Re: [Uta] Genart last call review of draft-ietf-uta-smtp-tlsrpt-17
Jim Fenton <fenton@bluepopcorn.net> Wed, 14 March 2018 20:12 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2BECD127337 for <uta@ietfa.amsl.com>; Wed, 14 Mar 2018 13:12:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.011
X-Spam-Level:
X-Spam-Status: No, score=-2.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mKFskzLM9cnU for <uta@ietfa.amsl.com>; Wed, 14 Mar 2018 13:12:40 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F58F12426E for <uta@ietf.org>; Wed, 14 Mar 2018 13:12:40 -0700 (PDT)
Received: from dhcp-9571.meeting.ietf.org (dhcp-9571.meeting.ietf.org [31.133.149.113]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id w2EKCZmq005159 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for <uta@ietf.org>; Wed, 14 Mar 2018 13:12:39 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1521058359; bh=sspgk6kXzJboAT3c0Bc9ramui//GRfm1rWLLUupJxL0=; h=Subject:To:References:From:Date:In-Reply-To; b=rh3uYJ+MYD9PcmAQVqVotcTMZ3HoNAC9pLDEXLO7lkNb7KnNS+m0fl8ywAwEAveu+ jWbTcyLZCcgcIDNJt8dudYCne59dBNimGe4Yg6dmFrQ16w3OMA29fmhlyapJXuPAV1 mm4mv7a1xwOfYrJqlPt1ooCrV6aaJY3m7C7gLIMY=
To: uta@ietf.org
References: <152054808275.11187.13276762980596133506@ietfa.amsl.com> <0423F6BE-6CF5-4DBA-A241-56142268D067@dukhovni.org> <5960ef77-8310-0b05-6c89-46b35023f314@joelhalpern.com> <f5a3f45961fa4f46bf8e8cd269936451@COPDCEX19.cable.comcast.com>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <460f8482-841d-c6ba-b7d9-a840f93bfbae@bluepopcorn.net>
Date: Wed, 14 Mar 2018 13:12:35 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <f5a3f45961fa4f46bf8e8cd269936451@COPDCEX19.cable.comcast.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/6WET3aMgnCO9GEtV8lVQOJMRpKs>
Subject: Re: [Uta] Genart last call review of draft-ietf-uta-smtp-tlsrpt-17
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Mar 2018 20:12:42 -0000
Requiring that the selector have a particular name or name prefix associates semantics with selector names, of which there is none. It also requires the management (e.g., rotation) of more keys per domain. There is a better way to do this. The s= tag on the key record (service type) can be used to distinguish keys that are only supposed to sign normal mail from those that may sign TLS reports (or those that may be used for either). The default is "*", that the key can be used for any service. For domains that are concerned that users may sign spoofed TLSRPT messages, they can specify s=email for keys intended for normal use and s=tlsrpt (I'd propose) for those that may sign TLSRPT messages. This way TLSRPT only complicates the key management when the is potential for abuse. Then require that it only accept TLSRPT messages when signed with a key permiting the appropriate service See RFC 6376 section 3.6.1, description of s= tag. -Jim On 3/14/18 4:21 AM, Brotman, Alexander wrote: > I don't see any reason a specific DKIM selector wouldn't be possible. > > We'll see if we can get some language added to address the clarifications you've requested. > > -- > Alex Brotman > Sr. Engineer, Anti-Abuse > Comcast > > -----Original Message----- > From: Joel M. Halpern [mailto:jmh@joelhalpern.com] > Sent: Thursday, March 08, 2018 6:47 PM > To: Viktor Dukhovni <ietf-dane@dukhovni.org> > Cc: gen-art@ietf.org; uta@ietf.org; draft-ietf-uta-smtp-tlsrpt.all@ietf.org; ietf@ietf.org > Subject: Re: [Uta] Genart last call review of draft-ietf-uta-smtp-tlsrpt-17 > > A reasonable perspective. Could that be added to the document? > > Yours, > Joel > > On 3/8/18 6:33 PM, Viktor Dukhovni wrote: >> >>> On Mar 8, 2018, at 5:28 PM, Joel Halpern <jmh@joelhalpern.com> wrote: >>> >>> It is surprising in Section 3 Bullet 4 that reporting via email requires >>> that the report submitted use DKIM. Particularly while ignoring any >>> security errors in communicating with the recipient domain. >> Actually, this is not surprising. The main security risk here is >> report spam, that will drown the true signal in noise, making it >> impossible to notice real validation failures or operate the service. >> >> Therefore, the report origin domain must be authenticated via DKIM. >> I'd be tempted to go further and require a particular "selector" >> prefix that is specifically chosen for "tlsrpt", so that with domains >> such as "gmail", where anyone can get an email account, just being a >> user on the sending system is not enough to be able to forge a DKIM authenticated report. >> But that would create significant complications for the sender to make >> it so, and so is probably not needed. >> >> In summary, when sending reports the party that needs to be >> authenticated is the sender domain, while the receiving domain is >> presumed operationally compromised, and so should be exempt from any authentication requirements. >> > _______________________________________________ > Uta mailing list > Uta@ietf.org > https://www.ietf.org/mailman/listinfo/uta
- [Uta] Genart last call review of draft-ietf-uta-s… Joel Halpern
- Re: [Uta] Genart last call review of draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Genart last call review of draft-ietf-u… Joel M. Halpern
- Re: [Uta] Genart last call review of draft-ietf-u… Brotman, Alexander
- Re: [Uta] Genart last call review of draft-ietf-u… Viktor Dukhovni
- Re: [Uta] Genart last call review of draft-ietf-u… Jim Fenton
- Re: [Uta] Genart last call review of draft-ietf-u… Brotman, Alexander
- Re: [Uta] Genart last call review of draft-ietf-u… Jim Fenton