Re: [Uta] What's the right thing to do about Port 465?
t.p. <daedulus@btconnect.com> Tue, 11 March 2014 10:55 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0ECC91A0707 for <uta@ietfa.amsl.com>; Tue, 11 Mar 2014 03:55:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Icmkr4vkyLm for <uta@ietfa.amsl.com>; Tue, 11 Mar 2014 03:55:27 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lp0083.outbound.protection.outlook.com [213.199.154.83]) by ietfa.amsl.com (Postfix) with ESMTP id EFFEF1A066D for <uta@ietf.org>; Tue, 11 Mar 2014 03:55:26 -0700 (PDT)
Received: from AMXPRD0310HT004.eurprd03.prod.outlook.com (157.56.248.133) by DB4PR07MB249.eurprd07.prod.outlook.com (10.242.231.146) with Microsoft SMTP Server (TLS) id 15.0.898.11; Tue, 11 Mar 2014 10:55:20 +0000
Message-ID: <01f201cf3d17$a4db2080$4001a8c0@gateway.2wire.net>
From: "t.p." <daedulus@btconnect.com>
To: Chris Newman <chris.newman@oracle.com>, Keith Moore <moore@network-heretics.com>, uta@ietf.org
References: <2A0EFB9C05D0164E98F19BB0AF3708C711FB9AAD89@USMBX1.msg.corp.akamai.com> <8691BA706C9BAB52D64A8444@96B2F16665FF96BAE59E9B90> <00cd01cf3b05$4e5fa500$eb1eef00$@huitema.net> <531D60FC.2090604@cisco.com> <531D6338.7050505@network-heretics.com> <18E382E9817F03CAC7D0DB68@[192.168.15.107]>
Date: Tue, 11 Mar 2014 10:24:22 +0000
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Originating-IP: [157.56.248.133]
X-ClientProxiedBy: AMSPR07CA015.eurprd07.prod.outlook.com (10.242.225.173) To DB4PR07MB249.eurprd07.prod.outlook.com (10.242.231.146)
X-Forefront-PRVS: 0147E151B5
X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009001)(6009001)(428001)(51704005)(13464003)(479174003)(377454003)(24454002)(52314003)(189002)(199002)(50986001)(53806001)(87266001)(87286001)(46102001)(20776003)(47776003)(63696002)(65816001)(61296002)(74662001)(93516002)(56816005)(62966002)(95666003)(47976001)(51856001)(97186001)(94316002)(14496001)(93916002)(42186004)(80022001)(97336001)(50226001)(86362001)(44736004)(49866001)(74876001)(50466002)(74706001)(74366001)(66066001)(88136002)(76482001)(47736001)(62236002)(44716002)(79102001)(31966008)(87976001)(74502001)(47446002)(76796001)(77096001)(93136001)(56776001)(80976001)(76786001)(69226001)(83322001)(15975445006)(19580395003)(19580405001)(85306002)(83072002)(77982001)(59766001)(54316002)(33646001)(81342001)(77156001)(4396001)(92726001)(95416001)(81542001)(23756003)(89996001)(92566001)(85852003)(94946001)(84392001)(90146001)(74416001)(7726001); DIR:OUT; SFP:1101; SCL:1; SRVR:DB4PR07MB249; H:AMXPRD0310HT004.eurprd03.prod.outlook.com; FPR:BE44F18C.A7FA97C2.FDDA9DBB.96E4F261.20449; PTR:InfoNoRecords; MX:1; A:0; LANG:en;
Received-SPF: None (: btconnect.com does not designate permitted sender hosts)
X-OriginatorOrg: btconnect.com
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/sYwDVBm7EHqbCQuzuH7kBmMgL7I
Subject: Re: [Uta] What's the right thing to do about Port 465?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Mar 2014 10:55:30 -0000
----- Original Message ----- From: "Chris Newman" <chris.newman@oracle.com> To: "Keith Moore" <moore@network-heretics.com>; <uta@ietf.org> Sent: Monday, March 10, 2014 7:54 PM > --On March 10, 2014 3:01:12 -0400 Keith Moore <moore@network-heretics.com> > wrote: > > On 03/10/2014 02:51 AM, Eliot Lear wrote: > >> Routers running URD intercept all packets using port 465, regardless > >> of destination. > > > > So is the right thing to do: > > > > a) Recommend port 465 anyway, but document the problem with these > > routers? > > > > b) Allocate and recommend a different port, even though that's going to > > increase