►
From YouTube: IETF100-UTA-20171115-1330
Description
UTA meeting session at IETF100
2017/11/15 1330
https://datatracker.ietf.org/meeting/100/proceedings/
A
A
So
for
those
of
you
are
here
and
tend
to
tribute
to
this
working
note,
the
ITF
note
well
statement
as
it
pertains
to
IPR
rules
for
the
ITF.
I
will
note
that
we
are.
We
actually
do
have
IPR
statements
in
our
working
group,
and
so
if
this
is
sort
of
for
real
all
right,
our
agenda
today
is
reasonably
light.
A
Most
of
our
core
work
in
the
working
group,
which
got
started
some
years
ago
to
specify
best
practices
with
TLS
got
done
while
ago.
We
even
have
a
lot
on
our
core
documents.
We
are
now
in
our
sort
of
taking
care
of
email
phase
and
even
that
seems
to
be
sort
of
nearing
completion.
We'll
get
a
couple
of
status
updates
from
from
tour
draft
or
thirteen's.
Today,
I
will
note
that
the
deep
draft
is
in
in
the
ayah
steep
ISDN
process.
A
A
So
with
that
we're
gonna
have
two
presentations
today,
oh
and
before
we
get
started
with
that.
You'll
note
that
I'm
up
here
by
my
by
my
lonesome,
and
that
is
because
our
other
co-chair
decided
for
various
reasons
that
she
could
no
longer
spend
the
time
on
on
ITF
and
had
to
step
down
from
all
of
our
idea
activities
and
that's
why
or
it
is
no
longer
helping
me
chair.
This
I
think
that
our
our
esteemed
area
director
is
working
hard
to
get
me
a
co-chair
and
I
think
we'll
have
that
soon.
A
A
A
C
B
So
the
current
statues
of
the
to
draft
we
originally
everything
in
one
we
split
in
two.
We
add
on
11
right
now,
shortly
before
the
ATF,
we
only
minor
changes,
and
so
the
current
state
of
the
effort
around
the
red
zone,
that
is,
we
have
a
multiple
like
large
ISP
that
already
have
police.
Yet
so
we
have
a
Google
Comcast
Yahoo
and
one
on
one
internet
that
have
a
policy
set
for
their
use
for
their
users.
Domain
and
Microsoft
is
working
on
it.
B
So
to
go
over
SES
in
60
seconds
very
quickly,
it
depends
on
having
a
tax
record,
but
Andy.
That
indicates
an
ID
that
is
used
for
cache
invalidation,
as
well
as
an
HTTP
endpoint
that
contained
the
policy
and
the
semantics
are
required.
We
are
requiring
a
cpsel
validation.
The
model
is
similar
to
HS,
yes,
and
we
support
three
modes.
One
is
known
to
disable
the
policy,
one
reporting,
which
is
basically
just
driver
and
mod,
but
we
talk
on
photo
policy
and
finally
enforce
a
policy.
B
So
quick,
summary
of
the
work,
the
location
of
the
policy
is,
as
shown
on
screen:
I'm
TFT,
HCPs,
MTS
domain.com,
so
I
thought
well
known,
sergeant,
I,
SEO
txt.
The
policy
format
now
is
with
key
value
pair.
It
used
to
be
a
German
the
day,
generous
policy.
He
must
uniquely
identify
a
given
policy
and
it
use
that
it
with
for
cash
and
alleviation
invalidation.
So
if
the
ID
challenge
we
know,
but
we
need
to
research
a
policy.
The
MGS
must
report
eros,
1.2
or
later
SMTP
client
and
should
be
several
more
support.
B
Gls
and
I
for
both
connection
searching
policy
as
well
as
connections
to
the
servers
SMTP
server.
If
you
nice
extension
of
HGVs,
must
have
the
name
of
the
policy
host
and
at
the
sni
extension
they
seem
to
be
CMS
contain
dmx
Alstyne,
we
updated
the
operational
consideration
with
detailing
how
we
do
policy
update
like
we
have
data
should
be
policy
before
the
text
record
and
delegation
is
done
using
cname
and
finally,
how
to
do.
Policy
removal
and
finally,
we
cry
phi,
like
dos
attack
mitigation
associated
with
it.
B
B
The
reports
are
encoded
in
a
JSON
format.
We
added
generic
errors
allowing
for
kunana
validation,
failure
with
a
sum
with
uncut,
so
people
can
initiate
you
add
additional
reasons
for
various
week:
ryfi
the
repo
media
type,
the
subject
of
email
and
file
name
recommendation
and
as
well
as
the
support
required
for
crafting
the
GD
p--
compression
for
report.
