[Uta] REQUIRETLS: another SMTP TLS mechanism
Jim Fenton <fenton@bluepopcorn.net> Fri, 25 March 2016 02:12 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E46BA12D0DA for <uta@ietfa.amsl.com>; Thu, 24 Mar 2016 19:12:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VLY8-v6_zyem for <uta@ietfa.amsl.com>; Thu, 24 Mar 2016 19:12:47 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D02412D12F for <uta@ietf.org>; Thu, 24 Mar 2016 19:12:45 -0700 (PDT)
Received: from splunge.local (c-50-136-244-117.hsd1.ca.comcast.net [50.136.244.117]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.3/8.14.3/Debian-9.4) with ESMTP id u2P2Ci96000929 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for <uta@ietf.org>; Thu, 24 Mar 2016 19:12:45 -0700
From: Jim Fenton <fenton@bluepopcorn.net>
To: uta@ietf.org
Message-ID: <56F49E9B.2090403@bluepopcorn.net>
Date: Thu, 24 Mar 2016 19:12:43 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1458871965; bh=aBZp6GV+QnP30ckLO82lRzrm5+JJ99n26hFOGPIOfhE=; h=From:Subject:To:Date; b=goOMoXogh4XiOO0NG439Ao8majWmwt3dZq4+5Dj6lCtYjumlWUDCUz6j8ZECxo0Be 2BsN106aDKgyyHK29fuVOwGK4dQopMD6JWSvPewKlXsv7jaEFDj10NvI1oJZQNmido fWFzBFEG6fmE/pmsGpMupP/YMbNTJ1ybAlZOjNdY=
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/cYqL_TcgPMtyLSTtgdcNmBYVIj8>
Subject: [Uta] REQUIRETLS: another SMTP TLS mechanism
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2016 02:12:49 -0000
Not to distract from the STS discussion, but I thought I'd point out another approach to SMTP TLS 'encouragement' that I submitted a few weeks ago: draft-fenton-smtp-require-tls-01. There has been some discussion of this draft, primarily on the ietf-smtp mailing list and a little on the perpass list. REQUIRETLS is an SMTP service extension that allows an SMTP client to specify (via a MAIL FROM option) that a given message must be sent over a TLS protected session with specified security characteristics. Options allow the specification of allowable methods of server certificate verification, including web-PKI and DANE. In advertising its support for REQUIRETLS, the SMTP server is promising to honor that requirement. The idea here is that REQUIRETLS allows the SMTP client to override the default "deliver even if you can't do it securely" behavior of SMTP. The philosophy is that the sender of the message (SMTP client) is in the best position to know if a given message should only be sent via TLS, either based on some information it has about the sensitivity of the message or based on the client's local policy. I plan on giving a short talk on REQUIRETLS (remotely) at the BA UTA meeting. Questions or comments are of course welcome, either here or on ietf-smtp. -Jim
- [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Aaron Zauner
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jeremy Harris
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jeremy Harris
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism John Levine
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Orit Levin (CELA)
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Chris Newman
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni