IETF Logo Mail Archive

Re: [Uta] Last Call: <draft-ietf-uta-smtp-require-tls-07.txt> (SMTP Require TLS Option) to Proposed Standard

Stephan Bosch <stephan@rename-it.nl> Sun, 27 January 2019 10:32 UTC

Return-Path: <stephan@rename-it.nl>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F352B12DDA3; Sun, 27 Jan 2019 02:32:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dLXdWMw7W7my; Sun, 27 Jan 2019 02:32:23 -0800 (PST)
Received: from sogo.guto.nl (guto.nl [178.21.117.49]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB8E612D4F0; Sun, 27 Jan 2019 02:32:23 -0800 (PST)
Received: from klara.student.utwente.nl ([130.89.162.218] helo=[10.168.3.2]) by sogo.guto.nl with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.80) (envelope-from <stephan@rename-it.nl>) id 1gnhjZ-0001P9-Gj; Sun, 27 Jan 2019 11:32:17 +0100
To: Jim Fenton <fenton@bluepopcorn.net>, uta@ietf.org
Cc: draft-ietf-uta-smtp-require-tls@ietf.org
References: <154842843614.29150.7231551831323471834.idtracker@ietfa.amsl.com> <8c6ca7b1-5803-bb2d-f3bd-d0b1053c6a27@rename-it.nl> <57bdba07-f9b6-2956-7c27-c64b6666f536@bluepopcorn.net>
From: Stephan Bosch <stephan@rename-it.nl>
Message-ID: <ac3c7874-7c14-db61-ff82-5df3cd99ded2@rename-it.nl>
Date: Sun, 27 Jan 2019 11:32:13 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0
MIME-Version: 1.0
In-Reply-To: <57bdba07-f9b6-2956-7c27-c64b6666f536@bluepopcorn.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Content-Language: en-US
X-SA-Exim-Connect-IP: 130.89.162.218
X-SA-Exim-Mail-From: stephan@rename-it.nl
X-SA-Exim-Version: 4.2.1 (built Mon, 26 Dec 2011 16:24:06 +0000)
X-SA-Exim-Scanned: Yes (on sogo.guto.nl)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/yteysfeRXo19pCJsjH3FoTDFw3I>
Subject: Re: [Uta] Last Call: <draft-ietf-uta-smtp-require-tls-07.txt> (SMTP Require TLS Option) to Proposed Standard
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 27 Jan 2019 10:32:26 -0000


Op 27/01/2019 om 06:13 schreef Jim Fenton:
> Thanks for the review, Stephan.
>
> On 1/25/19 1:58 PM, Stephan Bosch wrote:
>> I just quickly reviewed this document. I notice that this extension
>> also applies to LMTP. Now, I wonder what should happen when Sieve [RFC
>> 5228] is involved there, particularly when actions like "redirect",
>> "reject", "vacation" [RFC 5230] and "notify" [RFC 5435] [RFC 5436] are
>> involved. Do the security requirements get forwarded though Sieve for
>> the outgoing SMTP messages? What happens when "notify" sends a
>> notification using a protocol other than SMTP (e.g. XMPP [RFC 5437])?
>>
>> Also, Sieve has a couple of extensions called "envelope-dsn" and
>> "redirect-dsn" [RFC 6009] that would be affected by these changes.
>> First of all, I'd assume the "RET" field will get an additional value
>> possibility. But, are there also semantic changes?
>>
>>
> The draft discusses situations where intermediaries (relays) might
> generate bounce messages and the like, but doesn't deal with what are
> effectively reply messages back to the originator of the message.
> Hopefully the originator knows that a reply might be generated by the
> recipient, by the sieve mechanisms you describe but also by things like
> the vacation autoresponder, tools built into products like Exchange, and
> for that matter, manual replies by the recipient of the message. These
> are separate messages, and I was hoping that was understood. But we
> could add a comment recommending the use of MTA-STS or DANE policies to
> try to make sure that replies are covered as well, if not.

Note that replies aren't the only thing Sieve can do. The mentioned 
"redirect" action is forwarding the same message to a different 
recipient, much like an MTA can do directly. Rules in this RFC state 
that REQUIRETLS must be forwarded to the next hop in that case, so does 
that apply to Sieve as well? The notify action creates a notification 
message based on the incoming message and sends it elsewhere, which also 
is not a reply (and can be something other than email). What happens there?

> I'm afraid I don't understand the relationship of all this with LMTP.
> Can you clarify?

There isn't much of a relationship. LMTP is where Sieve is usually 
executed (can also be used at MTA level). The fact that REQUIRETLS gets 
propagated all the way to LMTP means that such Sieve interpreters can be 
made to do something with that parameter. I'd imagine that at least the 
"redirect" action would have the same requirements as an MTA forwarding 
the message directly (without first passing through LMTP and Sieve).

All this is of course up for discussion and that is why I bring this up. 
You do discuss mailing lists, but statements about Sieve (or similar 
mail filtering for that matter) are omitted.

Regards,

Stephan.

v2.23.0 | Report a Bug | By Email