Re: [Uta] MTA-STS-03 review
Daniel Margolis <dmargolis@google.com> Mon, 27 March 2017 20:55 UTC
Return-Path: <dmargolis@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 431C9124234 for <uta@ietfa.amsl.com>; Mon, 27 Mar 2017 13:55:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KEgr35RW5zVH for <uta@ietfa.amsl.com>; Mon, 27 Mar 2017 13:55:10 -0700 (PDT)
Received: from mail-it0-x22e.google.com (mail-it0-x22e.google.com [IPv6:2607:f8b0:4001:c0b::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 460C4129636 for <uta@ietf.org>; Mon, 27 Mar 2017 13:55:09 -0700 (PDT)
Received: by mail-it0-x22e.google.com with SMTP id e75so34707226itd.1 for <uta@ietf.org>; Mon, 27 Mar 2017 13:55:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=Dw/NP9yRmwp6xcmigQ+1uUgOsccaTU8boP/A7FrR5W4=; b=qnN4e139kuUAoChYl0244zWvMTbukLSJGDS8YqqooBsyusU2ympBljGW9xES+78S05 s57ijjJz6TewmYqV7qZTybBIlU689ttM6mqSOLctMckvMJhzWgG1xSyj40j6RnxrIbnq LnL9is3UxZBxlnm+aOpEm1fOadGGm73xw/L9Sl1AYH7JLBvyp4NdQwjiwqcTr1zRlJL0 0RfWoUdDn9KSkcWkzsuWSK35ow5z1LHHeq9h2nvp8wQeA2zCrfq/Yi/78BxOQ98CfmuZ 7nkxDT5wD/LWgXo4s1xU/xeQF/3ojmb+8eXKMqR/u44QMCFmE1wtP+eQtdqIQ+7Ykt0k YRPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=Dw/NP9yRmwp6xcmigQ+1uUgOsccaTU8boP/A7FrR5W4=; b=GyeZ1k0uYC7FZ8+mS3MtYFzhSBZB0cRjgVTSDuYyuJrF4gV4FBxdBZqc8xzsc7gIwl B8DQG6KtxYE613AMapzQrJ1MYkSn9HxihNmRZk3zfw/1NHg2eZS/bfmXfIfPUgovKhL1 ga9kdtSHqlI5IoGUyAhJJZObskKIkZZFNBBT9eT1I1RlneqQ5QqLhIGcauOp9wb+GgxM lc5NMA2dNyrnR16L+hFblL5Ri1UHEuEqACtXMw6u7U0gdtAH0GsOA1okQleY77f4uQEM F2pBWt2cfHrjx77YaXciSYzLzcX2THw339WVFRK4O0W6m1Yys1OB1Co327rlR6QmXgps zSPA==
X-Gm-Message-State: AFeK/H0wTgUaMw5zeYDcRgBIoPWi9sX0zCwXc13vdE0ALTmpo2jfovFp85iH49j/c2bMDLDJhITOIxE36wsF56Jl
X-Received: by 10.36.152.196 with SMTP id n187mr12475272itd.28.1490648107711; Mon, 27 Mar 2017 13:55:07 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.39.215 with HTTP; Mon, 27 Mar 2017 13:55:06 -0700 (PDT)
In-Reply-To: <92500952-2A50-4508-8686-03CDBF72485D@dukhovni.org>
References: <4C0807DA-4852-4DAC-80ED-8A25371CFFAA@dukhovni.org> <CANtKdUfOZYSr_SuGHdDHHgrF8J5VjEWwVw_7KC2xS5DrCKhu-w@mail.gmail.com> <20170326205218.GN11426@blitiri.com.ar> <92500952-2A50-4508-8686-03CDBF72485D@dukhovni.org>
From: Daniel Margolis <dmargolis@google.com>
Date: Mon, 27 Mar 2017 22:55:06 +0200
Message-ID: <CANtKdUfL+RT05KSqj5i4YeoRa=gHywNosou2VPF6acPDpRhG0g@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="94eb2c05e9a2fcf127054bbc8ecd"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/5tDh8jdP4_qfrAZ6HladXY_Zat4>
Subject: Re: [Uta] MTA-STS-03 review
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 20:55:13 -0000
re MXs: Right, I think a nonstandard MX list is actually worse than the disease it cures. ;) But you are right to point out that there are multiple approaches that confer similar security advantages. To the matching point, I share the concern about people having to write their own cert matching code, but I think there are a few arguments for it: 1. I believe if we restrict wildcards to the "full" leftmost label (i.e. *. example.com is valid, but mail*.example.com or mail.*.example.com are not) and we do the same in the certs (which RFC6125 seems to allow us to define), wildcard matching is a simple "x ends with y or y ends with x" comparison, so is in fact trivial to implement. 2. It seems (and I suspect this was part of Viktor's motivation) to match nicely with https://tools.ietf.org/html/rfc7672#section-3.2.2, which if I read it correctly leaves the door open to a certificate matching the nexthop domain rather than the MX hostname; by requiring MX hostname matches in STS we would break that behavior. I think #2 is a pretty compelling point. (FWIW, the more I think of it, Viktor, the less compelling I find the other point about MX candidate traversal being unchanged, since I'm not sure it's really a huge difference to say "this host doesn't match the MX pattern; try the next candidate" as opposed to "this host's certificate doesn't match the MX pattern..." It seems like both cases are quite similar, though maybe in some implementations the code structure implies one to be easier than the other?) re JSON: I think when you've reached the point that JSON-vs-key-value-pairs is the main point of contention it's probably not a *bad* sign. ;) I had the same feeling as Albert about using something with pre-existing library support, which was really the main argument for JSON--and I think since we've already implied a dependency on some HTTPS lib an additional JSON lib seems not *too* serious. At the same time, it's true that Postfix's typical deployments may often be likely to be concerned about each additional library dependency, which is less on my mind here at Google. This seems mostly like an issue of aesthetics (which is not to say it's unimportant, but it seems less fundamental than the design questions we've discussed in the past). If there aren't really strong objections I'd probably keep JSON since we already have both code and published policies in that format, but if there are strong objections, I think it's a trivial matter for the early adopters to change. On Mon, Mar 27, 2017 at 3:01 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > > > On Mar 26, 2017, at 4:52 PM, Alberto Bertogli <albertito@blitiri.com.ar> > wrote: > > > > There are lots of advantages of using JSON for this. It is well defined, > > standard and there are lots of well tested and widely used > > implementations. > > > > It is used widely, it's familiar to many people, and its shortcomings > > (which are not few, admittedly) are well understood and documented. > > Sure JSON is used widely in all kinds of software, but NOT in MTAs, > and STS is for MTAs. > > > It support rich types (such as lists), and common libraries already > > handle difficult situations like non-ascii content, long integers, > > multi-line strings, malformed/malicious input, etc. > > Sure in Perl, Python, Go, ... but Sendmail, Qmail, Postfix and Exim > are in C, and already have code to handle ESMTP attr=value lists, and > don't currently use JSON. The extra features of JSON you mention are > not needed for this specification, and over-engineering to use JSON > is IMHO not useful. > > -- > Viktor. > > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta >
- [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Jeremy Harris
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review David Illsley
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Alberto Bertogli
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Alberto Bertogli
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis