Re: [Uta] Comments on draft-ietf-uta-mta-sts-03
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 27 March 2017 08:21 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4D3891294B1 for <uta@ietfa.amsl.com>; Mon, 27 Mar 2017 01:21:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gusgDjW_TJqa for <uta@ietfa.amsl.com>; Mon, 27 Mar 2017 01:21:13 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7274A1294A3 for <uta@ietf.org>; Mon, 27 Mar 2017 01:21:12 -0700 (PDT)
Received: from vpro.lan (cpe-74-71-8-253.nyc.res.rr.com [74.71.8.253]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 682AD7A32F1 for <uta@ietf.org>; Mon, 27 Mar 2017 08:21:11 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <d42e535b43f14fc68b9b3e22cdff2e51@EXC01-Arezzo.diennea.lan>
Date: Mon, 27 Mar 2017 04:21:10 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: uta@ietf.org
Message-Id: <BF2CE255-261C-4006-B8C9-9D9518EF258F@dukhovni.org>
References: <d42e535b43f14fc68b9b3e22cdff2e51@EXC01-Arezzo.diennea.lan>
To: uta@ietf.org
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/94nb1qQWnDlrmqw-Z8vqnMPK6LE>
Subject: Re: [Uta] Comments on draft-ietf-uta-mta-sts-03
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 08:21:15 -0000
> On Mar 27, 2017, at 4:08 AM, Federico Santandrea - Diennea <federico.santandrea@diennea.com> wrote: > > > Let's suppose the sending MTA finds the MTA-STS TXT record, which states > the receiving domain has an MTA-STS policy. The draft says "To discover > if a recipient domain implements MTA-STS, a sender need only resolve a > single TXT record". But what happens when the sending MTA can't fetch > the actual policy via HTTPS? Keep it simple. It is just as easy to block access to the TXT record as to block access to the HTTPS site. The TXT record is just an efficiency aid, so that MTAs don't have to attempt costly HTTPS connections (that typically time out) to domains with no STS records. Therefore, when the TXT record exists, but STS policy access fails, the right action is to assume no policy (regardless of whether this is a true first contact, or whether a previously cached policy had expired). STS is vulnerable to attack when no cached policy exists. Once the cache is primed, email to destinations that receive ongoing traffic will continue to have unexpired policy data, because the sender should do proactive refresh of the policy before it expires. For first contact, or domains that don't receive sufficiently regular mail, STS is vulnerable to downgrade attacks. So the right behaviour with TXT records that don't lead to a policy, is to continue as though there is no policy. Indeed with Postfix (if/when STS is implemented) I'm likely to always do STS policy lookup in the background, in which case the first (more than one if concurrent) message(s) to a domain will always go out with opportunistic TLS, and secure delivery will only begin once the background policy retrieval succeeds. Delaying delivery while waiting for remote HTTPS lookups to complete is not especially appealing. -- Viktor.
- [Uta] Comments on draft-ietf-uta-mta-sts-03 Federico Santandrea - Diennea
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Viktor Dukhovni
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Daniel Margolis
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Jim Fenton
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Viktor Dukhovni
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Daniel Margolis
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Federico Santandrea
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Federico Santandrea
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Daniel Margolis
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Daniel Margolis
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Viktor Dukhovni