IETF Logo Mail Archive

Re: [Uta] REQUIRETLS: another SMTP TLS mechanism

Aaron Zauner <azet@azet.org> Fri, 25 March 2016 12:16 UTC

Return-Path: <azet@azet.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B876512D6D8 for <uta@ietfa.amsl.com>; Fri, 25 Mar 2016 05:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=azet.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GklRJG9fxrfE for <uta@ietfa.amsl.com>; Fri, 25 Mar 2016 05:16:03 -0700 (PDT)
Received: from mail-wm0-x22d.google.com (mail-wm0-x22d.google.com [IPv6:2a00:1450:400c:c09::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 487CB12D6BE for <uta@ietf.org>; Fri, 25 Mar 2016 05:09:25 -0700 (PDT)
Received: by mail-wm0-x22d.google.com with SMTP id p65so21068076wmp.0 for <uta@ietf.org>; Fri, 25 Mar 2016 05:09:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=mLMM7uOjk5Vdeqf4F6g87BKWDUX1IR+b6UplE2vLVZU=; b=C8mjs+/DQLwFt18nFKBR1d5kf3ABYxggfzaJd6R4eZLPlcCALWu5zYmaL5kn6i0s6N TQb+UnWuRBTYL7N11tzfTVuVJ1X+KbJHSAmHxJ5pSUISA9MWgjklpAeLnwK2M6OQyCzH TAQoLrX9C3vkZVoYfqOgAQTyR/Ffknyj6GMfg=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=mLMM7uOjk5Vdeqf4F6g87BKWDUX1IR+b6UplE2vLVZU=; b=QXS+VGmv8+Em6G2TjWc8Jehdio4KWvHdO9MaQNvnL712yLfiS+cVU/cTIET3XjCEho jNHkoa/UkWSlQGqPWOPpxE4MGc7XdQ2emjtzwIXnHRP+/A1fvatFxIjkGlLpNjpIl+KC Fg4+iZk3q2YDU9XK+NZgGM3Vp+X0VA2a3GHkMw7A22+rEAv22S0LfqvniQArCoTDknd7 nrbIIJHDyW9ZNLVpsVc6KggtHJADjF8j5gBjvcsjnGjHQmZ06yyHqLb7LO8dbEDLdd7A h+k32PTDQ5zGGO2W8otSxIt5mZHKH2MybD07NaB4gJzMBzh3/hgVvA3ItCMCnO6mMF1a /BCw==
X-Gm-Message-State: AD7BkJI17Aa74ejzDzFTv67k2FYgCo+6Yoduwx6TH88awENtonYkzs1lw6lHZO+2iWp0iw==
X-Received: by 10.28.107.9 with SMTP id g9mr39313446wmc.34.1458907763566; Fri, 25 Mar 2016 05:09:23 -0700 (PDT)
Received: from [192.168.23.127] (chello212017113090.11.11.vie.surfer.at. [212.17.113.90]) by smtp.gmail.com with ESMTPSA id u202sm2845966wmd.24.2016.03.25.05.09.21 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 25 Mar 2016 05:09:22 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_A8C9F313-4611-42B0-BB6F-458B870C36DC"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Aaron Zauner <azet@azet.org>
In-Reply-To: <56F49E9B.2090403@bluepopcorn.net>
Date: Fri, 25 Mar 2016 13:09:30 +0100
Message-Id: <79BB5D4B-A939-42F0-9F3D-3F9E59BC4668@azet.org>
References: <56F49E9B.2090403@bluepopcorn.net>
To: Jim Fenton <fenton@bluepopcorn.net>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/ymxjFbbw2gSBEIulSq3k2Vt37bU>
Cc: uta@ietf.org
Subject: Re: [Uta] REQUIRETLS: another SMTP TLS mechanism
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2016 12:16:04 -0000

> On 25 Mar 2016, at 03:12, Jim Fenton <fenton@bluepopcorn.net> wrote:
> 
> Not to distract from the STS discussion, but I thought I'd point out
> another approach to SMTP TLS 'encouragement' that I submitted a few
> weeks ago: draft-fenton-smtp-require-tls-01. There has been some
> discussion of this draft, primarily on the ietf-smtp mailing list and a
> little on the perpass list.
> 
> REQUIRETLS is an SMTP service extension that allows an SMTP client to
> specify (via a MAIL FROM option) that a given message must be sent over
> a TLS protected session with specified security characteristics. Options
> allow the specification of allowable methods of server certificate
> verification, including web-PKI and DANE. In advertising its support for
> REQUIRETLS, the SMTP server is promising to honor that requirement.
> 
> The idea here is that REQUIRETLS allows the SMTP client to override the
> default "deliver even if you can't do it securely" behavior of SMTP. The
> philosophy is that the sender of the message (SMTP client) is in the
> best position to know if a given message should only be sent via TLS,
> either based on some information it has about the sensitivity of the
> message or based on the client's local policy.
> 
> I plan on giving a short talk on REQUIRETLS (remotely) at the BA UTA
> meeting.  Questions or comments are of course welcome, either here or on
> ietf-smtp.

This sounds very similar to what DEEP is trying to achieve, can you highlight important differences?

Aaron

v2.23.0 | Report a Bug | By Email