Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

> On Feb 28, 2019, at 9:11 PM, Benjamin Kaduk wrote: > >> The primary motivation for "Require TLS = no" is to allow the user >> to *resend" a message that is not getting through, or to reach the >> destination domain's postmaster because of downstream (receiving >> system misconfiguration), to

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On Thu, Feb 28, 2019 at 11:42:08AM -0500, Viktor Dukhovni wrote: > > > > On Feb 28, 2019, at 11:01 AM, Barry Leiba wrote: > > > > I have to agree with EKR about it not completely being the sender's > > decision, though for a rather different reason. I really doubt that > > in the vast

Re: [Uta] Secdir last call review of draft-ietf-uta-smtp-require-tls-07

On 2/22/19 10:43 AM, Yaron Sheffer wrote: > Reviewer: Yaron Sheffer > Review result: Has Nits > > [Apologies for the late review.] [And for the late response.] > > * Intro: To avoid confusion, please mention the header parameter "No" to > clarify why the header is named RequireTLS when its

Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

> On Feb 28, 2019, at 5:49 PM, Jim Fenton wrote: > >> I'm complaining more about the transition from (3) to (4) than either one >> per se. If I open a connection and then establish a (new?) TLS-protected >> session, that seems to mostly be STARTTLS. But if I use implicit TLS, why >> do I need

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On Thu, Feb 28, 2019 at 01:35:53PM -0500, Viktor Dukhovni wrote: > We should keep in mind that email is often the medium used to > communicate about operational failures. And that not infrequently, > insecure email is the medium through which more essential security > is brought back into

Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On 2/28/19 4:08 PM, Viktor Dukhovni wrote: >> On Feb 27, 2019, at 5:00 PM, Spencer Dawkins at IETF >> wrote: >> >> Not my ballot thread, but "TLS Required: no" is a LOT clearer to me. I'm not >> the target audience, but the original order screws me up every time I see it >> in a ballot e-mail.

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On 2/28/19 8:28 AM, John Levine wrote: > In article > you > write: >> system requiring TLS for that message. My experience with working in >> organizations that use such markings is that they overuse them: the >> sending human doesn't actually determine the sensitivity; rather, the >> sending

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On Thu, Feb 28, 2019 at 09:42:31AM -0800, Eric Rescorla wrote: > > The preferences we're talking about here (MTA-STS and DANE) are basically > > advertisements saying, "if you send mail to this domain, you should expect > > to use TLS when doing so." > > and "if you recognize this indicator, you

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On 2/28/19 9:42 AM, Eric Rescorla wrote: > > > On Thu, Feb 28, 2019 at 9:33 AM Jim Fenton > wrote: > > On 2/27/19 2:10 PM, Eric Rescorla wrote: >> >> >> On Tue, Feb 26, 2019 at 3:37 PM Jim Fenton >> mailto:fen...@bluepopcorn.net>> wrote: >> >> On

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On 2/28/19 8:01 AM, Barry Leiba wrote: To elaborate on one point a bit: it seems to me that it's harmful to security to allow the sender to unilaterally override the recipient's preferences that something be encrypted. To forestall one argument, yes, the sender knows the

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On Thu, Feb 28, 2019 at 9:33 AM Jim Fenton wrote: > On 2/27/19 2:10 PM, Eric Rescorla wrote: > > > > On Tue, Feb 26, 2019 at 3:37 PM Jim Fenton wrote: > >> On 2/21/19 7:07 AM, Eric Rescorla wrote: >> > -- >> > DISCUSS: >> >

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On 2/27/19 2:10 PM, Eric Rescorla wrote: > > > On Tue, Feb 26, 2019 at 3:37 PM Jim Fenton > wrote: > > On 2/21/19 7:07 AM, Eric Rescorla wrote: > > > -- > > DISCUSS: > > >

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

> On Feb 28, 2019, at 11:01 AM, Barry Leiba wrote: > > I have to agree with EKR about it not completely being the sender's > decision, though for a rather different reason. I really doubt that > in the vast majority of cases any human user will actively choose or > not choose this option on

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

In article you write: >system requiring TLS for that message. My experience with working in >organizations that use such markings is that they overuse them: the >sending human doesn't actually determine the sensitivity; rather, the >sending human becomes used to putting "Top Secret" on nearly

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

> My idea of an ideal end-state for hop-by-hop security for e-mail is > that: > > a) *senders* should be able to specify in the envelope that they want >secure, encrypted, authenticated delivery of email at every hop, > > b) senders should get bounces when that cannot happen, > > c)

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

>> > To elaborate on one point a bit: it seems to me that it's harmful to >> > security to allow the sender to unilaterally override the recipient's >> > preferences that something be encrypted. To forestall one argument, >> > yes, the sender knows the contents of the message, but the recipient >>

Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

On 27/02/2019 20:27, Viktor Dukhovni wrote: > There is no implicit TLS for MTA-to-MTA relay, and none in the > foreseeable future, so this issue is moot. I'm hoping for tcpcrypt. Agreed the future is still foggy though. -- Cheers, Jeremy ___ Uta