Finally,
we
try
Daily
Brief
at
one
Falls.
B
So
the
crows
crows
issue
most
recently
has
been
a
week,
ryfi
302
redirect
and
cache
control
its
subject
incoming
again
and
again,
and
it's
clearly
explained
on
mainly
if
we
had
finalization
of
the
question
the
policy
to
sign
matching.
That's
his
policy
to
host
a
matching
policy
to
son
matching
is
actually
needed
by
Dane.
So
that's
why
we
settle
on
that
and
finally,
the
chair
at
one
point
to
a
requirement
or
one
point
or
later.
A
D
So
the
this
is
Jim
Fenton
in,
of
course,
I
sent
him
a
lot
of
comments
about
the
STS
draft.
When
you
just
go
back
to
the
slide
about
STS
report,
I
realized
I
had
some
comments
there
and
I
didn't
express
them.
So
there
were
were
a
couple
of
things
there,
like
the
l
equals
parameter
in
d.
Kim
I
mean
in
most
cases,
I
think
the
D
Kim
signing
is
going
to
happen
on
the
way
out
by
a
completely
separate
set
of
software.
So.
C
B
Really
actually
feedback
that
they
will
want
a
that
Li
tribute,
although
what
because
of
the
existing
attack
on
D
Kim,
where
you
own,
the
Kim
only
verify
up
to
the
line
and
the
rest
could
be
appended
afterwards,
which
will
basically
mean
that
you
cannot
really
trust
the
integrity
of
the
report.
So
by
having
the
no
L
attribute
entire
message.
Body
is
protected
and
in.
D
Mind
I
know
you
actually
think
somebody's
gonna
exploit
that,
for
we
just
want
by
the
default
to
be
safe.
I
know
it
is
it's
probably
a
safe
thing
to
do
in
an
innocent
it
may
be
operationally
challenging
for
for
some
players,
I'm,
not
sure
that
many
people
are
using
L
equals
a
tree
anyway,
but
it
may
be
its
I
think
of
it
as
a
little
bit
of
a
layering
violation
in
that
l
equals
is
in
the
D
Kim
signature
is
something
that
just
kind
of
gets
stuffed
on
and
on
the
way
out.
D
D
When
the
since
there
may
be
some
sensitive
information
in
terms
of
traffic
information,
that's
included
in
these
reports.
I
mean
one
old
example
that
I
was
given
was
that-
and
this
was
an
isp
speaking
years
and
years
ago
saying
you
know
we
have
to
be
really
careful
about
the
statistics
of
domain
a-talkin,
the
domain
B
because
it
may
all
of
a
sudden
ramp
up
in
advance
of
a
merger
or
something
like
that.
That
has
a
financial
impact.
D
So
there's
there
is
some
sensitivity
to
the
amount
of
traffic
that
flows
between
domains
and
so
I'm
wondering
if
there's
you
know,
maybe
something
you
should
either
either
point
that
out
and
tell
people
to
think
about
you
know:
do
you
really
want
to
use
email
as
a
transport
mechanism,
as
opposed
to
using
a
HTTPS
sort
of
sort
of
transport
mechanism?
And
you
know
whether
they
want
to
you
know
make
sure
that
they're
that
they're,
using
TLS
for
that
I.
B
Already,
like
failed
aggregated,
the
type
of
information
will
be
like
which
end
point
you
fail
to
connect
to.
So
if
you
had
errors,
we
you
may
have
the
specific
IP
of
the
end
point
you
can.
A
mix
makes
you
connect
it
to,
but
you
also
have
like
overall
aggregate
that
will
give
you
a
number
of
total
traffic
but
yeah.
You
potentially
like
anybody
like
someone,
your
the
risk,
would
be
someone
listening
on
the
wire
you'll
actually
be
able
to
see
all
the
traffic.
E
A
All
right
anyone
else
and
I'm
looking
at
meet
echo
and
nobody
from
mute
echo
seems
to
be
stepping
up
to
the
mic.
So
I'm
gonna
ask
alexei.
Do
you
think
we
need
a
second
working
group
close
call
for
this,
or
are
we
good
to
go
I'm
mind
leading
towards
good
to
go
because
the
changes
weren't
really
that
substance
substantive.
A
E
A
I've
sort
of
already
sent
that
message
to
the
list
saying
I
expect
to
push
the
button
on
this
on
this
version
right
and
there
there
may
be
final
knits
like
the
one
you
you
sort
of
suggested
and
we're
gonna
definitely
have
a
twelve
here,
because
you
know
there's
always
gonna
stuff.
It's
gonna
come
up
in
is
year
with
you
anyway
right.
So
you
know
most.
Certainly.
Yes,.
E
A
B
A
G
B
Report
is
meant
to
be
used
by
the
receiving
domain.
I
mean
they'll,
be
able
to
have
like
really
information
about
what's
happening.
Some
of
you
are
going
to
be
the
cooperation
or
they
save
as
a
report
that
some
some
end
point
MX
have
expired
as
a
substitute,
but
to
allow
them
to
have
immediate
action
on
it,
but
also
bring
awareness
in
case
some
of
the
traffic
is
actually
being
downgraded.
Someone
that
I'm
don't
read
traffic,
which
itself
may
act
as
a
deterrent.
Again
people
doing
it.
Okay,.
F
This
should
be
really
protected,
I'm,
pretty
sure
that
you
know,
if
you
spend
time
in
an
auntie
abuse
teaming
and
is
PE
or
telco
or
whoever
there
will
be
information
there.
That
could
be
used
for
reasons
that
we
don't
know
right.
So,
let's
make
sure
that
they
are
protected
themselves
would
be
my
recommendation
so.
A
There
is
a
difference
between
making
sure
that
they're
protecting
and
making
a
note
in
the
specification
saying,
hey,
you
might
have
a
problem
here.
You
know,
take
action
as
appropriate
and
I.
Think
Alexei
was
suggesting
the
latter
right
sort
of
having
advice
in
the
security
conservation.
Section
saying
you
know
this
sort
of
information
may
be
something
you
want
to
protect.
F
C
B
A
F
A
F
A
I
mean
if,
if,
if
you
have
basically
we're
but
an
email-based
transport,
my
understanding
is
that
if,
if
we're,
if
we're
saying
you
must
always
do
TLS
for
your
reports,
then
you
know
you,
you
may
actually
have
to
change
some
of
the
core
protocol
to
ensure
that
right,
you
have
to
say,
for
instance,
hey.
We
can
only
transport
these
reports
over
HTTPS,
maybe
that's
not
necessarily
possible
in
all
situations
right,
maybe
it's
all
right
exactly
or
say
dependency
on
require
t-that's.
It's.
E
D
Thanks
so
I'm
Jim,
Fenton
I,
don't
represent
much
of
anybody
except
myself.
So
I
wanted
to
talk
about,
require
TLS,
yet
again,
so
just
for
the
I'll
try
and
go
through
this
sort
of
fast.
For
for
those
of
you
who
may
not
have
been
at
the
the
previous
working
group
meetings
where
we
talked
about
this,
but
the
the
problem
is
that
when
you
send
an
email
message,
you
really
it's
kind
of
like
fire-and-forget.
You
really
have
no
idea
whether
or
not
the
message
is
going
to
be
handled
with
TLS
in
transit
or
not.
D
If
you
are
somebody
like
a
reporter,
that's
in
a
foreign
jurisdiction
or
perhaps
a
dissident
in
some
just
jurisdiction.
You
would
want
to
send
the
message
and
you
you
would
want
your
messages
to
be
encrypted,
at
least
in
transit,
perhaps
end-to-end
as
well,
but
of
course
end-to-end
doesn't
protect
the
metadata.
So
you
want
your
messages
to
be
encrypted
in
transit
and,
if
you're
sending
something
that's
sort
of
sensitive,
you
would
like,
ideally
like
to
be
have
a
way
to
say:
I
want
it.
I
want
you
to
send
this
message
with
TLS
or
not
at
all.
D
If
you
can't
do
with
TLS,
then
don't
do
it
and
that's
that's
basically
what
the
function
of
this
is
on
next
slide,
so
the
the
goal
is
to
allow
centers
to
to
specify
when
it's
needed
right
now,
it's
it
well,
it's
it's
fine-grained
in
the
sense
that
it
applies
to
a
particular
message.
You
don't
do
it
on
a
full
domain
basis.
D
You
do
it
for
the
messages
that
you
consider
to
be
sensitive,
or
perhaps
you
when
you
submit
messages,
you
may
decide
that
you
as
an
individual,
want
to
submit
all
of
your
messages
with
a
require
TLS.
You
can
do
that.
