Re: [Uta] SMTP Over TLS on Port 26 - Implicit TLS Proposal

Alice Wonder <alice@domblogger.net> Tue, 08 January 2019 04:01 UTC

Return-Path: <alice@domblogger.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D020F130E4F for <uta@ietfa.amsl.com>; Mon, 7 Jan 2019 20:01:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=domblogger.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id b4DDY8ZMRXol for <uta@ietfa.amsl.com>; Mon, 7 Jan 2019 20:01:53 -0800 (PST)
Received: from mail.domblogger.net (mail.domblogger.net [104.200.18.67]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C89D512D4E7 for <uta@ietf.org>; Mon, 7 Jan 2019 20:01:53 -0800 (PST)
Received: from localhost.localdomain (c-73-15-182-232.hsd1.ca.comcast.net [73.15.182.232]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.domblogger.net (Postfix) with ESMTPSA id EA56BBBC for <uta@ietf.org>; Tue, 8 Jan 2019 04:01:52 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.11.0 mail.domblogger.net EA56BBBC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=domblogger.net; s=default2019; t=1546920113; bh=aLDJvBCbxI6ZdfFN1DJNZfuqHzxS1JnXv321ijQlW1M=; h=Subject:To:References:From:Date:In-Reply-To:From; b=LrgAk5P5f/HGH8ELWajK9pplJMo/JccX6OFEQfBRS6X/uu5qLvo125JuTLRAhGwmh 5XF7lCsljhtdfj+C30wweWa6t3m8jjXvh8+Wg4HLzx66m6I6j6MYCLpklZIYsDqk7T HYKslqxCOw5I24Juu5sQwLyuJ+mz33Ql3AUiuZifonEbgRIeMjfzOsw7KG9We6icJn l3t2T/f4gZmIs8fFqoZYVz4EUl0fCJSIsQT6MJW6kasHgonei4OGl00UKNCK8mbJYK lV00gt4tapfmT6AkD98m7Z7ipHmOAJb+Q7GicD3NjpUWJBO8TrQmWSychtE/6Z3v9P p6HPbiYlnb3oA==
To: uta@ietf.org
References: <CAOEezJTyEf+Sn9ZqQPue1DFUSoFO211YogJ6ufYJxswWzXk=_A@mail.gmail.com> <20190106010828.CC431200C5ED52@ary.qy> <CAOEezJShOYkmy8-E+8zG=CPXxrWNcxf8q8W8MnW-v1RT0FzEWw@mail.gmail.com> <123cecc0-aba2-9530-c0d9-b6437f295140@domblogger.net> <88fad90d-24b6-fe4d-5df8-bc294c4f6b33@bluepopcorn.net> <CAOEezJS+T3pP-GqwJFeT=HGbOu1TkY6W0kyjP9_FcVsaJ=hw7A@mail.gmail.com> <b4fe2502-dc1e-5dea-8515-b69ed262ac8f@domblogger.net> <CAOEezJTFxhRYGKQD0a8LLEL7UTPKmfdF5uYLDpZdj3Zm9P+wZw@mail.gmail.com> <35456e82-c149-864f-3312-cff55af68551@domblogger.net> <CAOEezJTTp-VDvChuTcG5yD4yAVe9M0eKZnN11tKXV79O53ai5w@mail.gmail.com> <542346640.18156.1546871078489@appsuite.open-xchange.com> <98be93f5-a637-3b89-d376-46cb2bcf2f61@domblogger.net> <1546912211666.74241@cs.auckland.ac.nz> <9a932d9b-abbf-db61-0b98-1bd915e45353@domblogger.net> <1546916114377.20135@cs.auckland.ac.nz>
From: Alice Wonder <alice@domblogger.net>
Message-ID: <855a7d10-2af6-4f6b-148a-8c2f6d75960c@domblogger.net>
Date: Mon, 07 Jan 2019 20:01:49 -0800
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.0
MIME-Version: 1.0
In-Reply-To: <1546916114377.20135@cs.auckland.ac.nz>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-384"; boundary="------------ms030800030205000308050305"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/nmBSE-xNukjCKBKv0ZWIFGXU3T0>
Subject: Re: [Uta] SMTP Over TLS on Port 26 - Implicit TLS Proposal
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jan 2019 04:01:56 -0000

On 1/7/19 6:55 PM, Peter Gutmann wrote:
> Alice Wonder <alice@domblogger.net> writes:
> 
>> I'm a privacy zealot
> 
> So how would deprecating opportunistic TLS help in that regard?
> 
> Peter.
> 

MX servers would not be violating RFC if they rejected plain text 
connection attempts (over 90% of which these days are spam).

MX servers would be violating RFC if they did accept plain text connections.

This will virtually eliminate passive attacks that log non-encrypted 
traffic. The TLS 1.3+ requirement makes it less worthwhile to log 
encrypted traffic because the secrets used for the ciphers are ephemeral.

btw in the 00s I knew a tech at a large silicon valley data center who 
bragged that he logged SMTP traffic and had scripts to look for 
potential insider trading information. Whether he actually did or not I 
do not know, but it is very possible he did.

There are good reasons to encrypt as much as possible.