Re: [ietf-smtp] Two recent Internet-Drafts about using TLS with email protocols
Wei Chuang <weihaw@google.com> Thu, 24 October 2013 16:53 UTC
Return-Path: <weihaw@google.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8143A11E8397 for <ietf-smtp@ietfa.amsl.com>; Thu, 24 Oct 2013 09:53:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.921
X-Spam-Level:
X-Spam-Status: No, score=-1.921 tagged_above=-999 required=5 tests=[AWL=0.056, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GvZj6FhgxmND for <ietf-smtp@ietfa.amsl.com>; Thu, 24 Oct 2013 09:53:02 -0700 (PDT)
Received: from mail-qa0-x22f.google.com (mail-qa0-x22f.google.com [IPv6:2607:f8b0:400d:c00::22f]) by ietfa.amsl.com (Postfix) with ESMTP id D727511E81B7 for <ietf-smtp@ietf.org>; Thu, 24 Oct 2013 09:51:08 -0700 (PDT)
Received: by mail-qa0-f47.google.com with SMTP id k15so5199528qaq.20 for <ietf-smtp@ietf.org>; Thu, 24 Oct 2013 09:51:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=6x73NjPRL7wtX8Q0cRPVWc5yMi7mOfyxZD4YM0Je/Wg=; b=OgrDk36itku2lNpDyFHOVKNQ28Pzzb8OYJk/dzuD8WnEgeb+0Xh1hyZjYywtn1WipF 4pbVU9Ho4zwsTRmrDMTifS83P6hEN77RncvjMHcAWKmMZC9ruGUOImuuMhBgxFkzAnKT eWL1cAu64/wLNwaV9mrH166MbA7+zDKq1G6Y7aD63gkl/+RGiSESoW8CjEy6+5Wv2sWT zvCNaa+esbUMR42T1DfaCe3c29vpYVXQA5WLC/+AAthWbQKzEQ0tW8bm/uG0CqrjZ7kJ UfERqva+89m/kA6mNrBKRv830oXlTSW29q8Kviak3nhqyb6fSP2vybKMJhduO8aAciZX d77Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=6x73NjPRL7wtX8Q0cRPVWc5yMi7mOfyxZD4YM0Je/Wg=; b=J1HBANsh8TT+RjstD6eReHVdKs6dE+CFkqmE/IS40elqSI+ctcolkvrVrN6fN741aI LjOKjExuKOu8jn0Bmh7ZY4+TOZOt5qJLfbwJeRY2K2S7GWY+pGISZhnP4bRpN9p7jACN nxDObJzK9uv6kcCrm4SQ280BxxknDfEaEoWMV+M0JydZrK8drEe5q24OmLZ5DY/fm+qT IQ3Kz7QbVGt/KlRGmLO6mujx6URPRQ5L0fLsbXvsQ534mUyq2KxCsW2PS/nfuyc2HLBM 9Hx/08egAjXnDAZAaes+XjLR7fKNi/fQOCikmwDiJ8MFN7Jw3F2YU7LwXpn6KF3g8+zH i2Mw==
X-Gm-Message-State: ALoCoQmwf+QK6hdMnFwFya2fULvoueGR6vYOf6lrToU4VHnaTRK1jZOMCYU8XpyEw8fkPOucExxGEWRDPwYnvx8b03Mp/YrxcMLJWOpF36LsXtSjB+z2RM61lRt/P7pvE/UZuqwJj42TZC6OrtVo9e/9wfgK0PrSLgCfYyGldyKn9HljFH90+U4uI/MuHIpIRvv+9aqFbGDb
X-Received: by 10.224.89.73 with SMTP id d9mr5181404qam.5.1382633468100; Thu, 24 Oct 2013 09:51:08 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.229.183.132 with HTTP; Thu, 24 Oct 2013 09:50:46 -0700 (PDT)
In-Reply-To: <52680BD1.5020807@network-heretics.com>
References: <CAAFsWK1OROeda-=Ov9pGs=TpeDcxm=d6MDKVxw4Vi6X4LxWLYw@mail.gmail.com> <52680BD1.5020807@network-heretics.com>
From: Wei Chuang <weihaw@google.com>
Date: Thu, 24 Oct 2013 09:50:46 -0700
Message-ID: <CAAFsWK1_xtkOKMvP2KDhpqdYte+WFoy6MAb2VjJAM5kvJdgg6w@mail.gmail.com>
To: Keith Moore <moore@network-heretics.com>
Content-Type: multipart/alternative; boundary="001a11c3ce54b8f93204e97f7000"
Cc: mandatory-secure-mail-delivery-external <mandatory-secure-mail-delivery-external@google.com>, ietf-smtp <ietf-smtp@ietf.org>
Subject: Re: [ietf-smtp] Two recent Internet-Drafts about using TLS with email protocols
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-smtp>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2013 16:53:03 -0000
On Wed, Oct 23, 2013 at 10:48 AM, Keith Moore <moore@network-heretics.com>wrote: > I'd like to call the list's attention to two other Internet-Drafts > regarding use of TLS with email protocols: > > 1. draft-ietf-dane-smtp-with-dane-00<http://datatracker.ietf.org/doc/draft-ietf-dane-smtp-with-dane/> > > This is (mostly) about SMTP mail relaying using Opportunistic TLS, and how > to make it work well by using TLSA records to both (a) provide a secure > indication that the SMTP server supports STARTTLS (thus thwarting MITM > downgrading attacks) and (b) provide a way to verify that the SMTP server > is the right server (given a chain of DNSSEC-signed MX/CNAME/A/AAAA etc. > records) without requiring the server to present a TLS certificate for > every possible DNS name for which that server is authorized to accept mail. > > The document seems to be fairly well written and worked out in a decent > amount of detail. It proposes Opportunistic TLS rather than an SMTP > extension or message header that would require secure delivery for the > entire path. For mail relaying I think Opportunistic TLS is a more > realizable goal. But even if people want to propose an SMTP extension to > mandate use of TLS for the remainder of the path to the recipient, I think > it would need to use the certificate verification mechanisms described in > this draft. > I just wanted to note that the draft-wchuang-msmd-00 recommends that additional CA