It
you
know,
depends
on
what
the
capabilities
of
your
endpoints
are
and
so
forth,
but
in
terms
of
the
protocol,
its
message
by
message
right
now,
it's
got
some
control
over
certificate,
verification
and
well
we'll
come
back
to
that.
D
One
of
the
things
that
typically
happens
right
now
with
email
is
even
if
you
have
TLS
negotiate
our
TLS
negotiated
there's
often
times
the
certificates
are
verified,
but
then
that
result
is
ignored
other
than
perhaps
making
it
into
the
log
files.
So
if
you
have
a
certificate,
match
failure
or
an
expired
certificate,
or
something
like
that,
the
message
will
go
anyway
and
that's
good
from
the
standpoint
of
a
passive
observer.
It's
bad
from
the
standpoint
of
a
men
in
the
middle
attack
and
and
require
TLS
is,
is
MTA
to
MTA.
Only.
D
So
the
way
that
this
is
done
is
there's
a
new
SMTP
service
extension
called
require
TLS
that
gets
negotiated.
If
that
succeeds,
then
you
can
send
a
message
using
a
required
TLS
option
on
the
mail
from
and
the
logic
is
in
in
more
detail
in
the
spec.
But
basically
the
idea
is,
if
you
can't
negotiate,
require
TLS,
meaning
that
the
recipient,
the
the
SMTP
server,
is
promising
to
on
its
onward
transmission.
Also
honor
require
TLS.
D
So
the
required
TLS
follows
the
message
and
there's
no
policy
component
to
this.
It's
it's
something.
That's
a
that
that
just
comes
along
with
the
message.
There
isn't
any
discovery,
that's
needed,
Thanks,
so
new
stuff.
It
was
a
an
individual
draft
for
for
quite
a
while,
and
since
the
last
IETF
it
has
become
a
working
group
draft,
so
hopefully
I.
You
know,
we've
had
rather
thin
review
on
it
so
far
and
I'm,
hoping
that
that
people
will
kind
of
start
to
take
it
a
little
bit
more.
D
As
a
as
an
action
to
to
do
some
review
on
this,
because
I
would
like
to
get
more,
I
would
like
to
get
broader
feedback.
I've,
gotten
good
feedback
from
a
small
number
of
people,
but
I
in
order
to
come
up
with
any
sort
of
a
consensus
and
there's
some
design.
Decisions
that
need
to
be
made
that
I'll
be
getting
into
I
would
really
like
to
try
and
get
a
broader,
broader
set
of
feedback.
D
There's
a
tool
called
swats
I
forget
what
it
stands
for.
It's
a
testing
tool
for
for
submitting
smtp
messages,
working
with
the
author
of
that
in
order
to
get
required,
TLS
support,
I'm
not
sure
if
it'll
be
in
the
standard
version
or
whether
it'll
be
a
fork
of
this.
But
the
idea
will
be
that
if
you
want
to
do
some
testing
with
this,
you
can
submit
messages
using
swats
and
we
still
not
not
new
things,
but
we
still
have
two
implementations.
D
One
is
an
exome
and
extension
exome
and
one
is
a
proprietary
smtp
server
called
em
daemon
next,
so
here
are
some
of
the
design
decisions
that
I
was
talking
about
a
minute
ago.
One
of
them,
one
of
the
comments
that
we
had
was
that
it
would
be
nice
to
have
a
a
mode
called
require.
Tls
equals
no
require.
D
Tls
was
focused
on
increasing
the
security
of
the
SMTP
transmission,
but
you
can
picture
in
a
time
when
there
are
also
policy
mechanisms
like
MTA
STS,
that
we
just
talked
about,
but
there
may
be
times
when
there's
a
message
that
you
explicitly
don't
care
whether
or
not
the
the
message
is
sent
using
require
using
start
TLS.
This
may
be
some
sort
of
a
high
priority
alert
that
isn't
at
all
confidential,
but
this
was
you
know.
This
is
considered
by
some
to
be
a
an
additional
utility
for
require
TLS.
D
So
I
have
put
that
in
the
in
the
specification.
A
couple
of
cautions
about
that
one
is
that
it's
kind
of
fragile,
if
you're,
if
you're,
basically
trying
to
deliver
you're
trying
to
express
the
lack
of
start
TLS.
You
probably
also
need
to
be
able
to
consider
the
case
where
the,
where
the
require
thiele.
You
also
have
to
accept
sending
the
message
when
required:
TLS
isn't
supported
either,
and
that
means
that
all
of
a
sudden
you're
just
going
to
lose
that
tag
on
the
first
hop
or
on
that
hop
of
the
message.
