ietf
[Top] [All Lists]

Re: IETF mail server and SSLv3

2016-02-05 12:50:43
On Fri, Feb 5, 2016 at 11:13 AM, Ned Freed 
<ned(_dot_)freed(_at_)mrochek(_dot_)com> wrote:
Rather than discussing this on the IETF list, wouldn't it be rather
more productive for the discussants to get together and thrash out a
draft on how to use STARTTTLS in SMTP?

RFC3207 was published in 2002. 14 years and several revisions to TLS
later, it is probably time for a RFC3207-bis.

Since the issue at hand is the ramifications of a policy change for
IETF lists, the answer is no, it wouldn't.

It's unfortunate that such a policy choice requires a deep understanding
of how existing email software implements STARTTLS, but that's the situation
we're in.


The point of eating the dogfood is process improvement. Not to get
used to the taste. And the point is lost if we then create our own
special dogfood.

I completely disagree, but that's beside the point.

The issue at hand is whether or not to disable the use of old ciphersuites in
the IETF's use of STARTTLS in SMTP. Irrespective of the reasons we have for
doing that, John's point was and is that it can adverse effect on our ability
to reach everyone who wants to participate. 

This effect can be mitigated to some extent by your choice of SMTP client
software and how you configure it. To that end it's important to understand
what options are available and what the consequences are of their use.

It's also important to reach some measure of consensus on how much
inconvenience is too much. It's clear that Viktor and I disagree on this - I
think supporting people who for whatever reason have to contend with crappy
email software is far more important than any sort of dogfood eating exercise.

Capturing the process and the special sauce is what I am after.

That's all fine and dandy, but it isn't what this conversation is about.

And after spending several years pretty much begging the security area to take
some small notice of this particular set of issues, you can understand why I
have very little patience left for having the much more detailed conversation
you apparently want to have.

                                Ned

<Prev in Thread] Current Thread [Next in Thread>