IETF Logo Mail Archive

Re: [Gen-art] [Uta] Genart last call review of draft-ietf-uta-smtp-tlsrpt-17

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 08 March 2018 23:33 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27FF01204DA; Thu, 8 Mar 2018 15:33:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HRwsfh6I2iC6; Thu, 8 Mar 2018 15:33:17 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5321201F2; Thu, 8 Mar 2018 15:33:14 -0800 (PST)
Received: from [10.200.0.109] (unknown [8.2.105.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id DFB9B7A3309; Thu, 8 Mar 2018 23:33:13 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <152054808275.11187.13276762980596133506@ietfa.amsl.com>
Date: Thu, 08 Mar 2018 18:33:12 -0500
Cc: gen-art@ietf.org, uta@ietf.org, draft-ietf-uta-smtp-tlsrpt.all@ietf.org, ietf@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0423F6BE-6CF5-4DBA-A241-56142268D067@dukhovni.org>
References: <152054808275.11187.13276762980596133506@ietfa.amsl.com>
To: Joel Halpern <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/FgMR9AbA1KwzeqhGiUHrT8rx04E>
Subject: Re: [Gen-art] [Uta] Genart last call review of draft-ietf-uta-smtp-tlsrpt-17
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 23:33:19 -0000


> On Mar 8, 2018, at 5:28 PM, Joel Halpern <jmh@joelhalpern.com> wrote:
> 
>    It is surprising in Section 3 Bullet 4 that reporting via email requires
>    that the report submitted use DKIM.  Particularly while ignoring any
>    security errors in communicating with the recipient domain.

Actually, this is not surprising.  The main security risk here is report spam,
that will drown the true signal in noise, making it impossible to notice real
validation failures or operate the service.

Therefore, the report origin domain must be authenticated via DKIM.  I'd
be tempted to go further and require a particular "selector" prefix that
is specifically chosen for "tlsrpt", so that with domains such as "gmail",
where anyone can get an email account, just being a user on the sending
system is not enough to be able to forge a DKIM authenticated report.
But that would create significant complications for the sender to make it
so, and so is probably not needed.

In summary, when sending reports the party that needs to be authenticated
is the sender domain, while the receiving domain is presumed operationally
compromised, and so should be exempt from any authentication requirements.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email