On 9/18/16 5:35 PM, Viktor Dukhovni wrote: >> On Sep 18, 2016, at 6:47 PM, Jim Fenton <[email protected]> wrote: >> >> Yes; I'm not sure why I singled out MX and CNAME because I know those >> aren't the only ways of locating the server. I would propose to change >> "confirm that any MX record or CNAME lookup used to locate the SMTP >> server" to "confirm that and DNS record lookup(s) used to locate the >> SMTP server". > No other DNS records are used by MTAs to locate the nexthop relay > for a destination domain. SRV records are used exclusively (and rarely, > given the paucity of adoption of RFC6186) by MUAs. Since it is the > MUA that signals the required TLS policy in the first place, the MUA > also determines what constitutes sufficient security for the initial > MUA -> MSA hop. It is not clear that this specification, which I think > defines the responsibilities of the MTA on the receiving end of this > policy, need also cover the responsibilities of the MSA.
Not specifying specific record types should work fine, then. The MUA does get to decide what is sufficient security for the MUA -> MSA hop, but that doesn't include whether the outgoing MTA associated with that MSA will honor and propagate REQUIRETLS requirements downstream. It's therefore important that the MSA advertise REQUIRETLS support and acknowledge its responsibilities if REQUIRETLS is specified in a message submitted to it. > > Sorry, have not yet read the draft, more comments at that time. > I still think that any such mechanism needs to be able to not only > request a greater protection for a given messages, but also to request > lesser protection, prioritizing delivery over security. On the > MUA -> MSA link, the administrator may, as a matter of local policy, > configure a policy to refuse messages that request security downgrades. > Other MTAs would not have such liberty. I don't understand this. In practice, delivery is already prioritized over security, so you can get that by just not using REQUIRETLS. By "request security downgrades" do you mean negotiate a weaker cipher suite, or (in the case of the MUA administrator) decide to ignore certificate verification, etc.? If that's what you mean, sure, but REQUIRETLS is all about making that apply to subsequent hops (past submission) as well. -Jim _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
