Re: [Uta] REQUIRETLS: another SMTP TLS mechanism
Jeremy Harris <jgh@wizmail.org> Fri, 25 March 2016 13:45 UTC
Return-Path: <jgh@wizmail.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC9EA12D9F2 for <uta@ietfa.amsl.com>; Fri, 25 Mar 2016 06:45:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qj4XsZw2EHsY for <uta@ietfa.amsl.com>; Fri, 25 Mar 2016 06:45:53 -0700 (PDT)
Received: from wizmail.org (wizmail.org [IPv6:2a00:1940:107::2:0:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79BFE12D9EB for <uta@ietf.org>; Fri, 25 Mar 2016 06:45:51 -0700 (PDT)
Received: from test.vpn.wizint.net ([217.146.107.71] helo=lap.dom.ain) from_AS 16353 by wizmail.org with esmtpsa (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.86) id 1ajS3h-0003Jp-Ou for uta@ietf.org (return-path <jgh@wizmail.org>); Fri, 25 Mar 2016 13:45:49 +0000
To: uta@ietf.org
References: <56F49E9B.2090403@bluepopcorn.net> <79BB5D4B-A939-42F0-9F3D-3F9E59BC4668@azet.org>
From: Jeremy Harris <jgh@wizmail.org>
Message-ID: <56F5410C.8060906@wizmail.org>
Date: Fri, 25 Mar 2016 13:45:48 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <79BB5D4B-A939-42F0-9F3D-3F9E59BC4668@azet.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 8bit
X-Pcms-Received-Sender: test.vpn.wizint.net ([217.146.107.71] helo=lap.dom.ain) with esmtpsa
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/pA40vUstQ4lifSz1NqNe_8HaNAI>
Subject: Re: [Uta] REQUIRETLS: another SMTP TLS mechanism
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2016 13:45:55 -0000
On 25/03/16 12:09, Aaron Zauner wrote: >> On 25 Mar 2016, at 03:12, Jim Fenton <fenton@bluepopcorn.net> wrote: >> REQUIRETLS is an SMTP service extension that allows an SMTP client to >> specify (via a MAIL FROM option) that a given message must be sent over >> a TLS protected session with specified security characteristics. Options >> allow the specification of allowable methods of server certificate >> verification, including web-PKI and DANE. In advertising its support for >> REQUIRETLS, the SMTP server is promising to honor that requirement. > This sounds very similar to what DEEP is trying to achieve, can you highlight important differences? As I read them: REQUIRETLS covers an entire chain of to-MTA hops (by requiring not only TLS but also REQUIRETLS on a forwarding hop, or bounce). It would presumably cover the MUA-MSA hop (as DEEP does) when SMTP was used there. It SHOULD's secure access by the destination MUA (though that will be hard, in many implementations, as it requires implementation in a separate lump of software). It works on a per-message basis. DEEP talks in terms of per-mail-account configuration. It deals with both submission and access, It talks about UI presentation of security status. It does not cover beyond the MSA or MDA. -- Cheers, Jeremy
- [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Aaron Zauner
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jeremy Harris
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jeremy Harris
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism John Levine
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Orit Levin (CELA)
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Chris Newman
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni