From:*saag [mailto:saag-bounces@ietf.org] *On Behalf Of *Keith Moore > *Sent:* Thursday, March 30, 2017 12:42 PM > *To:* saag@ietf.org > *Subject:* Re: [saag] UTA WG report > > > > As co-author of this document, I frankly don't understand what the > "BCP part" of draft-ietf-email-deep-06 is. BCP is appropriate for > process documents, or for specifications that don't lend themselves to > interoperability testing and thus cannot progress to full standard. > Neither of those is the case for deep. > > The assertion was made by one of the meeting attendees that the goals > of this specification can be met by mail service providers (MSPs) > incrementally blocking access to customers whose mail user agents > (MUAs) don't negotiate TLS. While I acknowledge that one MSP has > successfully employed this strategy, I personally wonder how well this > works for very large MSPs. To me it seems like the customer support > burden would be substantial. But I'm working on getting feedback on > the draft - both from implementors of widely-used MUAs, and from other > MSPs - to see what they say about the draft. > > Regardless of whether this protocol gets support from implementors, I > would not consider this work finished until we have consensus on how > to upgrade all MUA-server traffic to use TLS 1.1 or better, and have > confidence that this will enable us to deprecate cleartext and TLS <= > 1.0 access to these services within a year or two. > > Of course, if there's general agreement among MSPs that they can do > this without changes to MUAs and servers, so much the better. But > the work isn't done until we have consensus on a way forward (whether > it happens in UTA or not). > > Keith > > > > On 03/30/2017 03:13 PM, Orit Levin wrote: > > UTA WG met on Tue. All agenda topics relate to using TLS with > e-mail protocols. > > > > MTA-MTA interface: The drafts are very close to WG LC. The only > real open issue remains the choice between Jason and tag-value > format. Implementers choice is split 50/50. Vast majority (if not > all) are OK with implementing either. The AD (Alexei) will suggest > specific syntax for tag-value format. All interested parties > (i.e., potential implementers) are encouraged to chime in on UTA > list because we will be resolving this last issue in the upcoming > weeks and moving the draft to LC. > > > > MUA-MTA interface: the draft has been further updated. The > relevancy (and the complexity) of the proposed protocol has been > questioned during the meeting. Even if the answer is “irrelevant”, > the BCP part of the draft is still very useful. The authors will > investigate and proceed according to the results. (Potentially, > the draft could be shorten or split and the status changed to BCP, > Experimental, or both.) > > > > REQUIRE-TLS draft: the draft has been discussed and found valuable > for specific critical cases. It was suggested to continue working > on the draft with an intent to be adopted by UTA or other (new) WG > going forward. > > > > Orit. > > > > > > > _______________________________________________ > > saag mailing list > > saag@ietf.org <mailto:saag@ietf.org> > > https://www.ietf.org/mailman/listinfo/saag > > > > > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta
- [Uta] UTA WG report Orit Levin
- Re: [Uta] [saag] UTA WG report Orit Levin
- Re: [Uta] [saag] UTA WG report Jim Fenton
- Re: [Uta] [saag] UTA WG report Keith Moore