IETF Logo Mail Archive

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 14 March 2019 17:10 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F6A3130EE7; Thu, 14 Mar 2019 10:10:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sjNO5uPpC2Lz; Thu, 14 Mar 2019 10:10:13 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D719D130DC9; Thu, 14 Mar 2019 10:10:12 -0700 (PDT)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 13435303F73; Thu, 14 Mar 2019 13:10:12 -0400 (EDT)
Date: Thu, 14 Mar 2019 13:10:12 -0400
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: iesg@ietf.org
Cc: uta@ietf.org, uta-chais@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org
Message-ID: <20190314171011.GD3822@straasha.imrryr.org>
Reply-To: uta@ietf.org, uta-chais@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org, iesg@ietf.org
References: <155076162945.8595.2671476533659571699.idtracker@ietfa.amsl.com> <b60988cd-ef8a-46db-8d70-795954109bd3@www.fastmail.com> <CABcZeBP-qzG4c2SX5P3HeDC2P5ChVTDA43MSvQXk1=bxBEr=2A@mail.gmail.com> <E2B60AD7-2CED-4480-AAAA-38714E95EBD0@dukhovni.org> <CABcZeBOWw=XEbyxu94_v-kkYxyuuPDTnJeJ+_-44VoCOFTyOBw@mail.gmail.com> <CABcZeBO30t6vYXO1TdjSriwoB=NYoEGUDB3P2r2mietFAeJy4Q@mail.gmail.com> <2A5C62FF-32B7-493E-9F36-D5C4E6BADF62@dukhovni.org> <CABcZeBPPnnKs8DzO=MyLxgPrHxZk2oG88eiD9gBwpi9HmwAqDQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBPPnnKs8DzO=MyLxgPrHxZk2oG88eiD9gBwpi9HmwAqDQ@mail.gmail.com>
User-Agent: Mutt/1.11.1 (2018-12-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/U8g8jYO6pJKykikvd18vP_B0aHU>
Subject: Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 17:10:15 -0000

On Thu, Mar 14, 2019 at 09:43:35AM -0700, Eric Rescorla wrote:

> > Think "Happy Birthday Grandma" (ideally not belated) postcard (i.e.
> > cleartext OK).
> 
> Well, my point is that this use case is in direct conflict with the plain
> text of the semantics of MTA-STS.

Neither MTA-STS nor DANE specify a per-message opt-out mechanism.
A key difference in our viewpoints, is that in my view once such
an opt-out is invoked, DANE and MTA-STS are no longer in use, so
there's no conflict at all, since the sender is no longer using
DANE or MTA-STS, the sender has elected a different security policy
for the message (typically opportunistic STARTTLS).

No sender is obligated to use DANE or MTA-STS, and this draft
delegates part of the decision to the sender.  The sender's MTA may
choose to not honour the "RequireTLS: no" hint, because local policy
mandates stronger security for a particular destination or in general.

A browser doing HTTPS allows me to click through various warnings
and see a site whose certificate does not match its name, is expired
etc.  Email delivery is asynchronous, and so the corresponding user
opt-out signal needs to be in the message content.

> > By far the more reliable notification channel, is email to an actual
> > user, who knows how to reach support for his provider, or in SOHO
> > cases knows (or is) the administrator in person.
> 
> I think you are misunderstanding me. I am saying that the same indication
> that says "use TLS" should also list the exempt addresses.

Well, that's not going to happen.  The receiving systems are not
anticipating and planning for failure.  You're still trying to put
all the controls on the receiving side, and that just does not work,
and does not give users the option of delivering time-sensitive
messages directly to their correspondents (rather than the support
team that may not get around to a ticket from a stranger for days).

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email