Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
Jim Fenton <fenton@bluepopcorn.net> Thu, 28 February 2019 18:35 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C1DD9130FA8; Thu, 28 Feb 2019 10:35:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RC5el5gYfQcH; Thu, 28 Feb 2019 10:35:09 -0800 (PST)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28B4C130F8E; Thu, 28 Feb 2019 10:35:08 -0800 (PST)
Received: from steel.local ([IPv6:2601:647:4300:2290:214e:1bd0:ac50:a2ec]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x1SIZ6Mk024957 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 28 Feb 2019 10:35:07 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1551378908; bh=/4GOOpgu/FFNQ9ezwWEAhJUaEZscsmAssZgOy0yLiF0=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=sbfFF8FvE/GYISUOlb7ubf53xWYkPbr0Kn6TVBVdKmW4XfHrSrGgH8132bnQ7JyaE cscZQRrUouw388kCk44GQgwQdl0tXW0WhJiHCys6MNReNTxi3AMis/cfjNygbQ73m+ LAOTAr0Y8iYoyGi5ZKV1tcMwE0AMHkhk5g9rXqno=
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>, uta@ietf.org, uta-chairs@ietf.org, valery@smyslov.net, draft-ietf-uta-smtp-require-tls@ietf.org
References: <155076162945.8595.2671476533659571699.idtracker@ietfa.amsl.com> <554356ec-de3a-08ed-a920-0397813895e0@bluepopcorn.net> <CABcZeBPOWVhPTpBt3E8GsqH7LMtG4y04voqTCLS=PG3hZk+NaA@mail.gmail.com> <b79b4b8a-a2b9-8954-83fd-e2789b4cd3c3@bluepopcorn.net> <CABcZeBPG3HHPhwoSNJPJGgLbSSOmSWhw43U+T-tnrVTjgtzmiQ@mail.gmail.com>
From: Jim Fenton <fenton@bluepopcorn.net>
Openpgp: preference=signencrypt
Autocrypt: addr=fenton@bluepopcorn.net; prefer-encrypt=mutual; keydata= mQINBFJNz0MBEADME6UoNSsTvSDJOdzL4yWfH4HTTOOZZPUcM/at38j4joeBb2PdatlwCBtk 9ZjupxFK+Qh5NZC19Oa6CHo0vlqw7V1hx1MUhmSPbzKRcNFhJu0KcQdniI8qmsqoG50IELXN BPI5OEZ3chYHpoXXi2+VCkjXJyeoqRNwNdv6QPGg6O1FMbB+AcIZj3x5U18LnJnXv1i+1vBq CxbMP43VmryPf8BLufcEciXpMEHydHbrEBZb/r7SBkUhdQXjxRNcWOLeYvOVUOOrr1c+jvqm DEbTWUJVRnUro/WpZQBffFnymR0jjkdAa8eOVl/nF2oMLbaBsOMvxCRSSEcGhuqwbEappNVT 1nuBTbkJT/GGcXxc+lEx9uNj86oYC4384VZJMTd1BRI4qPXImNZCIdmpKegK743B6xxN6Qh1 Tg167pn9429JENQE/AFIVX5B/gpsg7Aq+3rmz9H6GbfovPvFV3TBTgsHCHAMC8XU+S4fhcqN PN0lbUeyb7g6wxaE+dYqC7TExx7G3prw4v66y0qS7ow/Cfw8XXOEkaFQ4XwP7nvfILT+9CcU yS8I40vlDFU9Wnt56CbGz0ZVQgHnwyPXL+S9kCcIwRLFx1M79s6T6qwX1TXadfpbi1uIw7XG TiPDT8Pk6i2y22oSSROyYD4D+wOhVkkvO0S8iZ3+LhAYUx86nwARAQABtCNKaW0gRmVudG9u IDxmZW50b25AYmx1ZXBvcGNvcm4ubmV0PokCVQQTAQIAPwIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AWIQS1nUkJe2fEXbvBaacbJaiwFdCfvgUCW4RXswUJCxkNcAAKCRAbJaiwFdCf vjdyD/wNUBktyTqGVI5JGE8TJX6+6bmq5HHJ/I+CgGNtyvjriNZdxZJ86L5Z7MIidBeUOXvl /DZK+1zvS/hq8oMe7rPMbSepHHdhMyVTBuWnUG3n48dYOMqQjttBxisauC9GXrejhDJeGP+y WDLRdkMs1h5M48MKpEHf69pvkb+CCewbJeJH3kpPc5Iv9lJEOM/SrGlR72RUsMHeBcc3ykPR CeW0MpXGKAo5QCRw51uvuy7jZdlxOrLMMvMSyqCVanaW2Iz8mXQKufahkDfjff/eBUgXSfxS L1H2ZUN8XeyLttn6iei0Jqs1aSTmU1y0XxMM5k0rgA+3PoZrkgYTSvVBQMhE+sIyeoiB9oat 5h7M7nZBXc4LQTEwMFCamE4GIaSkpLFwBBwZwPa487XKnPbGV6zr7sYEzDaCvkQGJdfw6NqA 5IxLgmAoCAWnp3h26OtUJ0lmgpRy/Vy4yinbVAvkBq1CB1gRlNDYn0Ton06Bz0ltSpBTWTzj m6zvnA2JLzyFrTc30PR22WD/m18/qgua7YCiP1xu88AsnY5HPgxDj88PDiiyuFftYHhSY0Dy nV+iz+NEPal/LaklqVmA1+l8qj/SPAdycbD/s2X6MHjPBamdBmzytuEZnv+LImPTkdswExLD AORVDaH2SYuznhFs7xZ/t1rB5Yo1l5eDGdTQ6KLsDLkCDQRSTc9DARAAwZaXYs3OzGlpqvSH 3HR9GjSzIeP0EmsBCjpfIdZbQBwQ3ZREiMGInNxV+xkdjLDg0ctrWzUCUe3plWe5NJkpjqm+ KMc7GKhyeWJ5MZRtVrh0VpFTqi8UwYPWumAYqE1y/U1me/zHpfG9EDwdSYqMkPF76Fy5W+vh