IETF Logo Mail Archive

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Nico Williams <nico@cryptonector.com> Thu, 14 March 2019 18:03 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA7CC1279AD; Thu, 14 Mar 2019 11:03:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KdkrIcvoUTQQ; Thu, 14 Mar 2019 11:03:06 -0700 (PDT)
Received: from goldenrod.birch.relay.mailchannels.net (goldenrod.birch.relay.mailchannels.net [23.83.209.74]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2DA74129A4B; Thu, 14 Mar 2019 11:03:04 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 486108C24A7; Thu, 14 Mar 2019 18:03:01 +0000 (UTC)
Received: from pdx1-sub0-mail-a76.g.dreamhost.com (100-96-6-19.trex.outbound.svc.cluster.local [100.96.6.19]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id B7A718C25C6; Thu, 14 Mar 2019 18:03:00 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from pdx1-sub0-mail-a76.g.dreamhost.com ([TEMPUNAVAIL]. [64.90.62.162]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384) by 0.0.0.0:2500 (trex/5.16.3); Thu, 14 Mar 2019 18:03:01 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Harmony-Chief: 67b4489532f3213b_1552586580972_1303421267
X-MC-Loop-Signature: 1552586580972:3552723161
X-MC-Ingress-Time: 1552586580971
Received: from pdx1-sub0-mail-a76.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a76.g.dreamhost.com (Postfix) with ESMTP id 65FD68000A; Thu, 14 Mar 2019 11:02:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to; s=cryptonector.com; bh=/whylMhNaaypdm wRZEbLhr+ajnY=; b=la/EzcS7lSBP56XZ/2RR34gPVMAzIRfMQ4VdP77XGKGmIu KAVl2zixx6YL+sQCg6LKo6ytWvU+pi7d524YQaYVEOiIn1gQrn9hWtfWA3SbeT1c 5h4h0po8Y84lbuJPlYDSg2l3gns5qI2YxT5l4xJal0GYDdQxtgBbMq+tQtZzE=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a76.g.dreamhost.com (Postfix) with ESMTPSA id 0F53A8000B; Thu, 14 Mar 2019 11:02:54 -0700 (PDT)
Date: Thu, 14 Mar 2019 13:02:52 -0500
X-DH-BACKEND: pdx1-sub0-mail-a76
From: Nico Williams <nico@cryptonector.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: uta@ietf.org, uta-chairs@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org, The IESG <iesg@ietf.org>
Message-ID: <20190314180222.GL4211@localhost>
References: <155076162945.8595.2671476533659571699.idtracker@ietfa.amsl.com> <b60988cd-ef8a-46db-8d70-795954109bd3@www.fastmail.com> <CABcZeBP-qzG4c2SX5P3HeDC2P5ChVTDA43MSvQXk1=bxBEr=2A@mail.gmail.com> <E2B60AD7-2CED-4480-AAAA-38714E95EBD0@dukhovni.org> <CABcZeBOWw=XEbyxu94_v-kkYxyuuPDTnJeJ+_-44VoCOFTyOBw@mail.gmail.com> <CABcZeBO30t6vYXO1TdjSriwoB=NYoEGUDB3P2r2mietFAeJy4Q@mail.gmail.com> <20190314172731.GK4211@localhost> <CABcZeBMPgm1yG0K513D9WsytS9Y+=cH38SnKcHkveqSrsUcpkQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBMPgm1yG0K513D9WsytS9Y+=cH38SnKcHkveqSrsUcpkQ@mail.gmail.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
X-VR-OUT-STATUS: OK
X-VR-OUT-SCORE: -100
X-VR-OUT-SPAMCAUSE: gggruggvucftvghtrhhoucdtuddrgedutddrheefgddujecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucggtfgfnhhsuhgsshgtrhhisggvpdfftffgtefojffquffvnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpeffhffvuffkfhggtggujggfsehttdertddtredvnecuhfhrohhmpefpihgtohcuhghilhhlihgrmhhsuceonhhitghosegtrhihphhtohhnvggtthhorhdrtghomheqnecukfhppedvgedrvdekrddutdekrddukeefnecurfgrrhgrmhepmhhouggvpehsmhhtphdphhgvlhhopehlohgtrghlhhhoshhtpdhinhgvthepvdegrddvkedruddtkedrudekfedprhgvthhurhhnqdhprghthheppfhitghoucghihhllhhirghmshcuoehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmqedpmhgrihhlfhhrohhmpehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmpdhnrhgtphhtthhopehnihgtohestghrhihpthhonhgvtghtohhrrdgtohhmnecuvehluhhsthgvrhfuihiivgeptd
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/YjrfbDCghsAU-83oSgcjMPmCYic>
Subject: Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 18:03:08 -0000

On Thu, Mar 14, 2019 at 10:31:32AM -0700, Eric Rescorla wrote:
> On Thu, Mar 14, 2019 at 10:27 AM Nico Williams <nico@cryptonector.com>
> wrote:
> >   | [quotes from RFC8461 elided]
> >
> > How does this not allow a sending MTA to... not honor MTA-STS?
> 
> It's allowed to not *generally* honor STS, but this text does not have any
> provision for just ignoring it for some messages. Any other reading seems
> extremely strained.

RFC8461 does not say "generally honoring MTA-STS".  Where do you get
that?  Did I miss something?  The word certainly does not appear.

Any reading of RFC8461 where you insert this missing "generally" looks
strained to me.  How would an implementor reading the RFC get that?  Are
they expected to look in the archives of this and other threads to find
that the IESG decided that this absent "generally" was there?

Even if RFC8461 *did* say that, so what.  There's no normative
definition of "generally honoring MTA-STS" there.

Even if RFC8461 *did* say that and had a normative definition of
"generally honoring MTA-STS", we could just update it.  If not even
consider it an erratum (it would have been an error, IMO).

Nico
--

v2.23.0 | Report a Bug | By Email