D
So,
if
there's
a
if
there's
multiple
hops,
then
this
this
require
TLS
thing
doesn't
follow.
The
message
like
it
does
in
the
positive
direction,
and
it
also
makes
the
logic
you
know
quite
a
bit
more
complicated.
You
have
to
you,
know,
negotiate
require
TLS
earlier
in
order
to
because
there
are
situations
where
you
might
want
to
accept
a
require.
Tls
equals
no
option
without
a
start:
TLS
option.
D
D
How
much
are
you
going
to
constrain
about
the
TLS
characteristics
of
the
connection
when
you're
when
you're
negotiating
it?
Do
you
want
to,
for
example,
have
an
option
where
the
you
know?
Perhaps
you
don't
trust
the
certificate
authorities,
because
you're
transmitting
from
a
regime
that
controls
its
own
CA
and
you
don't
you
want
to
say:
okay,
I
really
want
this,
only
to
be
transmitted.
D
G
D
Any
how
any
of
those
things
you
could
conceivably
do,
that
in
require
TLS
as
well
getting
to
be
a
lot
of
options,
I'm
trying
to
figure
out
where
we
should
draw
the
line
here.
Should
we
say
anything
about
this
about
the
require
about
the
start,
TLS
connection
at
all,
or
is
any
start
TLS
that
you
can
verify
using
any
kind
of
a
certificate
verification
mechanism?
Is
that
okay,
or
do
you
want
to
have?
Do
you
want
to
make
put
in
additional
options
essentially
to
try
and
make
this
more
robust
against
more
sophisticated
attacks?.
D
So
this
is
this:
is
my
last
slide.
It's
basically,
we
got
I
think
some
interesting
technical
issues
here.
Some
interesting
design
decisions
to
make
I'm
hoping
that
people
understand
the
value
of
require
TLS
and
I'm,
hoping
that
people
will
contribute
comments
about
where
they
think
we
ought
to
go
with
some
of
these
decisions.
Thank
you.
I'm.
C
Going
to
run
gondwana
awesome,
l
repeat
what
I
said
at
Prague
and
I
still
think
it's
totally
valid
require
TLS,
no,
should
be
a
header
on
the
email
message,
not
something
at
this
level.
It's
enough
different
from
everything
else
that
it
complexified
this
standard
and
aesthetics
and
still
get
lost
along
the
way
an
email
had,
it
won't
be
lost,
so
the
no
case
should
be
an
email.
Header,
yes
case
should
totally
be
something
yeah.
D
I
had
I
had
done
the
the
require
TLS.
Yes,
cases
we
not
as
a
not
as
an
email,
header,
I,
didn't
I
didn't
define
a
header
field
for
this.
Basically,
because
this
is
a
transport
characteristic
and
I
didn't
want
to.
You
know:
I
have
to
define
how
the
you
know
that
you
know
you
you.
You
went
through
looking
for
particular
email,
header
and
and
behave
differently
in
those
cases,
but
I
guess
what
you're
saying
then
is?
C
C
C
D
C
B
Okay,
google,
so
similar
actually
had
the
going
a
comment
about
header.
The
other
element
for
me
interesting.
Is
there
any
concern
we've
actually
leaking
leaking
out
what's
happening
inside
during
the
email
delivery
like
allowing
someone
to
probe
whether
our
connection
our
encrypted
by
having
the
message
being
delivered,
hop
and
then
getting
a
bounce
which
will
let
you
know
what's
happening
on
the
internally
in
the
dome
in
the
domain
receiving
messages
the.
D
Not
sure
are
quite
got
all
of
the
case
that
you
were
talking
about,
but
one
of
the
one
of
the
early
comments
that
that
I
received
was
that
require
TLS
should
only
be
negotiated
on
the
holo
that
occurs
after
start,
TLS
has
been
negotiated,
so
a
passive
attacker
would
not
be
able
to
observe
the
use
of
require
TLS.
So.
B
D
A
G
Presume,
in
that
case,
you're
referring
to
leaking
to
the
sender
that
something
after
it's
gone
into
the
internal
systems,
the
recipient
is
that
what
you're
talking
about
Oda
thought?
In
that
case
the
recipient
can
ignore
this
once
it's
inside
their
internal
network,
if
they
want
to
and
so
not
reject
its
possibility,
essentially,
yeah
I
would,
if
that's
what
the
concern
to
them.
I
would
bad
thing
to
do
my
so
Neil
Jenkins
fastball.
