IETF Logo Mail Archive

Re: [Uta] Email over TLS drafts

Alexey Melnikov <alexey.melnikov@isode.com> Tue, 25 February 2014 19:43 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A3C11A0207 for <uta@ietfa.amsl.com>; Tue, 25 Feb 2014 11:43:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.148
X-Spam-Level:
X-Spam-Status: No, score=-1.148 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c4sSzBGf-eRA for <uta@ietfa.amsl.com>; Tue, 25 Feb 2014 11:43:14 -0800 (PST)
Received: from statler.isode.com (statler.isode.com [62.3.217.254]) by ietfa.amsl.com (Postfix) with ESMTP id B718D1A0206 for <uta@ietf.org>; Tue, 25 Feb 2014 11:43:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1393357393; d=isode.com; s=selector; i=@isode.com; bh=RNnAduqn+um+FxJ/PAmhFxKStjlVCQCHaFRHgr5LAnk=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=A4ZlJZDLEDbgTHtK6D8eD6gXWNJZnniFnaksAdYIHFfOpicCS4QH3EuGRcSPFPz039QZQM BYg1JURbakLehe2cxWG/C3FItZOQTf7at3kQ/ydN3x8mKP8aLNvfUnVxJY71AsDpLIPula sS/KWETXkqLFnGidiKJM52wbEHzDPzI=;
Received: from [192.168.0.4] (cpc5-nmal20-2-0-cust24.19-2.cable.virginm.net [92.234.84.25]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <UwzyTABvgUNt@statler.isode.com>; Tue, 25 Feb 2014 19:43:13 +0000
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <530CF24C.9030302@isode.com>
Date: Tue, 25 Feb 2014 19:43:08 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
To: "Orit Levin (LCA)" <oritl@microsoft.com>
References: <f43cbf441ed743f08b70201a7da1a119@BL2PR03MB290.namprd03.prod.outlook.com>
In-Reply-To: <f43cbf441ed743f08b70201a7da1a119@BL2PR03MB290.namprd03.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/ciu_6xMS1yCmcUjNg1yMxoJ-pRw
Cc: "uta@ietf.org" <uta@ietf.org>, "chris.newman@oracle.com" <chris.newman@oracle.com>, "moore@network-heretics.com" <moore@network-heretics.com>
Subject: Re: [Uta] Email over TLS drafts
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 19:43:21 -0000

Hi,

On 23/02/2014 22:47, Orit Levin (LCA) wrote:
> Dear authors,
> In preparation for the London meeting, a few questions/comments about the email drafts:
>
> First, both drafts address the interface between MUA and MSA only, correct?
Yes. Earlier discussions pointed out that TLS deployment realities for 
MTA-to-MTA links are a bit different from MUA-to-MSA. In particular 
certificate verification rules might be different.
> It would be interesting to show (in the presentation), what the situation looks like for other email interfaces (e.g., between MTAs).
>
> draft-newman-email-deep-01
>
> - I think that merging the two drafts was the right move. It allows readers to see the whole range of techniques for consideration. That being said, the draft includes both (1) suggestions for preferred methods of operation based on existing standards and (2) new mechanisms to enhance privacy when email protocols are secured by TLS.  Would you consider discussing  the two categories using parallel tracks (drafts) in order to streamline the work?
I am not an editor, but I am personally Ok with both being discussed in 
the same draft. If the WG ends up not quickly converging on new bits, it 
might be worth discussing the split.
> - I am curious why the proposed latch mechanism (defined and used in sections 4, 6, and 7) has been considered for email applications specifically. I understand that you need some kind of an "application" or "signalling" or "management" protocol to implement the mechanism, but potentially it could be a common one to serve any application. This question seems especially applicable to the latches' definitions themselves.
I think trying this out for email first and then generalizing later is 
the best course of action.
> draft-melnikov-email-tls-certs-01
>
> This draft seems to specify the preferred methods of operation based on existing standards. It would helpful to show (in presentation and in the document) which of the recommendations are about putting constraints on the existing standard vs. what statements are real changes to the standard and thus require replacing sections in the existing RFC.

This intends to replace SMTP Submission TLS server verification procedure, because RFC 3207 is underspecified in this respect.
It also intends to replace IMAP TLS server verification procedure from RFC 3501. If you think it would help the discussion, I can quote specific text being replaced and what is the practical difference for implementations. draft-melnikov-email-tls-certs is a profile of RFC 6125, so it is using different terminology, which makes understanding the difference a bit trickier.

> Are any of the suggested recommendations in this draft would apply to applications other than email?
I think this is quite specific to email. I know that XMPP and HTTP 
differ slightly from what is proposed for email.
> Thanks and looking forward to your presentations in London,
> Orit.

v2.23.0 | Report a Bug | By Email