IETF Logo Mail Archive

Re: [Uta] "webby" STS and DANE/DNSSEC co-existence

Jim Fenton <fenton@bluepopcorn.net> Mon, 11 April 2016 21:18 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FDE312D87E for <uta@ietfa.amsl.com>; Mon, 11 Apr 2016 14:18:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.997
X-Spam-Level:
X-Spam-Status: No, score=-2.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qWe-1Xj0-vmj for <uta@ietfa.amsl.com>; Mon, 11 Apr 2016 14:18:17 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1977612D873 for <uta@ietf.org>; Mon, 11 Apr 2016 14:18:16 -0700 (PDT)
Received: from splunge.local (c-50-136-244-117.hsd1.ca.comcast.net [50.136.244.117]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.3/8.14.3/Debian-9.4) with ESMTP id u3BLIEWG013732 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for <uta@ietf.org>; Mon, 11 Apr 2016 14:18:16 -0700
To: uta@ietf.org
References: <570C0CD2.9030401@cs.tcd.ie>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <570C1496.3040203@bluepopcorn.net>
Date: Mon, 11 Apr 2016 14:18:14 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <570C0CD2.9030401@cs.tcd.ie>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1460409496; bh=5lmo/nafAXr4LYbFNLjht2cm2VtI9bI3JiAg+9RGVNI=; h=Subject:To:References:From:Date:In-Reply-To; b=glrdFsrpTh/OwzCQVyc0hBS6mrCtQcfgPUMNpIvaOJ5hYqch/NLM6bfbl+xC05xkm DYYIMbIfafR20fCf8yGbIZufN833Yxa7/GA/WaLORe2VfG654kovdbNIVF+jfzUoZT dT0Cna8kMVPGL7pTPFj0DpJ2qLwmhAT0Utqi2Lb0=
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/3K61KZWymeMmRDAexztUG1GWap0>
Subject: Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 Apr 2016 21:18:18 -0000

On 4/11/16 1:45 PM, Stephen Farrell wrote:
> - We can, and probably will, define a "webby" to achieve
>   the same desired effect of getting beyond opportunistic
>   security. Daniel and co's STS aprooach (as outlined for
>   the next revision in B-A) is one such, and seems like
>   it's one that can work.

As I remember, there were still some issues with how the lookup would
take place (what the URL would be): some sort of reserved hostname was
seen to be a non-starter, and I seem to remember that there was some
issue with .well-known as well, but can't remember the specifics.

Another issue I'm not sure we discussed is the handling of wildcard MX
records: if I send a message to user@foo.example.com, and there is an MX
record for *.example.com, do I look for the policy at foo.example.com,
or do I notice that there was a wildcard MX and use the next higher
domain? I suppose that might work. But I'm still not 100% comfortable
that there's a good "webby" approach to finding the policy in all cases.
> - Any such webby approach will inherently involve us in
>   re-inventing a lot of what we get from DANE/DNSSEC. That's
>   a bit of a pain, but inevitable and not a reason to not
>   do STS. (The goal here is not perfection but to enable
>   folks to do better than opportunistic security after all.)
> - My guess is that the webby approach will end up being
>   a bit less secure/safe compared to the DANE/DNSSEC way
>   of doing things, mostly due to it having to depend on
>   some kind of TOFU step that gets repeated whenever DNS
>   without DNSSEC is used (i.e. when something cached
>   expires).

The risk is that the sender won't find the policy at all if the web
address lookup fails. But can we agree that the long MTU approach
described in the current draft isn't an effective mitigation to that
problem? Several people pointed out in the meeting that caches don't
typically hold things for very long times; the MTU specifies how long
records MAY be cached, not how long they SHOULD be cached.

My concern here is that if it's possible for intermediaries (for
example, firewalls at the enterprise and national level that currently
interfere with STARTTLS negotiation) to interfere with STS lookups, all
we will have done is to ask them to implement a new blockage feature,
and we haven't actually improved security.

-Jim

v2.23.0 | Report a Bug | By Email