IETF Logo Mail Archive

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Eric Rescorla <ekr@rtfm.com> Thu, 21 February 2019 20:23 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51CD7130E9D for <uta@ietfa.amsl.com>; Thu, 21 Feb 2019 12:23:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0MQOci_Nk4aQ for <uta@ietfa.amsl.com>; Thu, 21 Feb 2019 12:23:17 -0800 (PST)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 360D2130EED for <uta@ietf.org>; Thu, 21 Feb 2019 12:23:14 -0800 (PST)
Received: by mail-lj1-x233.google.com with SMTP id z25so17304893ljk.8 for <uta@ietf.org>; Thu, 21 Feb 2019 12:23:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=nPAm5SNUK/ZWIY2FBL707mC8ZsqUkV7Qtjx0rUE9MQI=; b=ljvHx3ChvmgnlmJVUjJWtOzIRnSJRDAFqGvPPhAvjyV6hF10ERIMq9GKX5Xy5p1+gJ cw2SnwGbIsyA4/weoZmH8Aycw2zivr4L6hu5AWABnhTebhVwqhMBMGAotmEkucyFc029 S1EV5G+Mn/mD4/hkXc8G/myMBbXZaKhp2JpdHmCyAwaUoyvWQrnJ35zdHV7ZMuh5ucIJ D7uSJ/jlKjBoEiERW3G7IJQFz4M9UGuda/iYlAmLeUpLZXYM/mPfNzkBPdLuoFu7Esrs JzHJ0jll2KgFplkUA0pfYFWdiVrSHVMmiqqZKfta528Oq7c9xn8q6dEYKKUm6mOCYjA9 WUrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nPAm5SNUK/ZWIY2FBL707mC8ZsqUkV7Qtjx0rUE9MQI=; b=hh901EuKFxzbzzHq4za6/GXZtrdURwdJlA/LUygbLcrVhXtBYFtt5i2suWmlNK13LJ 2xVzDfyTijWdS1zRdWwIdyqAp2emfVzK/Cinq/cCzQvVMDKQnnrD3YP0eCT9lUcfEqXs ZAY6HiOBHO1Y459YkvJSfyRV2wB0IWfaQ5eDmxviVNw6AHTCZkWVA6b+uXkGmWEExVm/ XSqx9b9V5Xb0u9Ys4nvp8a39ifavNaH7WnjUXDzY9GXczMstQHZnSHUIdPirCregbHpb gvZ2exM4H4w9MfyKSJ8OTc9cT+7BmczdZm1vV72F5AJNVtUdj5TdoYNsQVO8GWCOVK6M rHoA==
X-Gm-Message-State: AHQUAuZHNjHnqH5r1+lKO2ertOuDVlF8W+3VaDO538L153ZTfgazFUSn 1ZNkN63OyOHvBdc1tc37TjKIJ5NUKYLxOgtx5qayb89K
X-Google-Smtp-Source: AHgI3IZFMtT5OBgekFQL6Sz/VVyxlqzFEjw3bCzo2lob0k5eCRZpZOVs7oLNNwlltUobv8O7Vjr50QmtKfEkcQ7O15w=
X-Received: by 2002:a2e:9c0f:: with SMTP id s15mr220674lji.10.1550780591752; Thu, 21 Feb 2019 12:23:11 -0800 (PST)
MIME-Version: 1.0
References: <155076162945.8595.2671476533659571699.idtracker@ietfa.amsl.com> <9964642F-59A8-41E0-B892-509F0ADEF8F7@dukhovni.org>
In-Reply-To: <9964642F-59A8-41E0-B892-509F0ADEF8F7@dukhovni.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 21 Feb 2019 12:22:32 -0800
Message-ID: <CABcZeBPZWjA4Pc0yEwb7DNmE4esxwAqn=0Czc=L1G-qzb4cV6w@mail.gmail.com>
To: uta@ietf.org, uta-chairs@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org
Cc: The IESG <iesg@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004bdc1405826d3e52"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/qFFEZ970-mhZy3idENbp6hHaj5k>
Subject: Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Feb 2019 20:23:18 -0000

On Thu, Feb 21, 2019 at 10:37 AM Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> > On Feb 21, 2019, at 10:07 AM, Eric Rescorla <ekr@rtfm.com> wrote:
> >
> > To elaborate on one point a bit: it seems to me that it's harmful to
> > security to allow the sender to unilaterally override the recipient's
> > preferences that something be encrypted. To forestall one argument,
> > yes, the sender knows the contents of the message, but the recipient
> > knows their own circumstances, and they may be at particular risk
>
> A recipient has no expectation that the sending MTA supports any of
> DANE, MTA-STS, REQUIRETLS, or even STARTTLS.


Nor do Web servers have any expectation that clients support HSTS, but we
still don't allow it to be overridden by some http-no-really:// link.




> The most the recipient can do is abort the SMTP transaction at any
> pre-STARTTLS "MAIL FROM" (typically sent with the pipelined recipient
> list) when STARTTLS is not used by the sender (or MITM attacker).
>
> More harmful to security than acknowledging that either participant
> has the freedom to choose the policy that works best for them, is
> restricting their choices to the point of making the use of security
> mechanisms too burdensome to deploy.
>

The problem with this mechanism is that it is denying the recipient the
right
to choose what works for them.

-Ekr

v2.23.0 | Report a Bug | By Email