Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 14 March 2019 18:17 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1ED711277E5; Thu, 14 Mar 2019 11:17:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NTeadR8FiQoE; Thu, 14 Mar 2019 11:17:53 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6CEF21274D0; Thu, 14 Mar 2019 11:17:53 -0700 (PDT)
Received: from [192.168.1.161] (unknown [192.168.1.161]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 7AFED304142; Thu, 14 Mar 2019 14:17:52 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <CABcZeBMPgm1yG0K513D9WsytS9Y+=cH38SnKcHkveqSrsUcpkQ@mail.gmail.com>
Date: Thu, 14 Mar 2019 14:17:51 -0400
Cc: uta@ietf.org, uta-chairs@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org
Reply-To: uta@ietf.org, uta-chairs@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org, The IESG <iesg@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <4739E062-6648-4A7B-B016-3EBC5C5ECEA3@dukhovni.org>
References: <155076162945.8595.2671476533659571699.idtracker@ietfa.amsl.com> <b60988cd-ef8a-46db-8d70-795954109bd3@www.fastmail.com> <CABcZeBP-qzG4c2SX5P3HeDC2P5ChVTDA43MSvQXk1=bxBEr=2A@mail.gmail.com> <E2B60AD7-2CED-4480-AAAA-38714E95EBD0@dukhovni.org> <CABcZeBOWw=XEbyxu94_v-kkYxyuuPDTnJeJ+_-44VoCOFTyOBw@mail.gmail.com> <CABcZeBO30t6vYXO1TdjSriwoB=NYoEGUDB3P2r2mietFAeJy4Q@mail.gmail.com> <20190314172731.GK4211@localhost> <CABcZeBMPgm1yG0K513D9WsytS9Y+=cH38SnKcHkveqSrsUcpkQ@mail.gmail.com>
To: The IESG <iesg@ietf.org>
X-Mailer: Apple Mail (2.3445.102.3)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/cOm40tKH_lFfgq_kzst6nnlkpcE>
Subject: Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 18:17:56 -0000
> On Mar 14, 2019, at 1:31 PM, Eric Rescorla <ekr@rtfm.com> wrote: > > It's allowed to not *generally* honor STS, but this text does not > have any provision for just ignoring it for some messages. In MTAs (e.g. Postfix), the delivery policy is *always* per message, or more precisely per message recipient. Either the message sender or message content (filter) can map to a default transport with an associated set security mechanisms/policies, and then a specific recipient may map to a suitable recipient-specific transport. When a particular envelope is mapped to a non-DANE policy, the DANE specification does not apply. Ditto for MTA-STS, and this is the only plausible reading of either specification. When in Rome do as the Roman's do, but elsewhere togas are not standard attire. Just because Postfix *implements* DANE, does not make it *generally* honoured. DANE, if enabled at all, is either used or not used for a particular envelope, with multiple factors taken into account. Thus the same destination domain's published TLSA records, may or may not get used, depending on the sender, the message content or the recipient. This draft merely formalizes a standard signal that an MUA can use to feed into the transport policy selection. Other MTAs similarly have lots of per-message-envelope knobs. So "honor" always only applies one message at a time. Just because some envelopes adhere to a policy does not make that policy more equal than others. -- Viktor.
- [Uta] Eric Rescorla's Discuss on draft-ietf-uta-s… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Salz, Rich
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Benjamin Kaduk
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Barry Leiba
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Barry Leiba
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… John Levine
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Benjamin Kaduk
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Barry Leiba
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Alexey Melnikov
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton