[{"author": "John Levine", "text": "<p>Welcome to sunny Dublin</p>", "time": "2024-11-07T17:33:11Z"}, {"author": "Lisa Dusseault", "text": "<p>good morning from California</p>", "time": "2024-11-07T17:33:34Z"}, {"author": "Pete Resnick", "text": "<p>I think that doing nothing  was the sense of the room some minutes ago.</p>", "time": "2024-11-07T17:37:51Z"}, {"author": "John Levine", "text": "<p>This is not a new problem, there are other full standards that have been obsoleted and it is for the IESG or RSE or some combination thereof.</p>", "time": "2024-11-07T17:40:03Z"}, {"author": "Pete Resnick", "text": "<p>I sent the IESG some email about the whole \"obsoleted Standard\" issue. It sounds like it is being dealt with (or at least thought about).</p>", "time": "2024-11-07T17:40:04Z"}, {"author": "Murray Kucherawy", "text": "<p>Is there any chance in H-E-double-hockey-sticks that a resolver in the future might notice an MX points to a CNAME and return an error rather than giving you the MX?</p>", "time": "2024-11-07T17:41:50Z"}, {"author": "Jim Fenton", "text": "<p>Do resolvers get into that level of detail about individual protocols? I think not.</p>", "time": "2024-11-07T17:52:19Z"}, {"author": "Murray Kucherawy", "text": "<p>I don't think they ever have, no, but nothing precludes them.</p>", "time": "2024-11-07T17:52:51Z"}, {"author": "Murray Kucherawy", "text": "<p>Just trying to make the text bulletproof.</p>", "time": "2024-11-07T17:52:57Z"}, {"author": "Alexey Melnikov", "text": "<p>Barry showed +1 to your (John Klensin's) proposal</p>", "time": "2024-11-07T17:53:23Z"}, {"author": "Steve Atkins", "text": "<p>I\u2019ve seen resolvers do some odd things, but not that. If one were to start I think it\u2019d be a bug in the resolver rather than something we need to consider.</p>", "time": "2024-11-07T17:56:52Z"}, {"author": "Murray Kucherawy", "text": "<p>Fair enough.</p>", "time": "2024-11-07T17:57:03Z"}, {"author": "Murray Kucherawy", "text": "<p>A mandatory extension isn't an extension anymore.</p>", "time": "2024-11-07T18:00:42Z"}, {"author": "Kenneth Murchison", "text": "<p>+1 to Murray about extensions</p>", "time": "2024-11-07T18:01:16Z"}, {"author": "Pete Resnick", "text": "<p>Side note not worth it for the mic: I pointed out to some people that there's a big security hole in SMTP if you don't do DNSSEC: I could do a DNS attack, insert an MX to my evil server, and get all of the mail that I want. That doesn't mean we need to say \"MUST use DNSSEC\". But we can point out such holes. (FYI: I am <em>not</em> suggesting we do so for DNSSEC. ;-) )</p>", "time": "2024-11-07T18:02:14Z"}, {"author": "Pete Resnick", "text": "<p>I think \"MUST NOT use TURN unless authenticated\" is probably correct. I can't think of any other exception case.</p>", "time": "2024-11-07T18:05:45Z"}, {"author": "Murray Kucherawy", "text": "<p>You almost need to do that for any protocol that requires name translation.  Where do we draw the line?</p>", "time": "2024-11-07T18:05:54Z"}, {"author": "Pete Resnick", "text": "<p><span class=\"user-mention\" data-user-id=\"424\">@Murray Kucherawy</span> Exactly my thought</p>", "time": "2024-11-07T18:06:23Z"}, {"author": "Pete Resnick", "text": "<p>But the same is true for TLS.</p>", "time": "2024-11-07T18:06:32Z"}, {"author": "Murray Kucherawy", "text": "<p>I'm having trouble coming up with a way to describe the semantic difference between \"SHOULD NOT unless\" and \"MUST NOT unless\" when we're talking about security rather than interoperability.</p>", "time": "2024-11-07T18:06:59Z"}, {"author": "Pete Resnick", "text": "<p>(That is, if you don't want people sniffing, every protocol needs to use TLS)</p>", "time": "2024-11-07T18:07:00Z"}, {"author": "Ricardo Signes", "text": "<p>something something rfc6919</p>", "time": "2024-11-07T18:09:54Z"}, {"author": "Pete Resnick", "text": "<p>I reduce my comment to \"whatever you want\".