IETF Logo Mail Archive

Re: [Trans] CT for opportunistic STARTTLS in SMTP

Ben Laurie <benl@google.com> Tue, 25 February 2014 17:36 UTC

Return-Path: <benl@google.com>
X-Original-To: trans@ietfa.amsl.com
Delivered-To: trans@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 586F11A0105 for <trans@ietfa.amsl.com>; Tue, 25 Feb 2014 09:36:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.573
X-Spam-Level:
X-Spam-Status: No, score=0.573 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_48=0.6, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ErDt88YJGBH7 for <trans@ietfa.amsl.com>; Tue, 25 Feb 2014 09:36:18 -0800 (PST)
Received: from mail-ve0-x231.google.com (mail-ve0-x231.google.com [IPv6:2607:f8b0:400c:c01::231]) by ietfa.amsl.com (Postfix) with ESMTP id 180B91A000F for <trans@ietf.org>; Tue, 25 Feb 2014 09:36:18 -0800 (PST)
Received: by mail-ve0-f177.google.com with SMTP id db12so804057veb.36 for <trans@ietf.org>; Tue, 25 Feb 2014 09:36:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=HHoFFha0tu587ttob+l8yaI1N2aZag5KMUlsxNQa+MY=; b=O9H4aoCotgpzq8MPMC+bnWr8MP49EB4Up2NFPQ0KgepBYa+5XdJpqmKyfB7w6nBct1 WkcFpD2v1EYzSlhmlxz509Bu2/evKTTXG6rqT71coR2fXOoAAHYqvyiTwNmbwsyHHH5C laMexTy2tp8DHDtw9C/89CZStbRFauYnvUszoqCgp+BEIu3/741Z496lqfnjd5eHzsoG rSOBokC95NcXFB2M8V7p3LpAWlrYKgr+pegfrfPfeyIL/vwug1d/xw3iXx0IOx+ANmJM +wBIg1AzXIfsNFA/grS+KkdAuNpZUvtZbzXIOAgQVt5SO70PksiQnIDbaFn6LPnnSJfS GXJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=HHoFFha0tu587ttob+l8yaI1N2aZag5KMUlsxNQa+MY=; b=UURcdK59py45qltufUkrdeiXgicbW72AIY3oEKEjkWl7Tigpo1TmVIpr+vsusuIiET t2cUWDpRB3UlK64+pAiROAdRObHZ8adRJGP4Bb/ST7/Gnxzv/ofDX6i4Ymh81OMaa5Cq 1NVBZyvNq0YULwMVdBZOpUROVcRWwJne/63d9gbUR7NnH78fzD4cAi80HL7qucYthHLh 8gp9ljzNx6AwOG5XNvXdnI2e4n971e4J31yxwS+npFhfN9tl4h/5pxTCdgGaNPxbmUdN BLn2Cn5NQlLtmhd/oZLK8hthAkKKmGeKeZDBJ0oFgCkkpG7n74uaNXwtxxedEAlIZNr+ dChQ==
X-Gm-Message-State: ALoCoQm5lcU7IcmAjyKGV2S4y/dwZx2C6IcdNsOGOCJ44aOOKMbQqM6yKGvr4keBknJ6085moByBe8OaGk0RL8hYT5o34ZYwJjzrobZOec16dsohMyjPUHolEechvqKlNBsuSpvW//XaXH5EVVBchgVWPwYTlw9cTKPM2Mzd6Ih5GvXUlStIm1NMiW4QX8tQZszfFN31hTvX
MIME-Version: 1.0
X-Received: by 10.52.171.68 with SMTP id as4mr1645992vdc.0.1393349777005; Tue, 25 Feb 2014 09:36:17 -0800 (PST)
Received: by 10.52.230.105 with HTTP; Tue, 25 Feb 2014 09:36:16 -0800 (PST)
In-Reply-To: <DEEC5007-F38F-4A20-ADA3-A612C31326C4@vpnc.org>
References: <53063600.4020102@gmail.com> <878ut0usxw.fsf@alice.fifthhorseman.net> <CAMm+LwjANZrgKXxRD-f4POdn7vz9_f1W2Mj8xTGEFVO9-3Unng@mail.gmail.com> <530BB8E3.30303@gmail.com> <530BBCE6.1070100@fifthhorseman.net> <CABrd9SQeReQ_LMFxYJhA2NBCPKCsUXiHjmaF5UgOUEvi-ZJovg@mail.gmail.com> <DEEC5007-F38F-4A20-ADA3-A612C31326C4@vpnc.org>
Date: Tue, 25 Feb 2014 17:36:16 +0000
Message-ID: <CABrd9ST9U_KK1bTGAGeUFyr8Gx7GWkau9HiPfcgyOwjnozXuFA@mail.gmail.com>
From: Ben Laurie <benl@google.com>
To: Paul Hoffman <paul.hoffman@vpnc.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/trans/E57_iBEasTx6w_qO_3pPQobw16w
Cc: "trans@ietf.org" <trans@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [Trans] CT for opportunistic STARTTLS in SMTP
X-BeenThere: trans@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Public Notary Transparency working group discussion list <trans.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/trans>, <mailto:trans-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/trans/>
List-Post: <mailto:trans@ietf.org>
List-Help: <mailto:trans-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/trans>, <mailto:trans-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Feb 2014 17:36:19 -0000

On 25 February 2014 17:01, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
> Sorry for using a valid subject line. :-)
>
> On Feb 24, 2014, at 11:28 PM, Ben Laurie <benl@google.com> wrote:
>
>> On 24 February 2014 21:43, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
>>> On 02/24/2014 04:25 PM, Melinda Shore wrote:
>>>
>>>> As for relevance, right now therightkey is the best place
>>>> for discussion of other approaches to fixing PKI, while trans
>>>> is specifically for discussion of certificate transparency.
>>>> The only thing that's in our charter at the moment is 6962bis.
>>>> That doesn't mean that other applications of CT are out-of-
>>>> scope, but that we'd need to recharter to take them on
>>>> as work items.
>>>
>>> I think you're saying you want the slot in London to focus on getting
>>> the mechanism right, and not trying to propose policy, which is
>>> completely reasonable.  I'm happy to stay focused.
>>>
>>> There's nothing in RFC 6962 (and i hope there won't be in 6962bis) that
>>> is HTTPS-specific, though; it's defined as a mechanism for logging X.509
>>> certificates for use in TLS, regardless of the application layer traffic
>>> within the TLS session.
>>>
>>> So i hope that the use of CT in SMTP+STARTTLS isn't seen as an "other
>>> application" -- it's still TLS.  If we suspect that CT is somehow valid
>>> only for X.509 certs used by HTTPS servers, we should make that more
>>> explicit in the draft (but i hope we don't!)
>>
>> I agree. One observation: CT as applied to HTTPS uses the CA signature
>> as a spam limitation mechanism.
>>
>> I believe most SMTP certs are not CA issued, so the question arises:
>> how would you propose to limit spam?
>
> At the earlier CT meeting, I think someone proposed that there could be a check that the cert was in actual use at the place it said it was.

That does not seem effective to me.

>> I am open, by the way, to running CT logs at Google with alternate
>> spam limitation mechanisms to allow this kind of usage. I think that
>> not having a spam limitation mechanism is dangerous.
>
> Spam limitation is needed for both attacks on CT to weaken it and accidental misconfiguration that could look a lot like an attack.
>
> --Paul Hoffman

v2.23.0 | Report a Bug | By Email