ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] Two recent Internet-Drafts about using TLS with email protocols

2013-10-25 01:11:53
On 23/10/2013 18:48, Keith Moore wrote:
>
> The document seems to be fairly well written and worked out in a
> decent amount of detail.   It proposes Opportunistic TLS rather than
> an SMTP extension or message header that would require secure delivery
> for the entire path.   For mail relaying I think Opportunistic TLS is
> a more realizable goal.  But even if people want to propose an SMTP
> extension to mandate use of TLS for the remainder of the path to the
> recipient, I think it would need to use the certificate verification
> mechanisms described in this draft.

I had a thought about a low impact idea which may help wrt TLS security,
but this draft doesn't include it and I haven't seen it anywhere else
(apologies if it is there and I've missed it)

It may be a waste of time, but I'll throw it into the mix anyway ;-)

At the moment I have no idea how 'secure' a message was on its journey
to me. Would it be sensible/a good idea for MTAs/MSAs/MDAs to add the
'TLS' state into the Received trace line somehow - eg instead of

Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com
  (Postfix) with ESMTP id 737EC11E8372; Wed, 23 Oct 2013 10:48:15 -0700
  (PDT)

have

Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com
  (Postfix) with ESMTP (TLS:no) id 737EC11E8372; Wed, 23 Oct 2013 10:48:15 -0700
  (PDT)

(or some such)

Already dealt with to this level of detail; see RFC 3848's definition of
the ESMTPS and ESMTPSA protocol types, e.g.,

Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com
 (Postfix) with ESMTPS id 737EC11E8372; Wed, 23 Oct 2013 10:48:15
 -0700 (PDT)

The real question is whether or not this is sufficient. If we
want to log the ciphersuite or similar information the way to do that is
by defining additional Received: clauses, e.g.,

Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com
 (Postfix) with ESMTPS ciphersuite SSL_RSA_WITH_RC4_128_MD5 id 737EC11E8372;
 Wed, 23 Oct 2013 10:48:15 -0700 (PDT)

or something along those lines.

                                Ned
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] Current Thread [Next in Thread>