verification be done through Certificate Transparency [RFC6962]. We didn't put a stronger requirement since some deployment details are not specified (according to one of the authors), and our understanding is that the community hasn't registered a strong preference to either DANE TLSA or Certificate Transparency (or some other scheme). Certificate Transparency doesn't directly depend on DNSSEC which is only slowly being deployed, and instead builds upon the existing X.509 CA infrastructure. It provides means for 3rd parties to observe the signing of certificate, and quickly verify if a particular CA is doing the right thing. To stir the pot up, I just want to point out this comparison of the alternatives: http://www.certificate-transparency.org/comparison > > 2. draft-moore-email-tls-00 > <http://datatracker.ietf.org/doc/draft-moore-email-tls/> > This is a document recommending use of TLS in all interactions between > MUAs and mail servers (IMAP, POP, Submission). It basically has two sets > of recommendations - one for client and server implementations, and another > for mail service providers - because there are operational as well as > implementation concerns. > > This started out to be a document recommending TLS for both MUA-MSP > interactions and for mail relaying, but it turned out that the two cases > are different enough that trying to specify both in the same document made > it too large and complex. When I discovered that > draft-ietf-dane-smtp-with-dane-00 existed and used the same approach I was > recommending, and also that the dane-smtp draft had things worked out in > more detail, I removed the portions from my draft that related to SMTP > relaying. > > > To me it seems that a comprehensive approach to encrypting email traffic > actually needs to cover three separate cases: (1) mail relaying, (2) > MUA-MSP interactions, and (3) end-to-end encryption. Cases (1) and (2) > are similar in goal - protect emails being transmitted over the network > from eavesdroppers and active attacks - but subtly different in > implementation. Case (3) protects emails from being disclosed to servers > which are operated by third parties and which might be compromised. None > of these is sufficient by itself, because (1) and (2) by themselves don't > protect the messages while they're stored on third-party servers, and (3) > doesn't protect against traffic analysis - which when dealing with mass > surveillance seems to be as important as protecting the actual contents of > the messages. > > Of these, the most difficult problem seems to be (3). Solutions for (3) > e.g. PGP and S/MIME have been around for a long time, but they haven't been > widely deployed. This seems like an area that is worth revisiting. > +1 (While I'm one of the authors of a TLS based approach, I'd also like to see more discussion/ideas of privacy protecting end-to-end approaches) -Wei > > Keith > > > _______________________________________________ > ietf-smtp mailing list > ietf-smtp@ietf.org > https://www.ietf.org/mailman/listinfo/ietf-smtp > >
- [ietf-smtp] Request for discussion of Mandatory S… Wei Chuang
- Re: [ietf-smtp] Request for discussion of Mandato… Timo Sirainen
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] Request for discussion of Mandato… Martijn Grooten
- Re: [ietf-smtp] Request for discussion of Mandato… John C Klensin
- Re: [ietf-smtp] Request for discussion of Mandato… SM
- Re: [ietf-smtp] Request for discussion of Mandato… Paul Smith
- Re: [ietf-smtp] Request for discussion of Mandato… Alessandro Vesely
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] Request for discussion of Mandato… Timo Sirainen
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] Request for discussion of Mandato… John Levine
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] Request for discussion of Mandato… MH Michael Hammer (5304)
- Re: [ietf-smtp] Request for discussion of Mandato… Martijn Grooten
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] Request for discussion of Mandato… John C Klensin
- Re: [ietf-smtp] Request for discussion of Mandato… John C Klensin
- Re: [ietf-smtp] DKIM encryption, was Request for … John Levine
- Re: [ietf-smtp] Request for discussion of Mandato… John C Klensin
- Re: [ietf-smtp] DKIM encryption, was Request for … Carl S. Gutekunst
- Re: [ietf-smtp] DKIM encryption, was Request for … John R Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … John C Klensin
- Re: [ietf-smtp] Request for discussion of Mandato… Brandon Long
