On Thu, Mar 14, 2019 at 08:53:29AM -0700, Eric Rescorla wrote:
> We had a bunch more discussion on this on the IESG call. It seems like
> the primary use case for TLS-Required=no may be to exempt what's basically
> the control channel from the requirement to use TLS. So, for instance,
> I am getting persistent bounces from you and I want to notify you
> about it, so I send that notification with the TLS-Required=no flag set
> [0].
>
> Assuming that's right, then ISTM that actually this is not the ideal
> design, both because it's not clear how the flag gets set and because
> the recipient has had no chance to weigh in. What I would suggest would
> instead be to extend MTA-STS and DANE to exempt specific "control"
> addresses (e.g., Postmaster) from mandatory TLS. This seems like it
> would solve the main problem while avoiding opening the can of
> users just marking routine messages as non-sensitive.
I mean, that's an improvement, but I still don't think this is right.
You're asking me to enforce someone else's local policy for them without
exceptions (their exceptions, but not mine).
Do we have other Internet protocols that work this way?
Note that normative requirements aren't a peer's local policy. So those
aren't it. SPF and such can be disregarded. Why can't MTA-STS?
This strikes me as a huge departure from how we've done things before.
I'd like this to be very explicit if it must happen, and I think we need
a lengthier, generic discussion of this change.
BTW, RFC8461 (MTA-STS) does NOT require that the sender honor MTA-STS!
-----
In all cases where RFC8461 says what to do in the face of policy
failures, it refers to "a Sending MTA honoring MTA-STS" -- not a sending
MTA that implements MTA-STS, but one that honors MTA-STS.
I think you're over-reading the text in RFC8461.
E.g.,
| 4. Policy Validation
|
| When sending to an MX at a domain for which the sender has a valid
| and non-expired MTA-STS Policy, a Sending MTA honoring MTA-STS MUST
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^
| check whether:
|
| [...]
|
| 5. Policy Application
|
| When sending to an MX at a domain for which the sender has a valid,
| non-expired MTA-STS Policy, a Sending MTA honoring MTA-STS applies
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^
| the result of a policy validation failure in one of two ways,
| depending on the value of the policy "mode" field:
|
| [...]
How does this not allow a sending MTA to... not honor MTA-STS?
Nico
--
_______________________________________________
Uta mailing list
Uta@ietf.org
https://www.ietf.org/mailman/listinfo/uta
