On 9/18/16 5:35 PM, Viktor Dukhovni wrote:
>> On Sep 18, 2016, at 6:47 PM, Jim Fenton <fen...@bluepopcorn.net> wrote:
>> Yes; I'm not sure why I singled out MX and CNAME because I know those
>> aren't the only ways of locating the server. I would propose to change
>> "confirm that any MX record or CNAME lookup used to locate the SMTP
>> server" to "confirm that and DNS record lookup(s) used to locate the
>> SMTP server".
> No other DNS records are used by MTAs to locate the nexthop relay
> for a destination domain. SRV records are used exclusively (and rarely,
> given the paucity of adoption of RFC6186) by MUAs. Since it is the
> MUA that signals the required TLS policy in the first place, the MUA
> also determines what constitutes sufficient security for the initial
> MUA -> MSA hop. It is not clear that this specification, which I think
> defines the responsibilities of the MTA on the receiving end of this
> policy, need also cover the responsibilities of the MSA.
Not specifying specific record types should work fine, then.
The MUA does get to decide what is sufficient security for the MUA ->
MSA hop, but that doesn't include whether the outgoing MTA associated
with that MSA will honor and propagate REQUIRETLS requirements
downstream. It's therefore important that the MSA advertise REQUIRETLS
support and acknowledge its responsibilities if REQUIRETLS is specified
in a message submitted to it.
> Sorry, have not yet read the draft, more comments at that time.
> I still think that any such mechanism needs to be able to not only
> request a greater protection for a given messages, but also to request
> lesser protection, prioritizing delivery over security. On the
> MUA -> MSA link, the administrator may, as a matter of local policy,
> configure a policy to refuse messages that request security downgrades.
> Other MTAs would not have such liberty.
I don't understand this. In practice, delivery is already prioritized
over security, so you can get that by just not using REQUIRETLS.
By "request security downgrades" do you mean negotiate a weaker cipher
suite, or (in the case of the MUA administrator) decide to ignore
certificate verification, etc.? If that's what you mean, sure, but
REQUIRETLS is all about making that apply to subsequent hops (past
submission) as well.
Uta mailing list