G
I
one
point
I
just
wanted
to
make
when
you
were
talking
about
all
the
different
options
that
considering
of
how
much
do
you
want
to
specify
of
what's
required?
I
think
would
be
good
if
it
aligned
with
what
the
MTA
SDS
can
specify
is
required
for
implantation
will
then
simply
be
looking
at
that
and
this
to
decide
is
it
it's
required
with
any
basically
using
the
same
code,
all
the
way
through
I
think
having
those
out
of
alignment.
It's
not
just
doesn't
seem
worth
it.
It'd
be
nice
in
there.
Well,.
D
D
The
way
it's
the
way
it's
shaken
out,
MTA
STS
doesn't
consider
Dane,
because
Dane
is
its
own
mechanism.
Whereas,
since
this
is
not
a
policy
mechanism,
you
would
like
to
be
able
to
express
perhaps
Dane
verification
or
5:09
certificate
chain,
verification
and,
and
that
that's
something
that
that
doesn't
apply
to
STS.
C
H
C
Doesn't
matter
because
it
will
be
converted
back
to
SMTP
with
the
contract
agreement,
as
it
leaves
the
organization
I
mean,
even
within
postfix,
for
example,
which
we
use
a
file
gets
saved
to
disk
in
them
another
process
process
than
another
process,
and
finally,
the
SMTP
sender
processes.
It
clearly
we're
not
actually
using
SMTP
between
those
stages,
so
there
will
certainly
be
intermediate
stages
that
are
processing
a
message
that
aren't
doing
a
virus.
C
D
D
Iii
expect
that
that
within
enterprises
and
within
within
a
given
email
operator,
you
know
there
will
be
exceptions
to
this,
both
both
by
cases
where
SMTP
is
not
used
and
maybe
some
cases
where
it
is
used.
But
it's
used,
you
know
inside
of
a
VPN
or
something
like
that,
and
so
there
isn't
really.
The
monitoring
concern
anyway.
I'm
really
concerned
about
the
external,
like,
inter
domain
cases
of
monitoring.
B
Mikaelsons
giving
the
case
like
there's
no
guarantee
the.
What
is
the?
What
is
the
value
for
the
sender
like
the
sender,
is
putting
like
a
requirement
if
there's
no
guarantee
that
it
would
be
fulfilled,
but
at
some
point
some
host
in
the
middle.
It
goes
with
an
enterprise
gateway.
You
start
to
remove
it
and
then
it's
going
to
be
forwarded
outside
the
domain.
Without
any
encryption
like
how
do
we
we.
D
Don't
have
any
guarantees
that
the
message
is
even
going
to
be
delivered
or
there
is
no
guarantee
that
a
given
MX
host
that
I'm
sending
a
message
to
isn't
going
to
send
a
copy
of
the
message
to
Fort
Meade,
so
yeah.
There
are
no
guarantees
in
this
business.
What
we
expect
is,
you
know,
you
know
what
will
define
what
it
takes
in
order
to
be
compliant
and.
B
Just
like
from
like
some
firm
direction,
one
way
or
the
other
are
we
asking
actually,
if
that
had
that
extension
supposed
to
mean
that
I'm
actually
I
expect
everybody
to
go
to
protect
the
message
all
the
way
to
the
yarn
or
it's
like
kind
of
birthdays
fault.
You
can
protect
it,
but
you
should
have
some
enterprise.
You
can
choose
on
your
own
to
stop
protecting
it
and
I
want
to
complain
about
it.
Well,.
D
D
F
D
We're
not
we're
not
protecting
everybody
against
everybody,
we're
protecting
the
sender's
against
people
other
than
the
operators
of
the
MTA's
in
the
path
of
course,
when
we're
using
TLS
its
top
by
hop,
and
the
message
is
in
the
clear
at
each
of
the
mta's,
and
so
there
is
that
yes,
there's
a
and
except
opportunity
there
and
we're
not
I
mean
if
you
want
to
deal
with
that,
then
you
do
and
an
encryption,
and
this
is
not
a
substitute
for
end-to-end
encryption.
This
is
a
supplement
to
it.
F
So
I
hear
that
buddy
I
really
don't
see
how
you
can
do
that.
To
be
honest,
if
you
know
our
Ligon
interception
is
done
on
and
other
things
you
do,
we
see
that
if
you
round
the
MTA
side
and
if
you're
in
locator
and
you
must
comply
because
you
have
no
other
choice,
otherwise
you
lose
your
license
in
the
country.
