IETF Logo Mail Archive

Re: [Uta] What's the right thing to do about Port 465?

t.p. <daedulus@btconnect.com> Tue, 11 March 2014 10:55 UTC

Return-Path: <daedulus@btconnect.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ECC91A0707 for <uta@ietfa.amsl.com>; Tue, 11 Mar 2014 03:55:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Icmkr4vkyLm for <uta@ietfa.amsl.com>; Tue, 11 Mar 2014 03:55:27 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lp0083.outbound.protection.outlook.com [213.199.154.83]) by ietfa.amsl.com (Postfix) with ESMTP id EFFEF1A066D for <uta@ietf.org>; Tue, 11 Mar 2014 03:55:26 -0700 (PDT)
Received: from AMXPRD0310HT004.eurprd03.prod.outlook.com (157.56.248.133) by DB4PR07MB249.eurprd07.prod.outlook.com (10.242.231.146) with Microsoft SMTP Server (TLS) id 15.0.898.11; Tue, 11 Mar 2014 10:55:20 +0000
Message-ID: <01f201cf3d17$a4db2080$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Chris Newman <chris.newman@oracle.com>, Keith Moore <moore@network-heretics.com>, uta@ietf.org
References: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD89@USMBX1.msg.corp.akamai.com> <8691BA706C9BAB52D64A8444@96B2F16665FF96BAE59E9B90> <00cd01cf3b05$4e5fa500$eb1eef00$@huitema.net> <531D60FC.2090604@cisco.com> <531D6338.7050505@network-heretics.com> <18E382E9817F03CAC7D0DB68@[192.168.15.107]>
Date: Tue, 11 Mar 2014 10:24:22 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.248.133]
X-ClientProxiedBy: AMSPR07CA015.eurprd07.prod.outlook.com (10.242.225.173) To DB4PR07MB249.eurprd07.prod.outlook.com (10.242.231.146)
X-Forefront-PRVS: 0147E151B5
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(51704005)(13464003)(479174003)(377454003)(24454002)(52314003)(189002)(199002)(50986001)(53806001)(87266001)(87286001)(46102001)(20776003)(47776003)(63696002)(65816001)(61296002)(74662001)(93516002)(56816005)(62966002)(95666003)(47976001)(51856001)(97186001)(94316002)(14496001)(93916002)(42186004)(80022001)(97336001)(50226001)(86362001)(44736004)(49866001)(74876001)(50466002)(74706001)(74366001)(66066001)(88136002)(76482001)(47736001)(62236002)(44716002)(79102001)(31966008)(87976001)(74502001)(47446002)(76796001)(77096001)(93136001)(56776001)(80976001)(76786001)(69226001)(83322001)(15975445006)(19580395003)(19580405001)(85306002)(83072002)(77982001)(59766001)(54316002)(33646001)(81342001)(77156001)(4396001)(92726001)(95416001)(81542001)(23756003)(89996001)(92566001)(85852003)(94946001)(84392001)(90146001)(74416001)(7726001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB4PR07MB249; H:AMXPRD0310HT004.eurprd03.prod.outlook.com; FPR:BE44F18C.A7FA97C2.FDDA9DBB.96E4F261.20449; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
Received-SPF: None (: btconnect.com does not designate permitted sender hosts)
X-OriginatorOrg: btconnect.com
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/sYwDVBm7EHqbCQuzuH7kBmMgL7I
Subject: Re: [Uta] What's the right thing to do about Port 465?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Mar 2014 10:55:30 -0000

----- Original Message -----
From: "Chris Newman" <chris.newman@oracle.com>
To: "Keith Moore" <moore@network-heretics.com>; <uta@ietf.org>
Sent: Monday, March 10, 2014 7:54 PM
> --On March 10, 2014 3:01:12 -0400 Keith Moore
<moore@network-heretics.com>
> wrote:
> > On 03/10/2014 02:51 AM, Eliot Lear wrote:
> >> Routers running URD intercept all packets using port 465,
regardless
> >> of destination.
> >
> > So is the right thing to do:
> >
> > a)  Recommend port 465 anyway, but document the problem with these
> > routers?
> >
> > b)  Allocate and recommend a different port, even though that's
going to
> > increase configuration difficulties for the vast majority of legacy
> > clients? (and assuming that new clients default to the new port,
also
> > complicate configuration of those clients with legacy servers?)
> >
> > c) Allocate a different port to be the "official" port, recommend
that
> > servers support both ports when feasible (for the benefit of legacy
> > clients), and recommend that new clients use SRV lookup to discover
the
> > submissions port?
> >
> > d) something else?
>
> I don't think there's a "right thing" to do in this situation. I am
opposed
> to registering a new well-known-port for "submissions"; that will
create
> real interoperability and deployment problems for no benefit other
than
> registry purity. So I do not support options b & c. Here are three
options,
> in my order of preference, that I do not believe make things worse
than
> they are today:
>
> 1. Recommend port 465, but document the problem with these routers.
>
> 2. Recommend use of STARTTLS on port 587. This makes our Submission +
TLS
> recommendation asymmetric with our recommendation for other MUA
protocols,
> but it does not make the current deployment situation worse. STARTTLS
> remains the only option for SMTP relay, so it could be argued this
keeps
> SMTP consistent. However, STARTTLS does seem to be somewhat more
difficult
> to deploy/test/configure than implicit TLS in practice so I believe
option
> 1 will result in more use of TLS for submission than this option.
>
> 3. Do not register a new well-known-port for "submissions". Clients
wishing
> to use "submissions" service MUST use SRV record lookups as documented
RFC
> 6186. Choice of port is a matter for service providers. This will be
more
> difficult to deploy than 1, particularly because it requires SRV-ID
(or
> DANE) support and has near zero deployment today.
>
> I prefer 1, but can live with any of these three options.

In terms of getting from where we are to where we want to be, ports are
realistically the only option, for anything that affects the end user
with their PC.

All the PCs I have had to configure have allowed me to put in a port of
my choosing whereas if they were not shipped with a STARTTLS or SRV-ID
option, then it is unlikely to happen soon (or ever).  Last I saw 20% of
users accessing web sites were on Windows XP - out of currency 8th April
2014 - so anything requiring a software upgrade is likely to involve a
migration lasting a decade.

Tom Petch








>
> - Chris
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email