ZP2ILKaY8qWSLyH8TPl5mFGBypfT8Q6UuzlRs2aTbsTtBX/qwH7gztMRJSjQtYo20AqCgBBH IA/0xV5qDH7CVYyKyPQ4tJLQ8/xyTysUS5fewrj8lZo/G9SaNtC3CEvrJYwyA0nvYB6+hJPM qMP/tyRXM/9XY3qO4Vxuc+m5fYbTZa5GYAZNNuB5dvqI1U0sFTWBEbpAeabqCQ40ZnFSj+t1 tBuwfj4ey/oJ78WRyg5+VTvPKRRubOmZcnzj5yfTS3VGxAZb4Nsj1S2f3KLP0Z+Cv4dt893I 2JWTChw7jA1omF0QTQaBq140n084PFndBHudrZ3cz+APC89iie2HQ4jGQldXZXnGySHnHlA+ WUyZ9wgOplW9F4Q/Lps1bnuh5VttPVpNfjX8hiV48al+b+ut4nfzXAripIRWF3TL72/6JqgE KNhRKyRn0S6BidieSyHWzqJR3Roi/YNTvyXyLh6i6jtByb3FbnhYf/9olobDpj0E+kTemLrw owre85gwupSphqlzVSUAEQEAAYkCPAQYAQIAJgIbDBYhBLWdSQl7Z8Rdu8FppxslqLAV0J++ BQJbhFZUBQkLF7qRAAoJEBslqLAV0J++wvgP/jPjfjH3zEGYhdv89B0vFsRIBDDZzJuMxZZL EW/FyqKqswTHt6HD2ScuiGNEsNWebKEZbj2+Y673KqWnBGMFuJovAzlLeNNxQToJq03pzm/9 4A0ePYk9xzrMgtW+DEUemWElvMbSwZYid8Zj4lAx+U/X6Dh7HPSTx8DO4BKRA4cLrASOaUuS /w8/2eTXNEJssqc8Shwq6bNO5cPXrjb/qJgbb/MOLp0Nn1vNIPjoi/88910pyOV9chYJJFRX zOofGwaRjvcO55X57lveBrNEgH453EHa7QAHL4wD2dbCd445YOPkn0mBNJe3Un5JTsi6IQaK NHUMfwTWrVWN8RapFaPv6YXVBEvpA13G88TFkR5UHlz6YEUMATmgJQpmTFRkPYT0DTEbL4/O ywFgqMzmY1ojKV/Z6iWCAHqVnyFr6NtTFmT/qkOtb933YWJZW6Pg/Us2rZHro7uvQ/bf7Uxb vkn4lX+VneDBjsk3RPnHO/6k8lY2xQ343O7QOedSkM6rJpB9IbgXvHJNJfAWV+L89ElZeKJr VNaQqAw/1uXM7s8MVc+qwoT+DN0jsdqkBcuBxnbYeyM/8X6wcZHopV74r7SAbH4TrtjcBft5 nyM0UroVaEXvJxLzL3kQTsHIiDtGVuYwDTHzVl9591fuyEe0cYZVP2WckXcuM7EUn4CPBUYJ
Message-ID: <e3dfd4cd-ccb4-7203-bb8c-6365bf79375a@bluepopcorn.net>
Date: Thu, 28 Feb 2019 10:35:00 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBPG3HHPhwoSNJPJGgLbSSOmSWhw43U+T-tnrVTjgtzmiQ@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------9E33DA9557517CF863F17112"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/57io6knhhppJysqo5YxAgdHPYnw>
Subject: Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 18:35:13 -0000
On 2/28/19 9:42 AM, Eric Rescorla wrote: > > > On Thu, Feb 28, 2019 at 9:33 AM Jim Fenton <fenton@bluepopcorn.net > <mailto:fenton@bluepopcorn.net>> wrote: > > On 2/27/19 2:10 PM, Eric Rescorla wrote: >> >> >> On Tue, Feb 26, 2019 at 3:37 PM Jim Fenton >> <fenton@bluepopcorn.net <mailto:fenton@bluepopcorn.net>> wrote: >> >> On 2/21/19 7:07 AM, Eric Rescorla wrote: >> > >> ---------------------------------------------------------------------- >> > DISCUSS: >> > >> ---------------------------------------------------------------------- >> > >> > I support Benjamin's DISCUSS. >> > >> > To elaborate on one point a bit: it seems to me that it's >> harmful to >> > security to allow the sender to unilaterally override the >> recipient's >> > preferences that something be encrypted. To forestall one >> argument, >> > yes, the sender knows the contents of the message, but the >> recipient >> > knows their own circumstances, and they may be at >> particular risk >> >> >> The general approach of REQUIRETLS is that the sender is in a >> good >> position to determine the sensitivity of the message(s) they are >> sending, because they know what the message is. >> >> >> Right, this is what I am disputing. > > > If I'm reading this correctly, you're concerned about the header > field (don't require TLS even if recipient domain policy says to) > rather than concerned about the REQUIRETLS SMTP extension > requiring the use of TLS. Let me know if this is incorrect. > > > Yes. > > The preferences we're talking about here (MTA-STS and DANE) are > basically advertisements saying, "if you send mail to this domain, > you