configuration difficulties for the vast majority of legacy > > clients? (and assuming that new clients default to the new port, also > > complicate configuration of those clients with legacy servers?) > > > > c) Allocate a different port to be the "official" port, recommend that > > servers support both ports when feasible (for the benefit of legacy > > clients), and recommend that new clients use SRV lookup to discover the > > submissions port? > > > > d) something else? > > I don't think there's a "right thing" to do in this situation. I am opposed > to registering a new well-known-port for "submissions"; that will create > real interoperability and deployment problems for no benefit other than > registry purity. So I do not support options b & c. Here are three options, > in my order of preference, that I do not believe make things worse than > they are today: > > 1. Recommend port 465, but document the problem with these routers. > > 2. Recommend use of STARTTLS on port 587. This makes our Submission + TLS > recommendation asymmetric with our recommendation for other MUA protocols, > but it does not make the current deployment situation worse. STARTTLS > remains the only option for SMTP relay, so it could be argued this keeps > SMTP consistent. However, STARTTLS does seem to be somewhat more difficult > to deploy/test/configure than implicit TLS in practice so I believe option > 1 will result in more use of TLS for submission than this option. > > 3. Do not register a new well-known-port for "submissions". Clients wishing > to use "submissions" service MUST use SRV record lookups as documented RFC > 6186. Choice of port is a matter for service providers. This will be more > difficult to deploy than 1, particularly because it requires SRV-ID (or > DANE) support and has near zero deployment today. > > I prefer 1, but can live with any of these three options. In terms of getting from where we are to where we want to be, ports are realistically the only option, for anything that affects the end user with their PC. All the PCs I have had to configure have allowed me to put in a port of my choosing whereas if they were not shipped with a STARTTLS or SRV-ID option, then it is unlikely to happen soon (or ever). Last I saw 20% of users accessing web sites were on Windows XP - out of currency 8th April 2014 - so anything requiring a software upgrade is likely to involve a migration lasting a decade. Tom Petch > > - Chris > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta
- Re: [Uta] Port 465 Eliot Lear
- [Uta] Port 465 Salz, Rich
- Re: [Uta] Port 465 Chris Newman
- Re: [Uta] Port 465 Ilari Liusvaara
- Re: [Uta] Port 465 Christian Huitema
- Re: [Uta] Port 465 t.p.
- Re: [Uta] Port 465 Eliot Lear
- [Uta] What's the right thing to do about Port 465? Keith Moore
- [Uta] What's the right thing to do about Port 465? Kurt Andersen
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] What's the right thing to do about Port… Tony Finch
- Re: [Uta] Port 465 Christian Huitema
- Re: [Uta] Port 465 Eliot Lear
- Re: [Uta] What's the right thing to do about Port… t.p.
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] Port 465 Keith Moore
- Re: [Uta] Port 465 Kurt Andersen
- Re: [Uta] Port 465 Joe St Sauver
- Re: [Uta] Port 465 Keith Moore
- Re: [Uta] Port 465 Kurt Andersen
- Re: [Uta] What's the right thing to do about Port… Chris Newman
- Re: [Uta] Port 465 Chris Newman
- Re: [Uta] What's the right thing to do about Port… Keith Moore
- Re: [Uta] What's the right thing to do about Port… t.p.
- Re: [Uta] What's the right thing to do about Port… Keith Moore