Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-08: (with DISCUSS and COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Fri, 02 August 2019 18:42 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3EF11207CE; Fri, 2 Aug 2019 11:42:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Dk7MgYY3VHi; Fri, 2 Aug 2019 11:42:23 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CD8112019B; Fri, 2 Aug 2019 11:42:23 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x72Ig7NN013428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 2 Aug 2019 14:42:12 -0400
Date: Fri, 02 Aug 2019 13:42:06 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Jim Fenton <fenton@bluepopcorn.net>
Cc: uta@ietf.org, uta-chairs@ietf.org, valery@smyslov.net, draft-ietf-uta-smtp-require-tls@ietf.org, The IESG <iesg@ietf.org>
Message-ID: <20190802184206.GX1006@kduck.mit.edu>
References: <156339110885.25873.1576291155471550816.idtracker@ietfa.amsl.com> <c2469336-c6ca-37e1-2a5a-12a9e3a3fec4@bluepopcorn.net> <20190731000222.GV47715@kduck.mit.edu> <58bed186-4130-7023-b124-37749e4512ef@bluepopcorn.net> <779e7753-838c-0df8-d9de-b81f737e22a9@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <779e7753-838c-0df8-d9de-b81f737e22a9@bluepopcorn.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/zXNZN2FPQEMKv2xcedszoO9D-fA>
Subject: Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-08: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Aug 2019 18:42:26 -0000
Hi Jim,
On Fri, Aug 02, 2019 at 10:17:37AM -0700, Jim Fenton wrote:
> It seems we're fairly clear on what needs to go into the revision, except...
>
> On 7/30/19 11:16 PM, Jim Fenton wrote:
> > On 7/30/19 5:02 PM, Benjamin Kaduk wrote:
> >> On Tue, Jul 30, 2019 at 04:11:36PM -0700, Jim Fenton wrote:
> >>> On 7/17/19 12:18 PM, Benjamin Kaduk via Datatracker wrote:
> >>>
> >>>> The following paragraph (unchanged from my ballot on -07) received
> >>>> only minimal
> >>>> discussion so far:
> >>>> I'm also concerned about the apparent new burden placed on senders in
> >>>> Section 4.3 to actively decide whether every outgoing message requires
> >>>> end-to-end TLS protection or is safe to forward without TLS ("when TLS
> >>>> is to be required, [...]. When TLS is not to be required, [...]"),
> >>>> where both
> >>>> "[...]" require new behavior not present in a client that does not
> >>>> implement
> >>>> this specification. To some extent this is an editorial matter of
> >>>> how the
> >>>> new mechanisms are portrayed, but I don't see much in this document
> >>>> to justify
> >>>> the stance that the default "don't care" option should be removed
> >>>> (for clients
> >>>> that implement this specification at all).
> >>>
> >>> The justification here is much the same as for MTA-STS (RFC 8461).
> >>> Paragraph 2 of the introduction of RFC 8461 presents the justification,
> >>> and paragraph 3 of the introduction to this draft says much the same
> >>> thing.
> >>>
> >>> This work was inspired by a paper, "Neither Snow Nor Rain Nor MITM
> >>> ...An
> >>> Empirical Analysis of Email Delivery Security"
> >>> http://conferences2.sigcomm.org/imc/2015/papers/p27.pdf that there
> >>> was a
> >>> presentation about at an IETF meeting a few years ago (can't find it on
> >>> datatracker currently). If you think the draft would benefit from
> >>> additional motivation, I could mention this paper and add an
> >>> informative
> >>> reference to it.
> >> This makes it sound like your stance is roughly, "we want to make TLS
> >> on by
> >> default but have to deal with deployed reality in order to get there",
> >> which would seem to have the consequence that "MTAs implementing
> >> require-TLS should default to requiring TLS and only request no-TLS in
> >> special cases". I would support such a position, and in that case
> >> would be
> >> less concerned about the apparent lack of a "don't care" option, since
> >> there is less of a decision burden when there is a clear default
> >> behavior.
> >>
> >> That would also make this very solidly an editorial matter, in which
> >> case I
> >> am happy to suggest text modifications but cannot put a blocking Discuss
> >> position in place...
> >
> >
> > I'm confused by your comment (as was Viktor). My comment above was
> > motivation for having a REQUIRETLS option. Nobody is suggesting that
> > we get rid of or otherwise change the default "don't care" --
> > REQUIRETLS is an option, and SMTP will continue to work the way it
> > currently does when REQUIRETLS is not applied to a message.
> >
> At this point I'm not clear on whether you consider the motivation for
> REQUIRETLS to be sufficient (ala RFC 8461) or whether additional
> content, such as a reference to this paper, should be added. It sounds
> like it may make the case too strongly, i.e., to imply that we might be
> trying to change the behavior of email from default-opportunistic TLS to
> something else. But if you think additional motivation is needed vs.
> what's in the current draft, I'll try to improve that.
Sorry for causing confusion.
I was never concerned about the level of motivation for REQUIRETLS as a
whole. What I was worried about was the apparent indication in the text
that all MUAs (not MTAs as I erroneously said before) that implement the
feature would have to decide, for each message, whether or not to require
TLS. Since this was just a problem of me misreading the text, and there
was in fact no intent to remove the default "don't care" option for MUAs,
there is no need to add any additional motivating text in the document.
Does that help?
Thanks,
Ben
- [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-… Benjamin Kaduk via Datatracker
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Jim Fenton
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Viktor Dukhovni
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Jim Fenton
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Viktor Dukhovni
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Viktor Dukhovni
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Jim Fenton
- Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-… Benjamin Kaduk