</p>", "time": "2024-11-07T18:10:47Z"}, {"author": "Murray Kucherawy", "text": "<p>Once again, it's worse than you think.</p>", "time": "2024-11-07T18:10:51Z"}, {"author": "Murray Kucherawy", "text": "<p>Damnit.</p>", "time": "2024-11-07T18:11:26Z"}, {"author": "Ricardo Signes", "text": "<p>\"They're marginal, they're obscure, and trying to enumerate them would be a waste of time.\" \u2014 welcome to email</p>", "time": "2024-11-07T18:11:50Z"}, {"author": "John Levine", "text": "<p>I think Paul said he uses ETRN, not TURN</p>", "time": "2024-11-07T18:12:09Z"}, {"author": "Alexey Melnikov", "text": "<p>I thought so too</p>", "time": "2024-11-07T18:12:25Z"}, {"author": "Kenneth Murchison", "text": "<p>Make TURN an extension?  Probably not practical but if its not used widely, make it opt-in</p>", "time": "2024-11-07T18:12:25Z"}, {"author": "Murray Kucherawy", "text": "<p>ETRN is already, I think?</p>", "time": "2024-11-07T18:12:39Z"}, {"author": "John Levine", "text": "<p><span class=\"user-mention\" data-user-id=\"304\">@Kenneth Murchison</span> too late, I think</p>", "time": "2024-11-07T18:12:40Z"}, {"author": "Alexey Melnikov", "text": "<p>ETRN is a separate RFC</p>", "time": "2024-11-07T18:12:54Z"}, {"author": "John Levine", "text": "<p>Yes, ETRN is an extension</p>", "time": "2024-11-07T18:12:56Z"}, {"author": "Pete Resnick", "text": "<p>I could not care less about the resolution to #111</p>", "time": "2024-11-07T18:15:40Z"}, {"author": "Kenneth Murchison", "text": "<p>Then why not deprecate and force folks to use ETRN (said while not knowing the diff between the two)</p>", "time": "2024-11-07T18:15:50Z"}, {"author": "Murray Kucherawy", "text": "<p>Isn't it deprecated?  Or at least obsolete?</p>", "time": "2024-11-07T18:16:07Z"}, {"author": "Murray Kucherawy", "text": "<p>This is fine.</p>", "time": "2024-11-07T18:17:36Z"}, {"author": "Tero Kivinen", "text": "<p>I was asked to send a text listing security protocols to list, but as discussion moved forward while I was drafting this, is there any point of sending this to mailing list still:</p>\n<hr>\n<p>There are multiple extensions that provide security services to email,<br>\nsome of which are outside the SMTP protocol itself. Non-exhaustive<br>\nlist of most important of them follows:</p>\n<p>- STARTTLS [xxx], MTA-STS [RFC8461] and DANE for SMTP [RFC7672]<br>\n    offer confidentiality services between servers.</p>\n<p>- DKIM [RFC6376], DMARC [RFC7489], ARC [RFC8617] and SPF [RFC7208]<br>\n    offer message level authentication services.</p>\n<p>- SMTP Authentication [RFC4954] offers authenticating clients<br>\n    connecting to server.</p>\n<p>- S/MIME [RFC8551] and OpenPGP [RFC4880] exist to allow for message<br>\n    confidentiality outside of the operation of SMTP.</p>", "time": "2024-11-07T18:18:19Z"}, {"author": "Murray Kucherawy", "text": "<p>104 is fine as proposed.</p>", "time": "2024-11-07T18:19:46Z"}, {"author": "Murray Kucherawy", "text": "<p>John K also thumbs-upped.</p>", "time": "2024-11-07T18:20:15Z"}, {"author": "Murray Kucherawy", "text": "<p>I'm ambivalent on this one too.</p>", "time": "2024-11-07T18:22:40Z"}, {"author": "Pete Resnick", "text": "<p>It turns out I could care less about #111, because I couldn't care less about #105.</p>", "time": "2024-11-07T18:22:48Z"}, {"author": "Murray Kucherawy", "text": "<p>Pete's official wikipedia page lists all of his issues in order of descending ambivalence.</p>", "time": "2024-11-07T18:23:36Z"}, {"author": "Murray Kucherawy", "text": "<p>There's even a dependency tree.</p>", "time": "2024-11-07T18:24:09Z"}, {"author": "Murray Kucherawy", "text": "<p>A few people won't be here tomorrow, so if we have time we should deal with more interesting stuff in the remaining time.</p>", "time": "2024-11-07T18:27:31Z"}, {"author": "Murray Kucherawy", "text": "<p>\"It's less minor than you think.\"</p>", "time": "2024-11-07T18:30:17Z"}]