Re: [Gen-art] Genart telechat review of draft-ietf-uta-smtp-tlsrpt-18
Daniel Margolis <dmargolis@google.com> Wed, 18 April 2018 15:26 UTC
Return-Path: <dmargolis@google.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 53D2C12D88D for <gen-art@ietfa.amsl.com>; Wed, 18 Apr 2018 08:26:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mrNk1r6iBefI for <gen-art@ietfa.amsl.com>; Wed, 18 Apr 2018 08:26:05 -0700 (PDT)
Received: from mail-io0-x22d.google.com (mail-io0-x22d.google.com [IPv6:2607:f8b0:4001:c06::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 66B841275AB for <gen-art@ietf.org>; Wed, 18 Apr 2018 08:26:02 -0700 (PDT)
Received: by mail-io0-x22d.google.com with SMTP id o7-v6so1063331iob.8 for <gen-art@ietf.org>; Wed, 18 Apr 2018 08:26:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xU4TovEyL9WCcfq/NUKVvLuW5VVenUzRca9ZnJsiT3s=; b=Zt7vmhj/4nhfJeyAWpXAZQ8+Z+7/MRw2N6ePQsMhKlJ71nLn55bqUagzoy6O755/HQ SGpJDfGVeBXtBqHLVRVizPYGLGCUM36N6osVpkVqHY+iiH/XUHtJfFu7T8P9HjED1soM KFa77xZDU93vCIeKQ9FqMzwxVEwXoHkpVZ216n1rV6iCF01MVwZRdDihkScE4qEOmEhh YDmP7LKBja6/qa7CjaovJBWJykhiPEnq0bT/RkOGm37D5aK+KfHJ6XS9MjDF0qr0bGPa WD1ZGlcb4Dbw18wZvTDlq+ZVrJEB8dznXmadki+9XRtxbTy7cvXUDTau2oV3yubHw6eq k8Kw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xU4TovEyL9WCcfq/NUKVvLuW5VVenUzRca9ZnJsiT3s=; b=bQyXuU2FJNOZvrQEu2wmn3zHowgPz3RnKKTmSAW41/+Rbw52Qlpc3mw4Q3w5qm4baz aTV9dYxeaV76ue+DQ3BqwBD5dF0QgczYfcCBDWRWqqqSs8rFHfnIkQy87Gx+s6M2TtFt 5/0+X5fLY3UVOnAAdnig+tKq9RSyK+dREDcoaMF5+jCeDLRcjqxWx7MZQH69FNcZlY6H zyttJTy3WbARMroOmPq5jGi2oBFOb6yq0NHpygdWXJ3/sm5lTWb4v/2KzM1QynV38ZXD OTeCnoc2i6ehPkUu4O9M/KqWL1j39L/nk6+3nrRL2JuYG835q83oUdn1w7a12gDdj/3T Y2IA==
X-Gm-Message-State: ALQs6tDRC9k/DI4sCau0JknBtN+gR8rVPtgmdG7DvUDm6uVYN1skeJ+1 rommzfPyQL718juZmv7xUUBcOXgjYsj5l6xic2dTIw==
X-Google-Smtp-Source: AB8JxZoeZp9Be44GKnJxnLBtWxFIK1V2wNM054QMfGwxoU+lI/eC7tIQ/iuHhlp5bcnoEAoMoVpMDAqSj5K6gIJLBtA=
X-Received: by 2002:a6b:9b15:: with SMTP id d21-v6mr2599700ioe.243.1524065161240; Wed, 18 Apr 2018 08:26:01 -0700 (PDT)
MIME-Version: 1.0
References: <152293620742.25921.15349241552991574638@ietfa.amsl.com>
In-Reply-To: <152293620742.25921.15349241552991574638@ietfa.amsl.com>
From: Daniel Margolis <dmargolis@google.com>
Date: Wed, 18 Apr 2018 15:25:48 +0000
Message-ID: <CANtKdUebuDtkCRBn4s62rmmy7SewBYCab26MjHBHH5pVBPdBKQ@mail.gmail.com>
To: jmh@joelhalpern.com
Cc: gen-art@ietf.org, uta@ietf.org, draft-ietf-uta-smtp-tlsrpt.all@ietf.org, ietf@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="00000000000098159f056a2112ea"
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/VbAe9ZiSPgtDQMtCsdgHR2EM1QY>
Subject: Re: [Gen-art] Genart telechat review of draft-ietf-uta-smtp-tlsrpt-18
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Apr 2018 15:26:11 -0000
On Thu, Apr 5, 2018 at 3:50 PM Joel Halpern <jmh@joelhalpern.com> wrote: > Reviewer: Joel Halpern > Review result: Ready > > I am the assigned Gen-ART reviewer for this draft. The General Area > Review Team (Gen-ART) reviews all IETF documents being processed > by the IESG for the IETF Chair. Please wait for direction from your > document shepherd or AD before posting a new version of the draft. > > For more information, please see the FAQ at > > <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. > > Document: draft-ietf-uta-smtp-tlsrpt-18 > Reviewer: Joel Halpern > Review Date: 2018-04-05 > IETF LC End Date: 2018-04-02 > IESG Telechat date: 2018-04-19 > > Summary: This document is ready for publication as a Proposed Standard RFC > My thanks to the authors for addressing my major concerns and most of > my > minor concerns. > > Major issues: > > Minor issues: > There are several areas where the document would be helped by better > explanations. From my previous review: > > Section 3, bullet 3, says that submitters using POST can ignore > certificate > validation errors when using https. That seems to undermine the usage > of > https. As such, I would expect to at least see some explanation of > when > and why ignoring such errors is appropriate. > > This is sort of obliquely (but not explicitly) addressed in Security Considerations in the context of "report snooping." I would suggest (and am happy to add, if the other authors are OK with it) text to the effect that report snooping can be conducted via a bogus TLSRPT record but also by injecting a bogus response for resolving the reporting URI or otherwise MITM'ing the report. Because an attacker capable of these attacks can likely, similarly, inject themselves directly into the SMTP exchange (by injecting a bogus MX record or otherwise MITM'ing that exchange themselves), we don't believe this substantially increases attack surface. Exceptions are when the report URI points to a host in a different zone than the MX host or in some other matter is MITM'able in a way that the MX host itself is not. Hence, in the common case, MITM'ing the *report* should present no significant additional attack surface from MITM'ing the *MX*, and thus requiring certificate validation (which may interfere with the delivery of reports) would be counterproductive (though we leave it up to reporters to determine if they wish to enforce validation). Does that make sense? > It is surprising in Section 3 Bullet 4 that reporting via email > requires > that the report submitted use DKIM. Particularly while ignoring any > security errors in communicating with the recipient domain. > > In the formal definition of the txt record, shouldn't the URI format > also > indicate that semicolon needs to be encoded? > > Section 5.1 defines a report filename. This is probably a naive > question, > but what is that for? If using HTTPS, the earlier text says that the > POST > operation goes to the target URI from the txt record. When using > email, > there is no apparent need for a filename. > > Most of the security risks described in the Security section (7) do not > seem to have any mitigation. Should there not be some explanation why > deployment is acceptable with these risks? > > Nits/editorial comments: > > >
- [Gen-art] Genart telechat review of draft-ietf-ut… Joel Halpern
- Re: [Gen-art] Genart telechat review of draft-iet… Daniel Margolis
- Re: [Gen-art] Genart telechat review of draft-iet… Alissa Cooper