IETF Logo Mail Archive

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Jim Fenton <fenton@bluepopcorn.net> Thu, 28 February 2019 18:35 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1DD9130FA8; Thu, 28 Feb 2019 10:35:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RC5el5gYfQcH; Thu, 28 Feb 2019 10:35:09 -0800 (PST)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28B4C130F8E; Thu, 28 Feb 2019 10:35:08 -0800 (PST)
Received: from steel.local ([IPv6:2601:647:4300:2290:214e:1bd0:ac50:a2ec]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x1SIZ6Mk024957 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 28 Feb 2019 10:35:07 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1551378908; bh=/4GOOpgu/FFNQ9ezwWEAhJUaEZscsmAssZgOy0yLiF0=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=sbfFF8FvE/GYISUOlb7ubf53xWYkPbr0Kn6TVBVdKmW4XfHrSrGgH8132bnQ7JyaE cscZQRrUouw388kCk44GQgwQdl0tXW0WhJiHCys6MNReNTxi3AMis/cfjNygbQ73m+ LAOTAr0Y8iYoyGi5ZKV1tcMwE0AMHkhk5g9rXqno=
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>, uta@ietf.org, uta-chairs@ietf.org, valery@smyslov.net, draft-ietf-uta-smtp-require-tls@ietf.org
References: <155076162945.8595.2671476533659571699.idtracker@ietfa.amsl.com> <554356ec-de3a-08ed-a920-0397813895e0@bluepopcorn.net> <CABcZeBPOWVhPTpBt3E8GsqH7LMtG4y04voqTCLS=PG3hZk+NaA@mail.gmail.com> <b79b4b8a-a2b9-8954-83fd-e2789b4cd3c3@bluepopcorn.net> <CABcZeBPG3HHPhwoSNJPJGgLbSSOmSWhw43U+T-tnrVTjgtzmiQ@mail.gmail.com>
From: Jim Fenton <fenton@bluepopcorn.net>
Openpgp: preference=signencrypt
Autocrypt: addr=fenton@bluepopcorn.net; prefer-encrypt=mutual; keydata= mQINBFJNz0MBEADME6UoNSsTvSDJOdzL4yWfH4HTTOOZZPUcM/at38j4joeBb2PdatlwCBtk 9ZjupxFK+Qh5NZC19Oa6CHo0vlqw7V1hx1MUhmSPbzKRcNFhJu0KcQdniI8qmsqoG50IELXN BPI5OEZ3chYHpoXXi2+VCkjXJyeoqRNwNdv6QPGg6O1FMbB+AcIZj3x5U18LnJnXv1i+1vBq CxbMP43VmryPf8BLufcEciXpMEHydHbrEBZb/r7SBkUhdQXjxRNcWOLeYvOVUOOrr1c+jvqm DEbTWUJVRnUro/WpZQBffFnymR0jjkdAa8eOVl/nF2oMLbaBsOMvxCRSSEcGhuqwbEappNVT 1nuBTbkJT/GGcXxc+lEx9uNj86oYC4384VZJMTd1BRI4qPXImNZCIdmpKegK743B6xxN6Qh1 Tg167pn9429JENQE/AFIVX5B/gpsg7Aq+3rmz9H6GbfovPvFV3TBTgsHCHAMC8XU+S4fhcqN PN0lbUeyb7g6wxaE+dYqC7TExx7G3prw4v66y0qS7ow/Cfw8XXOEkaFQ4XwP7nvfILT+9CcU yS8I40vlDFU9Wnt56CbGz0ZVQgHnwyPXL+S9kCcIwRLFx1M79s6T6qwX1TXadfpbi1uIw7XG TiPDT8Pk6i2y22oSSROyYD4D+wOhVkkvO0S8iZ3+LhAYUx86nwARAQABtCNKaW0gRmVudG9u IDxmZW50b25AYmx1ZXBvcGNvcm4ubmV0PokCVQQTAQIAPwIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AWIQS1nUkJe2fEXbvBaacbJaiwFdCfvgUCW4RXswUJCxkNcAAKCRAbJaiwFdCf vjdyD/wNUBktyTqGVI5JGE8TJX6+6bmq5HHJ/I+CgGNtyvjriNZdxZJ86L5Z7MIidBeUOXvl /DZK+1zvS/hq8oMe7rPMbSepHHdhMyVTBuWnUG3n48dYOMqQjttBxisauC9GXrejhDJeGP+y WDLRdkMs1h5M48MKpEHf69pvkb+CCewbJeJH3kpPc5Iv9lJEOM/SrGlR72RUsMHeBcc3ykPR CeW0MpXGKAo5QCRw51uvuy7jZdlxOrLMMvMSyqCVanaW2Iz8mXQKufahkDfjff/eBUgXSfxS L1H2ZUN8XeyLttn6iei0Jqs1aSTmU1y0XxMM5k0rgA+3PoZrkgYTSvVBQMhE+sIyeoiB9oat 5h7M7nZBXc4LQTEwMFCamE4GIaSkpLFwBBwZwPa487XKnPbGV6zr7sYEzDaCvkQGJdfw6NqA 5IxLgmAoCAWnp3h26OtUJ0lmgpRy/Vy4yinbVAvkBq1CB1gRlNDYn0Ton06Bz0ltSpBTWTzj m6zvnA2JLzyFrTc30PR22WD/m18/qgua7YCiP1xu88AsnY5HPgxDj88PDiiyuFftYHhSY0Dy nV+iz+NEPal/LaklqVmA1+l8qj/SPAdycbD/s2X6MHjPBamdBmzytuEZnv+LImPTkdswExLD AORVDaH2SYuznhFs7xZ/t1rB5Yo1l5eDGdTQ6KLsDLkCDQRSTc9DARAAwZaXYs3OzGlpqvSH 3HR9GjSzIeP0EmsBCjpfIdZbQBwQ3ZREiMGInNxV+xkdjLDg0ctrWzUCUe3plWe5NJkpjqm+ KMc7GKhyeWJ5MZRtVrh0VpFTqi8UwYPWumAYqE1y/U1me/zHpfG9EDwdSYqMkPF76Fy5W+vh ZP2ILKaY8qWSLyH8TPl5mFGBypfT8Q6UuzlRs2aTbsTtBX/qwH7gztMRJSjQtYo20AqCgBBH IA/0xV5qDH7CVYyKyPQ4tJLQ8/xyTysUS5fewrj8lZo/G9SaNtC3CEvrJYwyA0nvYB6+hJPM qMP/tyRXM/9XY3qO4Vxuc+m5fYbTZa5GYAZNNuB5dvqI1U0sFTWBEbpAeabqCQ40ZnFSj+t1 tBuwfj4ey/oJ78WRyg5+VTvPKRRubOmZcnzj5yfTS3VGxAZb4Nsj1S2f3KLP0Z+Cv4dt893I 2JWTChw7jA1omF0QTQaBq140n084PFndBHudrZ3cz+APC89iie2HQ4jGQldXZXnGySHnHlA+ WUyZ9wgOplW9F4Q/Lps1bnuh5VttPVpNfjX8hiV48al+b+ut4nfzXAripIRWF3TL72/6JqgE KNhRKyRn0S6BidieSyHWzqJR3Roi/YNTvyXyLh6i6jtByb3FbnhYf/9olobDpj0E+kTemLrw owre85gwupSphqlzVSUAEQEAAYkCPAQYAQIAJgIbDBYhBLWdSQl7Z8Rdu8FppxslqLAV0J++ BQJbhFZUBQkLF7qRAAoJEBslqLAV0J++wvgP/jPjfjH3zEGYhdv89B0vFsRIBDDZzJuMxZZL EW/FyqKqswTHt6HD2ScuiGNEsNWebKEZbj2+Y673KqWnBGMFuJovAzlLeNNxQToJq03pzm/9 4A0ePYk9xzrMgtW+DEUemWElvMbSwZYid8Zj4lAx+U/X6Dh7HPSTx8DO4BKRA4cLrASOaUuS /w8/2eTXNEJssqc8Shwq6bNO5cPXrjb/qJgbb/MOLp0Nn1vNIPjoi/88910pyOV9chYJJFRX zOofGwaRjvcO55X57lveBrNEgH453EHa7QAHL4wD2dbCd445YOPkn0mBNJe3Un5JTsi6IQaK NHUMfwTWrVWN8RapFaPv6YXVBEvpA13G88TFkR5UHlz6YEUMATmgJQpmTFRkPYT0DTEbL4/O ywFgqMzmY1ojKV/Z6iWCAHqVnyFr6NtTFmT/qkOtb933YWJZW6Pg/Us2rZHro7uvQ/bf7Uxb vkn4lX+VneDBjsk3RPnHO/6k8lY2xQ343O7QOedSkM6rJpB9IbgXvHJNJfAWV+L89ElZeKJr VNaQqAw/1uXM7s8MVc+qwoT+DN0jsdqkBcuBxnbYeyM/8X6wcZHopV74r7SAbH4TrtjcBft5 nyM0UroVaEXvJxLzL3kQTsHIiDtGVuYwDTHzVl9591fuyEe0cYZVP2WckXcuM7EUn4CPBUYJ
Message-ID: <e3dfd4cd-ccb4-7203-bb8c-6365bf79375a@bluepopcorn.net>
Date: Thu, 28 Feb 2019 10:35:00 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBPG3HHPhwoSNJPJGgLbSSOmSWhw43U+T-tnrVTjgtzmiQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------9E33DA9557517CF863F17112"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/57io6knhhppJysqo5YxAgdHPYnw>
Subject: Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 18:35:13 -0000

