IETF Logo Mail Archive

[Uta] SMTP Over TLS on Port 26 - Implicit TLS Proposal

Viruthagiri Thirumavalavan <giri@dombox.org> Sat, 05 January 2019 15:50 UTC

Return-Path: <giri@dombox.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A242130DD0 for <uta@ietfa.amsl.com>; Sat, 5 Jan 2019 07:50:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=dombox.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VQaGpqqXdynA for <uta@ietfa.amsl.com>; Sat, 5 Jan 2019 07:50:48 -0800 (PST)
Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 96AC3130DC4 for <uta@ietf.org>; Sat, 5 Jan 2019 07:50:48 -0800 (PST)
Received: by mail-yb1-xb2a.google.com with SMTP id j10so12841939ybj.8 for <uta@ietf.org>; Sat, 05 Jan 2019 07:50:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dombox.org; s=default; h=mime-version:from:date:message-id:subject:to; bh=zzoPz+AUuryCOxJw0mlnAtOCp2I7oT6E6fvS7UKXpJU=; b=UN+LIDGaublaZOaKjAb83H37jbS8byhYH1BcDnxsvCRpAN00sHwAQW0xf5q5ufIzIK T6DrlfV2AVS4xz6FYW9yWshG47c88pZGl09rwgj5S3FeJVbS4qLR/LJjKUXORGnvlLkf cOf1D62+ws6enmKptDDlxeOzzJjemjaS3MaImD7HQnR8ylLqZgFBrAzsdXSHz1zUkPHZ v4bl16cavYw7Y4FyzcuzYW7QEGCnlOD2jNoDh06NXGyVVPjnbYI0rQhtRdUxYe29qUbQ AWwRFeJX/CXUY2sJ42tgZBvWZ+Ow6dJvDlbrwP6yFfn7HReTaSCV1n3mqlR3ASdCez97 Hauw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=zzoPz+AUuryCOxJw0mlnAtOCp2I7oT6E6fvS7UKXpJU=; b=hRX6B9eq4MuePt1A+zHqMGFTh7/FwshA8E0vmKFvlS4OK9QcR/pP5mxOiQDnPl1mgb OYhJGKNDg3l4ee0Hhy1f3w2ZWfFB2JRvRLSQ23wU2yZBUJT07qm56oCGKNRfbkmLdeDu jE7xvJRdESQhU5Q21UEHNUAzHabBP9LJ+RiIMAW9SOL/Z4IjAPoEXZOyLFg81Bx1pWHf QQaNnMqAxd9lHWwJQTxUpLSjDpjq4A2fW6QN8Sc2HESWP4/7+EtBAxzRiQicdpHIzNoz ebYkcCRTMj5CXPV82M0Rbf6K0kvlfgarDVLfgHZvlDyeUxibo0oas/TPbOnombcqZqqI clnw==
X-Gm-Message-State: AA+aEWaRRlaiLu3oiByuSiT6tvhc6JLzDsw/mGwEVNcWNbbHFlQxcVjk SyBOCjhdGCmRmtj6EYsN2+a4tJ3LzZ8yez5QGo/BKdziL88=
X-Google-Smtp-Source: ALg8bN5Nj5haURtVx6ynCYFJMr8BZyFoNn5zftij8jTJzHBEIOKyiwYCoeQrRo9uzQx5Eeh+cOmvsSHd1mW/K5a7y94=
X-Received: by 2002:a25:e705:: with SMTP id e5mr54449457ybh.298.1546703447456; Sat, 05 Jan 2019 07:50:47 -0800 (PST)
MIME-Version: 1.0
From: Viruthagiri Thirumavalavan <giri@dombox.org>
Date: Sat, 05 Jan 2019 21:20:36 +0530
Message-ID: <CAOEezJSQ=ddW4vs+K0Dj7DmG3Pz1K2sHLSmHSFJJNf1xk868iA@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008f165e057eb7f541"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/xaKzj_a2mtJZJft9_bi6QdLWQME>
Subject: [Uta] SMTP Over TLS on Port 26 - Implicit TLS Proposal
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jan 2019 15:50:51 -0000

Hello UTA WG,

I have a proposal for SMTPS (Implicit TLS), port 25 secure alternative on a
new dedicated port 26.

Both MTA-STS and MTA-DANE tries to fix the STARTTLS downgrade issue.
However the implementation is not simple. The former requires a HTTPS
server and the latter requires DNSSEC.

I'm proposing a very simple solution. It's actually dead simple. So i'm not
really sure whether it was proposed before and got rejected for some
reasons or you guys really missed that one.

I'm hoping it was the latter. But If it was already proposed and rejected,
then forgive my ignorance.

The content is prepared for a blog post. You guys don't have to go through
everything. Read abstract and then skip to the proposal section.

https://gist.github.com/mistergiri/a4c9a5f1c26fd7003ebc0652af95d314

Let me know if it is worth the effort. If it is, then I'm happy to create a
draft for IETF proposal.

Thanks
-- 
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.

v2.23.0 | Report a Bug | By Email