IETF Logo Mail Archive

Re: [dane] Delivery of email if MX is not signed

Paul Wouters <paul@nohats.ca> Sun, 23 August 2015 17:47 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D788C1B29DD for <dane@ietfa.amsl.com>; Sun, 23 Aug 2015 10:47:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.189
X-Spam-Level:
X-Spam-Status: No, score=0.189 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, MIME_8BIT_HEADER=0.3, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JxJUh758uLFO for <dane@ietfa.amsl.com>; Sun, 23 Aug 2015 10:47:18 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6AB331B29DB for <dane@ietf.org>; Sun, 23 Aug 2015 10:47:18 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3mzkYc1H1zz1K2; Sun, 23 Aug 2015 19:47:16 +0200 (CEST)
Authentication-Results: mx.nohats.ca; dkim=pass (1024-bit key) header.d=nohats.ca header.i=@nohats.ca header.b=vCpd2wID
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id Gd4-m_iObwpr; Sun, 23 Aug 2015 19:47:14 +0200 (CEST)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com [206.248.139.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Sun, 23 Aug 2015 19:47:14 +0200 (CEST)
Received: from bofh.nohats.ca (bofh.nohats.ca [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id C5127800A0; Sun, 23 Aug 2015 13:47:12 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1440352032; bh=waeXlMwIghcxM90zBOgiOeLGyWuyRbuUWtlsqU99hks=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=vCpd2wIDjEtIs8X3lfuQp9s5Bux/8ZdN8X6BH+QfUmLELC1nVH6BFAz4ufH1LNFZL rKrCfp7YTBQTLlVCLtPyVFOVaVS3PRP1id9msfWG6tD8Ksl1PhWRdM7T4P9dEk8Mk6 B1Es5zEVUGfG8Gxrg3MIiuXvAFDWm+szm6dkVcPQ=
Received: from localhost (paul@localhost) by bofh.nohats.ca (8.15.2/8.15.2/Submit) with ESMTP id t7NHlCGR005435; Sun, 23 Aug 2015 13:47:12 -0400
X-Authentication-Warning: bofh.nohats.ca: paul owned process doing -bs
Date: Sun, 23 Aug 2015 13:47:12 -0400
From: Paul Wouters <paul@nohats.ca>
To: Patrik Fältström <paf@frobbit.se>
In-Reply-To: <D976ACCE-8F15-448C-A5E4-B8D1FD329A8B@frobbit.se>
Message-ID: <alpine.LFD.2.20.1508231343110.26943@bofh.nohats.ca>
References: <D976ACCE-8F15-448C-A5E4-B8D1FD329A8B@frobbit.se>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/dane/AwzhZAgy8NsiQnv5MqMgBT5qrFA>
Cc: dane@ietf.org
Subject: Re: [dane] Delivery of email if MX is not signed
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Aug 2015 17:47:20 -0000

On Sun, 23 Aug 2015, Patrik Fältström wrote:

> Also, in my example the RRSet the MX is in is _unsigned_:
>
> example.com. IN MX 0 mail.example.net.
>
> 2. Delivery of the mail over TLS to mail.example.net.

so example.com is unsigned? and mail.example.net is signed, and the TLSA
record in example.net is signed.

In that case, I believe TLS will be used but the TLSA cannot be
verified, so while delivery happens over TLS, there is no way to
verify the identity of the receiver because the MX record could have
been spoofed.

I think you are arguing that it should deliver TLS only after validation
of the TLSA record for mail.example.net. That validation is a false
sense of security though.

I don't think mail delivery will be halted. since the example.com domain
is unsigned, anonymous TLS will be used when available, and no
verification will take place.

I'm not sure what you are proposing to change?

Paul

v2.23.0 | Report a Bug | By Email