IETF Logo Mail Archive

Re: [Uta] "webby" STS and DANE/DNSSEC co-existence

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 28 April 2016 11:05 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66A7A12D544 for <uta@ietfa.amsl.com>; Thu, 28 Apr 2016 04:05:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.297
X-Spam-Level:
X-Spam-Status: No, score=-5.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a298BB2v84rq for <uta@ietfa.amsl.com>; Thu, 28 Apr 2016 04:05:08 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B375112D66F for <uta@ietf.org>; Thu, 28 Apr 2016 04:05:06 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 7355ABE75; Thu, 28 Apr 2016 12:05:05 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1sn0HTqUPa9x; Thu, 28 Apr 2016 12:05:03 +0100 (IST)
Received: from [10.87.49.100] (unknown [86.46.24.231]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id B6ADBBE5D; Thu, 28 Apr 2016 12:05:02 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1461841503; bh=0HZaD/KuSgPJN/e9gHlJlUEHDrVLpDw6ZDZUn8SuoPw=; h=Subject:To:References:From:Date:In-Reply-To:From; b=q0tpBwuP0EUG7i1lAsvVZWxAQdGskyryfzoV/8XD7suXUFsy8CcPTeSawaICmEhDv d1jvDqSae+oSoXmEVr3fVvleLQOEcOAD1Bgi22HW0jQNQQ6j7njx9LTLa9VOmpzsYt YmWwX/JXCyd3wNvJjbtGHj9lOEIontD2I9UnNVjM=
To: =JeffH <Jeff.Hodges@KingsMountain.com>, IETF Using TLS in Apps WG <uta@ietf.org>
References: <571FFAC8.6090706@KingsMountain.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <5721EE5D.3090507@cs.tcd.ie>
Date: Thu, 28 Apr 2016 12:05:01 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <571FFAC8.6090706@KingsMountain.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms020504040102060000040800"
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/wNhuBJK1Ir6cuJKpDuEU9MlSlSw>
Subject: Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Apr 2016 11:05:15 -0000

Hi Jeff,

On 27/04/16 00:33, =JeffH wrote:
> On 4/11/16, 1:45 PM, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:
>    >
>    > With no hats, I'd like to argue that the WG should pursue
>    > the "webby" STS proposal, ...
> 
> just to ensure this thread is pedantically clear, when you said the
> above, you were referring to..
> 
>      https://datatracker.ietf.org/doc/draft-margolis-smtp-sts
>      (which has now morphed in to two separate I-Ds)

Well not particularly those drafts but yes I was referring to the
ideas embodied therein. (But yeah, those are the drafts we have
with those ideas in:-)

> 
> ..and possibly also..
> 
>      https://tools.ietf.org/html/draft-ietf-uta-email-deep

To the extent we want deep to be consistent with the above drafts,
yes, the same discussion should be relevant.

And in case it helps, I think we do need the webby approach in
addition to the DNSSEC based approach because DNSSEC, while being
the correct solution here, doesn't yet have sufficient deployment.
I also hope that the webby approach will not further damage DNSSEC
deployment in this case - I figure DANE/DNSSEC will have enough
advantages over the webby approach that it'll continue to be used,
and hence that at least some of the biggest mail providers will
need to at least be able to verify DANE/DNSSEC stuff so the webby
thing will I hope end up as a stopgap.

Cheers,
S.

> 
> ..yes?
> 
> thx, hth,
> 
> =JeffH
> 
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>

v2.23.0 | Report a Bug | By Email