IETF Logo Mail Archive

Re: [Uta] SMTP Over TLS on Port 26 - Implicit TLS Proposal

Viruthagiri Thirumavalavan <giri@dombox.org> Sun, 06 January 2019 02:45 UTC

Return-Path: <giri@dombox.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D895130F40 for <uta@ietfa.amsl.com>; Sat, 5 Jan 2019 18:45:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dombox.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bHfGxf7Sigsk for <uta@ietfa.amsl.com>; Sat, 5 Jan 2019 18:45:13 -0800 (PST)
Received: from mail-yb1-xb2d.google.com (mail-yb1-xb2d.google.com [IPv6:2607:f8b0:4864:20::b2d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2CA93130F36 for <uta@ietf.org>; Sat, 5 Jan 2019 18:45:07 -0800 (PST)
Received: by mail-yb1-xb2d.google.com with SMTP id w6so11798750ybq.1 for <uta@ietf.org>; Sat, 05 Jan 2019 18:45:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dombox.org; s=default; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=Dk3PZC9hKe74/mgfsYeW0Eu3Lmi25JlGtkHRH30zgL0=; b=RZmfy6gElsU6/o7sEge3+oyV7echEY2QwQBU8VzG3Y5CqcyhyV4NgxGkLnN9EdReNM e2jYxjhT7jGbMZadvRG65E9t/RsUNl1Ld4WfGep4Hob3n36CRRIcyfKf7JpTuxSGBJRu 1WOgTrQIl74bwkF5SQP2S88RqczuqpF5uQo2n08hLXKQWAembETjI5AYWWwDiZARb6u5 VRXaEL5Lk0DdHwuTXtl07UAQeDnUyuK5eJav51G+ytMsEEPb2dt9LF0FBLJxc0yv03H8 AQXtTylYz6nb33gTf/44YY9PaTWLUAVRYtU1RYyhM5hgGJl3cQQ69ZyiNJZGCI1ztCCz 8O+w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=Dk3PZC9hKe74/mgfsYeW0Eu3Lmi25JlGtkHRH30zgL0=; b=DUgMdAPEZfVX4gT5juP3pLZV49qO5Ioh/KWDBwGMVA7PFucxr8L5LmDj30HbvRxiTu nIBPwFgkXsb0D+Lou/aolcq5lGuB8stWQFHFYQGRvt05uZUAgCytG/n094ls+zWfyqNq IsGvlpwi425+Ckb3lS1lnjqn7Dd8ps2Lg25OpPiZQ3FWSpGtEJCsu+CjsDdcEIhH2iZq ut+vD9Ga+1wJDPRO4CV9eHRn2VJ+YIe3ZIJFPUi6lA9A4UcsZrz5DC7eSeCaGjAnW2rI OOqXeV7z1/MapV5YWyg6oTTy5u8qo6B6g7UOLfNeE71SFGfcqFM2wf7dF1+8Oh1kz/Z1 PbiQ==
X-Gm-Message-State: AJcUukdQmoPmxFQev792ZnRhDgO5GVSoTtydT1XWEUs6uULoD+SLs6Yw Up21Gw/S04ZAcZcJWaOVsSOw5wfiM14uQRzACPgHFhLX/3s=
X-Google-Smtp-Source: ALg8bN51z9XWLJx6NKS1q2XnKHr3TIFP5jQT3d9z/onvVHR9UXaPLsH1S8nnFvJ6Jnj/DfY5kBsv8sx/2KOxq0qqQwA=
X-Received: by 2002:a25:bac2:: with SMTP id a2mr24953302ybk.519.1546742705947; Sat, 05 Jan 2019 18:45:05 -0800 (PST)
MIME-Version: 1.0
References: <CAOEezJTyEf+Sn9ZqQPue1DFUSoFO211YogJ6ufYJxswWzXk=_A@mail.gmail.com> <20190106010828.CC431200C5ED52@ary.qy>
In-Reply-To: <20190106010828.CC431200C5ED52@ary.qy>
From: Viruthagiri Thirumavalavan <giri@dombox.org>
Date: Sun, 06 Jan 2019 08:14:54 +0530
Message-ID: <CAOEezJShOYkmy8-E+8zG=CPXxrWNcxf8q8W8MnW-v1RT0FzEWw@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008c1f88057ec11978"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/TtRP7Un-N1xX5dMZ3AD8cIj22EQ>
Subject: Re: [Uta] SMTP Over TLS on Port 26 - Implicit TLS Proposal
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 06 Jan 2019 02:45:16 -0000

>
> There are plenty of lightweight free daemons out there that can securely
> serve static content over TLS.


Alice, Thanks for the input.

I don't think "lightweight" is the problem here. If i'm desperate about
email security I'm gonna configure the web server even if it is not
lightweight. As you know, web server and mail server are two different
things. One should not depend on another in order to work.

For example, I'm using my domain only for mailing purposes. If I have to
setup a HTTPS server to make my email secure, i'm probably ok with that.
But it's not easy for non-tech savvy user who depends on third party mail
services like Google Apps. Setting up web server, installing SSL
certificates are high level tasks for a non-tech savvy user.

IDNs use a complex encoding and there is no reason to assume the encoding
> won't occasionally include the string "26pref".


As far as I can see, the converter converts the IDN names to ASCII string.
Since the text "26pref" is already an ASCII string, it's being kept
untouched.

If you are 100% sure that IDN gonna remove the string, then I agree my
proposal has no merits and this discussion is pointless. But the question
is, are you really 100% sure that they are gonna strip that string?

Really, this is what SRV is for.  It's not hard to program, and we all
> know that mail is not the web and the time for DNS lookups (of which
> there are already at least two, more if there's multiple MX) is not in
> the critical path.  If you want to be clever, do the SRV and MX
> lookups at the same time.


In my document, I mentioned this.

*From 2031 onwards, both port 26 and 25 would function similarly. Some
server admins just prefer to deal with only the secure version. So they can
name the MX server with prefix "26only-"*

And this

*In HTTPS, you prepend the "https" in the URL like https://www.google.com
<https://www.google.com> to signal the port 443 existence.*

*In my solution you are doing the same thing. Originally I wanted to have
the "smtps" prefix. So the MX record would look like this.
smtps-mx1.example.com <http://smtps-mx1.example.com>*

*But SMTP doesn't have any redirect feature like HTTP. So I had to go for
variations like "26pref" and "26only". Thus, "port 25 not allowed"
signaling can happen during the MX server "discovery" stage itself.*

Ok John, Let's go with your SRV solution. How can server admins let the
world know that they discontinued port 25?

v2.46.0 | Report a Bug | By Email | System Status