G
F
D
F
That's
if
you
are
correctly
organized
in
a
country
that
is
doing
it
cleanly
blah
blah
blah.
We
are
ok,
but
for
countries
that
do
not
do
clean
me,
they
we
still
impose
to
these
operators
in
the
middle
to
do
that
anyway,
and
is
nothing
that
that
prevents
you
to
do
that
you
I,
don't
see.
I
mean
there
is
a
big
fraction
between
I
understand.
You
want
to
create
some
kind
of
respectful
trust
on
the
chain
and
I
like
that.
F
I,
like
the
intention
right
me,
be
correct
on
that
I
like
the
intention,
but
the
point
is
that
you
are
on
a
side
way.
You
want
to
be
explicit,
that's
good,
but
on
the
other
side
attacking
party-
and
you
don't
know
who
they
are,
they
will
anyway
do
something
here
that
must
be
undetectable
by
nature.
Whether
this
is
legal
or
not
right,
so
you
are
going
to
put
yourself
in
the
place
where
you
would
believe
that
you
are
giving
the
services
required.
Yes
and
the
people
are
protected.
F
D
The
the
common
the
common
case
here
is
there
are
certain
regimes,
certain
countries
in
particular
that
do
downgrade
attacks
on
SMTP
connections.
If
you
try
to
negotiate
start
TLS,
it
there's
there's
a
middle
box
that
interferes
with
that
negotiation
in
such
a
way
that
start
TLS
is
not
negotiated.
So
in
this
case
require
TLS.
If
it
detects
that
it
can't
negotiate
TLS,
it
doesn't
send
the
message
and
the
and
the
sender
of
the
message
finds
that
out.
That's
that's
really
the
the
the
use
case
that
or
you.
D
F
D
Yeah,
the
and,
like
I,
said
the
the
mta's
that
you're
dealing
with
may
be
in
completely
different
regimes
from
the
ones
that
are
there,
attempting
the
attack
and
so
essentially
you're
denying
the
regimes
other
than
the
places
that
legal
intercept
is
legal
from
from
passively
or
by
by
downgrade
attack.
Monitoring
your
traffic,
okay,.
H
Daniel
con
Gilmore
from
the
ACLU,
so
I
think
this
draft
is
great
I'm
happy
to
see
this
going
forward
and
just
in
response
to
the
last
question
just
wanted
to
say,
like
not,
every
draft
can
fix
every
problem,
so
this
draft
fixes
a
set
of
problems.
I
think
it's
well
scoped
I
think
it's
reasonable,
not
everyone
is
going
to
use
it,
but
people
who
do
use
it
know
what
they're
getting
themselves
into
so
I.
Don't
think
it
needs
to
solve
all
the
other
problems.
Thank.
C
Ron
gone
what
I
was
basically
going
to
say
exactly
the
same
things
and
that
it's
your
MTA's
I
will
apply
these
protections
or
require
these
protections
and
what
I
send
on
that's.
All
this
is
saying
is
you're,
saying
I've
been
asked
to
do
this
and
I'm
gonna
make
sure
it
happens
or
reject
the
message
right.
F
A
So
I
I
want
to.
Since
we
have
time,
I
would
wouldn't
mind
spending
a
little
bit
more
time
on
the
required.
Ts
equals
no
thing,
because
I
was
looking
back
in
the
notes,
and
this
was
actually
not
discussed
lost
time.
Well,
you
made
that
point
right,
but
but
other
than
that,
I
don't
see
that
we
still
have.
We
don't
have
clear
consensus
either
way
right
any.
It
would
be
great
if
we
could
spend
the
face-to-face
time
here
and
see
if
we
get
closer
to
what
we
do
with
that.
Neil.
G
Jenkins
comment
on
that
I
find
that
one
kind
of
odd,
so
obviously
you
can
just
not
include
this-
require
t
less
for
the
SMTP
theme,
so
this
is
only
to
override
MTA
STS
and
in
impossibly
Dane
yeah,
yeah
and
I.
If
the
Mississippians
advertising
MTA
STS,
unless
there's
a
really
active
attack
happening,
though
there
really
should
be
no
situation
where
you
can't
establish
a
TLS
connection
to
them,
I,
don't
I'm
struggling
to
see
really
why
you
need
this
at
all.
A
D
A
C
What
I
would
suggest
is
yeah
put
out
completely.
It
could
be
a
completely
separate
spec
that
adds
a
header
that
says:
please
ignore
all
these
things.
It
doesn't
need
to
be
part
of
this
spec
at
all.
