[Last-Call] Re: [Emailcore] Re: Re: Re: Re: SECDIR Review of draft-ietf-emailcore-rfc5321bis-31

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I think we're a little off-track here.

I have a 100lb HP printer in my office, and I think it uses IPP (I don't know, because it just works).

https://www.rfc-editor.org/info/std92

I think the WG could agree to briefly describe STARTTLS and get on with it. There are indeed lots of old things that reflect the state of SMTP at the time they were manufactured. So, roughly, no sweeping unpleasant details under the rug. But, do describe that they are unpleasant and insecure.

thanks,
Rob


On Wed, Oct 30, 2024 at 9:52 AM Ted Lemon <mellon@xxxxxxxxx> wrote:
That's really cool, and would have been useful to lead with. I've never heard of any of this. Your comments now make more sense. I was not intending to be snarky—you referred to an old printer, and I have never heard of anybody's printer doing this (I have my own printers and scanners, and they do not, for example), so I assumed this was some old idea that's no longer in use. I apologize for the misunderstanding.

That said, a scanner that emails your scanned images in plaintext without using TLS is a serious security problem and should definitely be prevented from continuing to do that. It's a benefit to the end user to prevent this, not a loss of function. I would say that this is a strong argument in favor of requiring STARTTLS, not an argument against it.


On Wed, Oct 30, 2024 at 5:36 PM John R Levine <johnl@xxxxxxxxx> wrote:
On Wed, 30 Oct 2024, Ted Lemon wrote:
> John, with all due respect (which is a lot!), there is exactly one printer
> on the internet that sends mail via SMTP, and Other John owns it. ...

Uh, what?  As I said, my printer sends status reports like "I'm jammed"
by SMTP.

In fact printers do all sorts of stuff by e-mail.  I have a new Canon
scanner/printer where I can push a few buttons an it will scan a stack of
papers and e-mail me the PDF, or it can be a fax machine and forward
incoming faxes as e-mail.  It only cost $200, it's not big or fancy.  The
old printer even had a way to pick up messages by POP and print them.  The
new printer does STARTTLS but there are plenty of old ones that still
print fine but don't.

I do not understand the point of snarky, misleading comments like this,
but I wish they would stop.

R's,
John
--
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx
-- 
last-call mailing list -- last-call@xxxxxxxx
To unsubscribe send an email to last-call-leave@xxxxxxxx

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux