[Uta] draft-ietf-uta-mta-sts-04 Review
<Gerard.DRAPER-GIL@ec.europa.eu> Thu, 06 April 2017 09:08 UTC
Return-Path: <Gerard.DRAPER-GIL@ec.europa.eu>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A2A31243F6 for <uta@ietfa.amsl.com>; Thu, 6 Apr 2017 02:08:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.998
X-Spam-Level:
X-Spam-Status: No, score=-6.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-2.796, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wgO23Lih2jvE for <uta@ietfa.amsl.com>; Thu, 6 Apr 2017 02:08:54 -0700 (PDT)
Received: from out.mail.ec.europa.eu (out.mail.ec.europa.eu [147.67.249.5]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 840361200FC for <uta@ietf.org>; Thu, 6 Apr 2017 02:08:53 -0700 (PDT)
Received: from S-DC-EMP019-I.net1.cec.eu.int (158.166.6.137) by S-DC-EDG009-Q.rcnet.cec.eu.int (147.67.249.5) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 6 Apr 2017 11:08:42 +0200
Received: from S-DC-EMP009-B.net1.cec.eu.int (158.167.2.19) by S-DC-EMP019-I.net1.cec.eu.int (158.166.6.137) with Microsoft SMTP Server (TLS) id 14.3.301.0; Thu, 6 Apr 2017 11:08:49 +0200
Received: from S-DC-ESTE03-B.net1.cec.eu.int ([169.254.2.152]) by S-DC-EMP009-B.net1.cec.eu.int ([158.167.2.19]) with mapi id 14.03.0301.000; Thu, 6 Apr 2017 11:08:50 +0200
From: Gerard.DRAPER-GIL@ec.europa.eu
To: uta@ietf.org
Thread-Topic: draft-ietf-uta-mta-sts-04 Review
Thread-Index: AdKutGbXiPZGQt7NR9iZoIOalBzYkA==
Date: Thu, 06 Apr 2017 09:08:49 +0000
Message-ID: <2DB01F3A9898AE41BB3266315D9FDA2704903D88@S-DC-ESTE03-B.net1.cec.eu.int>
Accept-Language: en-GB, fr-LU, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [158.167.189.38]
Content-Type: multipart/alternative; boundary="_000_2DB01F3A9898AE41BB3266315D9FDA2704903D88SDCESTE03Bnet1c_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/2qY2Q3L0a6TuiB9-9hS0rxtRCZk>
Subject: [Uta] draft-ietf-uta-mta-sts-04 Review
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Apr 2017 09:08:57 -0000
Some minor comments and a question on policy updates. _ Section 3.2 MTA-STS Policies, when describing the "mx" parameter, it says: "For example, "["mail.example.com", ".example.net"]" indicates that mail for this domain might be handled by any MX with a certificate valid for a host at "example.com" or "example.net"..." Should't it say: " valid for a host at 'mail.example.com'"? _ Section 3.3 HTTPS Policy Fetching "When fetching a new policy or updating a policy, the HTTPS endpoint MUST present a X.509 certificate which is valid for the "mta-sts" host (as described in [RFC6125]), chain to a root CA that is trusted by the sending MTA, and be non-expired." Maybe it's redundant, but since it explicitly mention non-expired, should it also mention not revocated? "If a valid TXT record is found but no policy can be fetched via HTTPS, and there is no valid (non-expired) previously-cached policy, senders MUST treat the recipient domain as one that has not implemented MTA-STS." I think that a better option would be to report the recipient and continue with opportunistic TLS. _ Section 4 Policy Validation: "2. That at least one of the policy's "mx" patterns matches at least one of the identities presented in the MX's X.509 certificate, as descriped in "MX Certificate Validation"." The last line should say "described in ..." _ Section 4.1 MX Certificate Validation: (Same than in section 3.3 about certificates) "The certificate presented by the receiving MX MUST chain to a root CA that is trusted by the sending MTA and be non-expired. " Maybe it's redundant, but since it explicitly mention non-expired, should it also mention not revocated? _ Section 5.1 Policy Application Control Flow "3. Upon message retries, a message MAY be permanently failed following first checking for the presence of a new policy (as indicated by the "id" field in the "_mta-sts" TXT record)." It does not specify the number of retries. A parameter could be added to the policy to indicate the number of retries before permanent failure, with a default value of X. Maybe I missed it, but I didn't see any mention to what to do if the id from the TXT record does not match the id from the HTTPS policy. _ Security considerations: The first paragraph of Section 6.1 contradicts the second paragraph on Section 8.3 "Updating the policy requires that the owner make changes in two places: the "_mta-sts" TXT record in the Policy Domain's DNS zone and at the corresponding HTTPS endpoint. As a result, recipients should thus expect a policy will continue to be used by senders until both the HTTPS and TXT endpoints are updated and the TXT record's TTL has passed." (1st paragraph Section 6.1) "This attack is mitigated in part by the ability of a victim domain to (at any time) publish a new policy updating the cached, malicious policy, though this does require the victim domain to both obtain a valid CA-signed certificate and to understand and properly configure MTA-STS." (2nd paragraph Section 8.3) If I am able to publish a new policy, but this policy does not reach the senders, then I am not solving the problem. The whole policy application, update is not clear to me, it seems there is a contradiction between the fact, mentioned a couple of times, that a policy can be updated any time, and the resistance to "TLS downgrade" attacks. Please correct me if I'm wrong. In the policy updates, it clearly states that updating a policy requires updating both the TXT record and the HTTPS policy. DNS request are usually served by intermediary DNS servers, that will update the cache based on the TTL of records, whereas HTTPS requests will be usually served by the "final" server itself, therefore policy updates will immediately (almost) be deployed. This creates a dilemma. Using short TTLs to allow frequent policy updates increases the window of vulnerability (policy update requires fetching the TXT record), but using long TTLs reduces the ability to update the policy on-demand. A possible solution could be to unlink the id from the TXT record from the id of the policy. A long TTL (1 month?) can be used to "broadcast" that a domain applies MTA-STS, and a short max-age (hours, minutes?) can be used to facilitate frequent policy updates. Finally, regarding the JSON vs pair-of-values, I think that at this stage the opinion of the Implementors (those who will implement it) should prevail, to facilitate its future acceptance. I don't think it makes much difference for domain controllers, who may deploy it. Gerard Draper Gil
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Daniel Margolis
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Alexey Melnikov
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Viktor Dukhovni
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Daniel Margolis
- Re: [Uta] draft-ietf-uta-mta-sts-04 Review Jeremy Harris
- [Uta] draft-ietf-uta-mta-sts-04 Review Gerard.DRAPER-GIL