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] Request for discussion of Mandato… Arnt Gulbrandsen
- Re: [ietf-smtp] DKIM encryption, was Request for … John R Levine
- Re: [ietf-smtp] Request for discussion of Mandato… John Levine
- Re: [ietf-smtp] Request for discussion of Mandato… Timo Sirainen
- Re: [ietf-smtp] DKIM encryption, was Request for … John C Klensin
- Re: [ietf-smtp] DKIM encryption, was Request for … Richard Clayton
- Re: [ietf-smtp] DKIM encryption, was Request for … John R Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … Robert A. Rosenberg
- Re: [ietf-smtp] DKIM encryption, was Request for … Russ Allbery
- Re: [ietf-smtp] DKIM encryption, was Request for … Alessandro Vesely
- Re: [ietf-smtp] Request for discussion of Mandato… Arnt Gulbrandsen
- Re: [ietf-smtp] DKIM encryption, was Request for … John Levine
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] DKIM encryption, was Request for … Martijn Grooten
- Re: [ietf-smtp] DKIM encryption, was Request for … Murray S. Kucherawy
- Re: [ietf-smtp] DKIM encryption, was Request for … Rolf E. Sonneveld
- Re: [ietf-smtp] DKIM encryption, was Request for … Steve Atkins
- Re: [ietf-smtp] DKIM encryption, was Request for … Dave Crocker
- Re: [ietf-smtp] DKIM encryption, was Request for … John Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … Martijn Grooten
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] Request for discussion of Mandato… Wei Chuang
- Re: [ietf-smtp] DKIM encryption, was Request for … Richard Clayton
- Re: [ietf-smtp] Request for discussion of Mandato… SM
- Re: [ietf-smtp] DKIM encryption, was Request for … Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for … SM
- Re: [ietf-smtp] DKIM encryption, was Request for … Rolf E. Sonneveld
- Re: [ietf-smtp] DKIM encryption, was Request for … John Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … Rolf E. Sonneveld
- Re: [ietf-smtp] DKIM encryption, was Request for … Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for … John C Klensin
- Re: [ietf-smtp] DKIM encryption, was Request for … Wei Chuang
- Re: [ietf-smtp] DKIM encryption, was Request for … John Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … Wei Chuang
- Re: [ietf-smtp] DKIM encryption, was Request for … Russ Allbery
- Re: [ietf-smtp] DKIM encryption, was Request for … Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for … Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for … John R Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for … Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for … John R Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … John R Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … John R Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for … Dave Crocker
- Re: [ietf-smtp] DKIM encryption, was Request for … John Levine
- Re: [ietf-smtp] DKIM encryption, was Request for … Ned Freed
- Re: [ietf-smtp] DKIM encryption, was Request for … Wei Chuang
- Re: [ietf-smtp] DKIM encryption, was Request for … Martijn Grooten
- Re: [ietf-smtp] DKIM encryption, was Request for … Steve Atkins
- Re: [ietf-smtp] DKIM encryption, was Request for … Martijn Grooten
- Re: [ietf-smtp] DKIM encryption, was Request for … James Cloos
- Re: [ietf-smtp] DKIM encryption, was Request for … Wei Chuang
- [ietf-smtp] Two recent Internet-Drafts about usin… Keith Moore
- Re: [ietf-smtp] Two recent Internet-Drafts about … Paul Smith
- Re: [ietf-smtp] Two recent Internet-Drafts about … Stephan Bosch
- Re: [ietf-smtp] Two recent Internet-Drafts about … Rolf E. Sonneveld
- Re: [ietf-smtp] Two recent Internet-Drafts about … Wei Chuang
- Re: [ietf-smtp] Two recent Internet-Drafts about … Keith Moore
- Re: [ietf-smtp] Two recent Internet-Drafts about … Ned Freed
- Re: [ietf-smtp] Two recent Internet-Drafts about … John Levine
- Re: [ietf-smtp] Two recent Internet-Drafts about … John Levine
- Re: [ietf-smtp] Two recent Internet-Drafts about … Wei Chuang
- Re: [ietf-smtp] Two recent Internet-Drafts about … Brandon Long
- Re: [ietf-smtp] Two recent Internet-Drafts about … Wei Chuang
- Re: [ietf-smtp] Two recent Internet-Drafts about … Wei Chuang
- Re: [ietf-smtp] Two recent Internet-Drafts about … Ned Freed
- Re: [ietf-smtp] Two recent Internet-Drafts about … Dave Crocker
- Re: [ietf-smtp] Two recent Internet-Drafts about … Paul Smith
- [ietf-smtp] Review of draft-moore-email-tls-00.txt Alexey Melnikov
- Re: [ietf-smtp] Review of draft-moore-email-tls-0… Keith Moore