It
would
simplify
the
spec
a
lot
not
to
have
it,
and
if
someone
specifically
wants
it,
then
they're,
probably
the
right
person
to
drive
that
separate
specification.
I.
A
D
I
think
we
potentially
can
it's
a
fairly
straightforward.
Spec
I
mean
the
the
real
question
is
you
know,
I'm
still
still
looking
for
some
ideas
about,
and
you
know,
maybe
people
want
to
go
off
and
look
at
the
spec
and
and
and
see
what
they
think,
but
I
mean.
The
question
still
remains
of
how
specific
do
we
want
to
be
about
the
way
that
the
the
the
TLS
requests?
D
You
know
the
the
the
type
of
TLS
connection
that's
negotiated
were
you,
you
know
how
you
verified
your
two
certificates
and
and
all
of
that
sort
of
thing
realizing
that
you
know
for
implementers.
Some
of
these
things
are
going
to
be
tricky,
I
mean
we've.
We've
got
in
there,
there's
a
there's
an
option
right
now
that
you
can
say
you
know
I
require
that
the
MX
record
lookup
be
done
using
DNS.
Sec
question
is:
do
we
want
that,
because
for
an
implementer
of
an
MTA
I
think
that's
that
may
be
a
challenging
thing
for
them?
D
C
G
D
And
you
know,
I
I
could
picture
that.
There
would
be
you
know
if
later
on,
we
wanted
to
do
something
that
was
that
was
more
specific.
You
know,
Dane
versus
you
know
a
requirement
say
to
do
Dane,
specifically,
maybe
that's
a
extension
that
happens
afterwards.
I
don't
know,
I
have
to
think
about
how
that
would
work,
but.
A
Before
you
get
to
sit
down,
I
want
to
actually
take
some
people
to
go
and
do
review
of
this,
or
actually
possibly
of
the
next
version,
where
you've
simplified
stop
by
putting
out
require
tol
sequels
now
so
Daniel
can
I
can
I
put
you
on
the
spot
for
a
yeah
that
Daniel
yeah
to
actually
go
and
review
and
post
a
review
to
the
main
Elia
saying
you
know
the
usual
stuff
right
and
maybe
a
couple
of
more
people
can
I
get
some
volunteers.
Alright,
it
Wendy,
if
you're
taking.
D
A
Can
you
just
take
down
names
of
people
who
have
volunteered,
because
I'm
actually
gonna
go
go,
follow
up
on
this
and
make
sure
that
we
get
some
bigger
lost
stage
of
this
document?
We
want
to
make
sure
that
we've
gotten
enough
review
to
be
able
to
tell
the
ISD
that,
yes,
we
do
have
support
for
this.
The
working
group
has
considered
it
carefully
and
it
is
good
to
go
and
sort
of
looking
towards
alone.
Then
I
want
to
you
know
be
in
that
place
any
other
sort
of
volunteers
for
looking
at
doing
a
review.
A
Okay,
excellent!
So
can
you
state
your
name
for
if,
if
you
caught
that,
when
do
we,
we
can
help
excellent.
Thank
you
alright,
and
can
you
just
also
state
your
name
for
or
not?
Thank
you.
Alright,
that's
a
good
good
good
size,
good
number
of
reviewers
for
this
draft
and
I
think
we
can
be
comfortable
after
that.
If
we
can
get
if
it
looks
like
we
have
consensus
and.
D
A
A
E
E
Need
to
follow
our
but
I,
think
I
agree
with
Keith
and
Chris
saying
that,
basically,
we
don't
have
much
experience
with
using
this
with
email,
so
we
probably
shouldn't
try
to
design
it
in
a
hurry
so
that
basically
I
can
raise
an
issue
that
this
is
under
specified
at
the
moment
and
I.
Don't
think
we
yeah,
we
don't
have
much
experience
at
the
moment
right
so
I'm
tempted
to
approve
the
document
this
week,
possibly
and
then
it
will
go
to
our
editors
queue
and
write.
A
That
sort
of
leaves
us
again
saying
what
we've
been
saying
for
a
couple
of
meetings.
Now
that
we
are
sort
of
a
nearing
the
end
of
our
pipeline
yeah,
we
don't
have
as
far
as
the
chair
and
chairs.
No,
there
is
nobody
sort
of
lining
up
with
other
work.
There's
nobody
telling
us
they
want
to
do
you
ta
for
XMPP
or
NTP,
or
something
which
means
that
we're
about
to
say
why
don't.