Re: [Uta] New proposal: SMTP Strict Transport Security
Neil Cook <neil.cook@noware.co.uk> Tue, 22 March 2016 09:21 UTC
Return-Path: <neil.cook@noware.co.uk>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DA76512D66E for <uta@ietfa.amsl.com>; Tue, 22 Mar 2016 02:21:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pIR4yuNYewl9 for <uta@ietfa.amsl.com>; Tue, 22 Mar 2016 02:21:29 -0700 (PDT)
Received: from mail.noware.co.uk (mail.noware.co.uk [192.241.243.54]) by ietfa.amsl.com (Postfix) with ESMTP id 7F31712D59C for <uta@ietf.org>; Tue, 22 Mar 2016 02:21:29 -0700 (PDT)
Received: from [10.20.80.132] (unknown [217.110.50.170]) by mail.noware.co.uk (Postfix) with ESMTPSA id 326791C0942 for <uta@ietf.org>; Tue, 22 Mar 2016 09:21:28 +0000 (UTC)
Content-Type: multipart/signed; boundary="Apple-Mail=_CAC25EE9-71E2-41C0-9C49-0548DC9FA03D"; protocol="application/pgp-signature"; micalg="pgp-sha256"
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
X-Pgp-Agent: GPGMail 2.6b2
From: Neil Cook <neil.cook@noware.co.uk>
In-Reply-To: <20160322084859.GF6602@mournblade.imrryr.org>
Date: Tue, 22 Mar 2016 09:21:38 +0000
Message-Id: <D31BCFDF-5926-413A-8624-26B65F741A75@noware.co.uk>
References: <CAB0W=GS2PXF-divC+SNs+A-jH1-_BBA889-TbQXHvrVsrbKLEA@mail.gmail.com> <CAB0W=GSQ4oTLT+qepMi7Pj5=UmBD70D_uW7c193RY-gw818ORA@mail.gmail.com> <CAB0W=GRB_6LhqEGYzeYq-srnM99wqwZrdjUEm=vJ7+oFiKbYoA@mail.gmail.com> <CAB0W=GTGja5JtxGuCzhD6O3B2Ow-wLN-B6WQ8XUDyvQRqdFZxw@mail.gmail.com> <20160322063527.GD6602@mournblade.imrryr.org> <CANtKdUeh8LV1uaWAyRqQ2ou4pdTNvKgzuJ5kKsQLwPFORqrDQA@mail.gmail.com> <20160322084859.GF6602@mournblade.imrryr.org>
To: uta@ietf.org
X-Mailer: Apple Mail (2.3112)
X-CMAE-Score: 0
X-CMAE-Analysis: v=2.1 cv=TdMYtHgh c=1 sm=1 tr=0 a=wkG2kGxmeUQp3kYqFDvb7A==:117 a=wkG2kGxmeUQp3kYqFDvb7A==:17 a=L9H7d07YOLsA:10:nop_no_from_header a=9cW_t1CCXrUA:10:nop_no_to_header a=s5jvgZ67dGcA:10:nop_no_subject_header a=lyf1682xAAAA:8 a=kXKG7j4KDNiRwDF4k3oA:9 a=QEXdDO2ut3YA:10:nop_charset_2 a=NGVElam1rDX0tI0ztuwA:9
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/j6tHgfxZOV7r2KOD9rbu2-Zusls>
Subject: Re: [Uta] New proposal: SMTP Strict Transport Security
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Mar 2016 09:21:31 -0000
> On 22 Mar 2016, at 08:49, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > > On Tue, Mar 22, 2016 at 08:58:25AM +0100, Daniel Margolis wrote: > > My (strong) suggestion: use DNS for just cache invalidation, and > perhaps also publication (via a separate record) of the "rua" > reporting URI. Do not duplicate data which one must in any case > obtain and cache via HTTPS in DNS. > > Do not attempt to hedge your bets and support DANE/DNSSEC via STS, > I don't think that makes much sense either. > I agree with the “don’t hedge your bets” part. I was quite surprised to see all the justification for STS in the first part of the document, including “the mechanism described here presents a variant for systems not yet supporting DNSSEC”, and yet then goes on to include DNSSEC as one of the policy authentication mechanisms. > * Allow (DANE or other) domains to publish just the RUA, > the feature is not STS-specific. > +1 Neil
- [Uta] New proposal: SMTP Strict Transport Security Mark Risher
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Neil Cook
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Alexey Melnikov
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Chris Newman
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Mark Risher
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Chris Newman
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Mark Risher
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Chris Newman
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Chris Newman
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Mark Risher
- [Uta] SMTP Strict Transport Security - reporting Alexey Melnikov
- Re: [Uta] SMTP Strict Transport Security - report… John Levine
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] SMTP Strict Transport Security - report… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Chris Newman
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Alexey Melnikov
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Chris Newman
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Jeremy Harris
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Jim Fenton
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Jeremy Harris
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Jim Fenton
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Chris Newman
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Mark Risher
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Mark Risher
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Chris Newman
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Mark Risher
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Binu Ramakrishnan
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Jeremy Harris
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Jeremy Harris
- Re: [Uta] New proposal: SMTP Strict Transport Sec… ned+uta
- Re: [Uta] New proposal: SMTP Strict Transport Sec… John Levine
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… John Levine
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… David Schweikert
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… David Schweikert
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… David Schweikert
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Viktor Dukhovni
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Daniel Margolis
- Re: [Uta] New proposal: SMTP Strict Transport Sec… Aaron Zauner