should expect to use TLS when doing so." > > > and "if you recognize this indicator, you should fail if the server > doesn't do TLS", right? Just like HSTS. > > There will always be SMTP clients that don't implement MTA-STS and > DANE (and possibly even STARTTLS) and will behave exactly as they > do today. > > Yes, this is the situation with HSTS as well. > > > You described it correctly as a preference; if the sender wants to > emphasize delivery over security, they can ignore that preference. > That's basically what the header field (RequireTLS: no or perhaps > TLS-Required: no) does. > > Yes, what I am saying is that it's not solely the sender's decision, > and that this is an indicator that privileges the sender's choice of > nonsecurity over the recipient's; of security. Now, arguably, this is > a weakness in the semantics of MTA-STS and DANE in that they could > have three states: insecure OK, secure only, and secure only unless > the sender explicitly says OK, But that's not how they are designed. That's right, "secure only" is not the semantics of MTA-STS and DANE. So TLS-Required: no is consistent with those semantics. It might be interesting to see how MTA-STS and DANE could be extended to have the other states, but the lack of those states is outside the scope of TLS-Required: no. > > >> >> Ultimately, for the last >> hop anyway, the recipient has the ultimate control: they can >> refuse to >> accept a message unless STARTTLS has been negotiated. >> >> >> Actually, this doesn't work for two reasons: >> >> 1. There might be an active attacker. > > > Please elaborate on the type of active attacker you are referring to. > > > A Dolev-Yao/3552 network attacker that controls the entire network. > > An impostor SMTP server? Note that either DNSSEC or MTA-STS is > required in the secure (SMTP extension) case in order to guard > against forged MX records. > > Suppose that you are example.com <http://example.com> and you want to > ensure that anyone who sends to you uses TLS. Rejecting non-TLS > connections doesn't work because unless the sender enforces TLS, the > attacker will just impersonate you, refuse to negotiate TLS, and then > re-connect to you offering TLS. Since MTA-STS and DANE do not have a "secure only" state, this is outside the threat model of those protocols. Adding requirements to clients implementing TLS-Required (such as that they check for MTA-STS and DANE [and in turn implement DNSSEC]) doesn't do anything about the bigger problem with clients who don't implement TLS-Required. -Jim
- [Uta] Eric Rescorla's Discuss on draft-ietf-uta-s… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Salz, Rich
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Benjamin Kaduk
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Barry Leiba
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Barry Leiba
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… John Levine
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Benjamin Kaduk
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Barry Leiba
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Alexey Melnikov
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Eric Rescorla
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Nico Williams
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Eric Rescorla's Discuss on draft-ietf-u… Jim Fenton