On 2/28/19 9:42 AM, Eric Rescorla wrote:
>
>
> On Thu, Feb 28, 2019 at 9:33 AM Jim Fenton <fenton@bluepopcorn.net
> <mailto:fenton@bluepopcorn.net>> wrote:
>
>     On 2/27/19 2:10 PM, Eric Rescorla wrote:
>>
>>
>>     On Tue, Feb 26, 2019 at 3:37 PM Jim Fenton
>>     <fenton@bluepopcorn.net <mailto:fenton@bluepopcorn.net>> wrote:
>>
>>         On 2/21/19 7:07 AM, Eric Rescorla wrote:
>>         >
>>         ----------------------------------------------------------------------
>>         > DISCUSS:
>>         >
>>         ----------------------------------------------------------------------
>>         >
>>         > I support Benjamin's DISCUSS.
>>         >
>>         > To elaborate on one point a bit: it seems to me that it's
>>         harmful to
>>         > security to allow the sender to unilaterally override the
>>         recipient's
>>         > preferences that something be encrypted. To forestall one
>>         argument,
>>         > yes, the sender knows the contents of the message, but the
>>         recipient
>>         > knows their own circumstances, and they may be at
>>         particular risk
>>
>>
>>         The general approach of REQUIRETLS is that the sender is in a
>>         good
>>         position to determine the sensitivity of the message(s) they are
>>         sending, because they know what the message is.
>>
>>
>>     Right, this is what I am disputing.
>
>
>     If I'm reading this correctly, you're concerned about the header
>     field (don't require TLS even if recipient domain policy says to)
>     rather than concerned about the REQUIRETLS SMTP extension
>     requiring the use of TLS. Let me know if this is incorrect.
>
>
> Yes.
>
>     The preferences we're talking about here (MTA-STS and DANE) are
>     basically advertisements saying, "if you send mail to this domain,
>     you should expect to use TLS when doing so."
>
>
> and "if you recognize this indicator, you should fail if the server
> doesn't do TLS", right? Just like HSTS.
>
>     There will always be SMTP clients that don't implement MTA-STS and
>     DANE (and possibly even STARTTLS) and will behave exactly as they
>     do today.
>
> Yes, this is the situation with HSTS as well.
>  
>
>     You described it correctly as a preference; if the sender wants to
>     emphasize delivery over security, they can ignore that preference.
>     That's basically what the header field (RequireTLS: no or perhaps
>     TLS-Required: no) does.
>
> Yes, what I am saying is that it's not solely the sender's decision,
> and that this is an indicator that privileges the sender's choice of
> nonsecurity over the recipient's; of security. Now, arguably, this is
> a weakness in the semantics of MTA-STS and DANE in that they could
> have three states: insecure OK, secure only, and secure only unless
> the sender explicitly says OK, But that's not how they are designed.


That's right, "secure only" is not the semantics of MTA-STS and DANE. So
TLS-Required: no is consistent with those semantics. It might be
interesting to see how MTA-STS and DANE could be extended to have the
other states, but the lack of those states is outside the scope of
TLS-Required: no.


>  
>
>>
>>         Ultimately, for the last
>>         hop anyway, the recipient has the ultimate control: they can
>>         refuse to
>>         accept a message unless STARTTLS has been negotiated.
>>
>>
>>     Actually, this doesn't work for two reasons:
>>
>>     1. There might be an active attacker.
>
>
>     Please elaborate on the type of active attacker you are referring to.
>
>
> A Dolev-Yao/3552 network attacker that controls the entire network.
>
>     An impostor SMTP server? Note that either DNSSEC or MTA-STS is
>     required in the secure (SMTP extension) case in order to guard
>     against forged MX records.
>
> Suppose that you are example.com <http://example.com> and you want to
> ensure that anyone who sends to you uses TLS. Rejecting non-TLS
> connections doesn't work because unless the sender enforces TLS, the
> attacker will just impersonate you, refuse to negotiate TLS, and then
> re-connect to you offering TLS.


Since MTA-STS and DANE do not have a "secure only" state, this is
outside the threat model of those protocols. Adding requirements to
clients implementing TLS-Required (such as that they check for MTA-STS
and DANE [and in turn implement DNSSEC]) doesn't do anything about the
bigger problem with clients who don't implement TLS-Required.

-Jim

v2.23.0 | Report a Bug | By Email