Re: [Uta] What's the right thing to do about Port 465?
Chris Newman <chris.newman@oracle.com> Tue, 11 March 2014 02:55 UTC
Return-Path: <chris.newman@oracle.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B4051A06E9 for <uta@ietfa.amsl.com>; Mon, 10 Mar 2014 19:55:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.205
X-Spam-Level:
X-Spam-Status: No, score=-3.205 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DATE_IN_PAST_06_12=1.543, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hhqFSMVNUXpf for <uta@ietfa.amsl.com>; Mon, 10 Mar 2014 19:55:35 -0700 (PDT)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 32D6A1A03AB for <uta@ietf.org>; Mon, 10 Mar 2014 19:55:35 -0700 (PDT)
Received: from ucsinet22.oracle.com (ucsinet22.oracle.com [156.151.31.94]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s2B2tR0f017111 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Tue, 11 Mar 2014 02:55:28 GMT
Received: from gotmail.us.oracle.com (gotmail.us.oracle.com [10.133.152.174]) by ucsinet22.oracle.com (8.14.5+Sun/8.14.5) with ESMTP id s2B2tO5U000165; Tue, 11 Mar 2014 02:55:27 GMT
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-type: text/plain; CHARSET="US-ASCII"; format="flowed"
Received: from [10.159.234.198] (dhcp-whq-twvpn-3-vpnpool-10-159-234-198.vpn.oracle.com [10.159.234.198]) by gotmail.us.oracle.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built Jan 22 2014)) with ESMTPA id <0N290013L44AKC00@gotmail.us.oracle.com>; Mon, 10 Mar 2014 19:55:24 -0700 (PDT)
Date: Mon, 10 Mar 2014 19:54:03 +0000
From: Chris Newman <chris.newman@oracle.com>
To: Keith Moore <moore@network-heretics.com>, uta@ietf.org
Message-id: <18E382E9817F03CAC7D0DB68@[192.168.15.107]>
In-reply-to: <531D6338.7050505@network-heretics.com>
References: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD89@USMBX1.msg.corp.akamai.com> <8691BA706C9BAB52D64A8444@96B2F16665FF96BAE59E9B90> <00cd01cf3b05$4e5fa500$eb1eef00$@huitema.net> <531D60FC.2090604@cisco.com> <531D6338.7050505@network-heretics.com>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
X-Source-IP: ucsinet22.oracle.com [156.151.31.94]
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/aXE5Ss0plpIogUzvxuPJ1f9FBtI
Subject: Re: [Uta] What's the right thing to do about Port 465?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Mar 2014 02:55:38 -0000
--On March 10, 2014 3:01:12 -0400 Keith Moore <moore@network-heretics.com> wrote: > On 03/10/2014 02:51 AM, Eliot Lear wrote: >> Routers running URD intercept all packets using port 465, regardless >> of destination. > > So is the right thing to do: > > a) Recommend port 465 anyway, but document the problem with these > routers? > > b) Allocate and recommend a different port, even though that's going to > increase configuration difficulties for the vast majority of legacy > clients? (and assuming that new clients default to the new port, also > complicate configuration of those clients with legacy servers?) > > c) Allocate a different port to be the "official" port, recommend that > servers support both ports when feasible (for the benefit of legacy > clients), and recommend that new clients use SRV lookup to discover the > submissions port? > > d) something else? I don't think there's a "right thing" to do in this situation. I am opposed to registering a new well-known-port for "submissions"; that will create real interoperability and deployment problems for no benefit other than registry purity. So I do not support options b & c. Here are three options, in my order of preference, that I do not believe make things worse than they are today: 1. Recommend port 465, but document the problem with these routers. 2. Recommend use of STARTTLS on port 587. This makes our Submission + TLS recommendation asymmetric with our recommendation for other MUA protocols, but it does not make the current deployment situation worse. STARTTLS remains the only option for SMTP relay, so it could be argued this keeps SMTP consistent. However, STARTTLS does seem to be somewhat more difficult to deploy/test/configure than implicit TLS in practice so I believe option 1 will result in more use of TLS for submission than this option. 3. Do not register a new well-known-port for "submissions". Clients wishing to use "submissions" service MUST use SRV record lookups as documented RFC 6186. Choice of port is a matter for service providers. This will be more difficult to deploy than 1, particularly because it requires SRV-ID (or DANE) support and has near zero deployment today. I prefer 1, but can live with any of these three options. - Chris
- Re: [Uta] Port 465 Eliot Lear
- [Uta] Port 465 Salz, Rich
- Re: [Uta] Port 465 Chris Newman
- Re: [Uta] Port 465 Ilari Liusvaara
- Re: [Uta] Port 465 Christian Huitema
- Re: [Uta] Port 465 t.p.
- Re: [Uta] Port 465 Eliot Lear
- [Uta] What's the right thing to do about Port 465? Keith Moore
- [Uta] What's the right thing to do about Port 465? Kurt Andersen
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] What's the right thing to do about Port… Tony Finch
- Re: [Uta] Port 465 Christian Huitema
- Re: [Uta] Port 465 Eliot Lear
- Re: [Uta] What's the right thing to do about Port… t.p.
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] Port 465 Keith Moore
- Re: [Uta] Port 465 Kurt Andersen
- Re: [Uta] Port 465 Joe St Sauver
- Re: [Uta] Port 465 Keith Moore
- Re: [Uta] Port 465 Kurt Andersen
- Re: [Uta] What's the right thing to do about Port… Chris Newman
- Re: [Uta] Port 465 Chris Newman
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] What's the right thing to do about Port… t.p.
- Re: [Uta] What's the right thing to do about Port… Keith Moore