IETF Logo Mail Archive

Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Thu, 28 February 2019 02:13 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7985D12D861; Wed, 27 Feb 2019 18:13:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M9jByRxLZuqw; Wed, 27 Feb 2019 18:13:17 -0800 (PST)
Received: from NAM05-DM3-obe.outbound.protection.outlook.com (mail-eopbgr730112.outbound.protection.outlook.com [40.107.73.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 694EB12867A; Wed, 27 Feb 2019 18:13:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=+Mt0a3hUecv5arfHgNHhu0xJTMFKVkiH0G89WMApYy8=; b=fzsrzRkLkitWF1G8NJ0Z7iIYwV75cIZEiw95pVbbNEW0mYgkF9YqsZOahPRxno4haq8E0D7vRUIaL87oGVTBS9C/77ni4+CRZiREINxSl17HMGON7jjr7lnKvZWxaBdy78LE/cGHEt5w1oL2RGqYo820ICR8+KRQXHo/NsIH1Os=
Received: from SN6PR01CA0017.prod.exchangelabs.com (2603:10b6:805:b6::30) by BL0PR01MB4849.prod.exchangelabs.com (2603:10b6:208:7e::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.14; Thu, 28 Feb 2019 02:13:14 +0000
Received: from CO1NAM03FT046.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::201) by SN6PR01CA0017.outlook.office365.com (2603:10b6:805:b6::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1622.16 via Frontend Transport; Thu, 28 Feb 2019 02:13:13 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT046.mail.protection.outlook.com (10.152.81.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.13 via Frontend Transport; Thu, 28 Feb 2019 02:13:13 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x1S2D9AK032547 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 27 Feb 2019 21:13:11 -0500
Date: Wed, 27 Feb 2019 20:13:09 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: The IESG <iesg@ietf.org>, uta@ietf.org, uta-chairs@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org
Message-ID: <20190228021309.GX53396@kduck.mit.edu>
References: <155072491254.20210.15187912705241578950.idtracker@ietfa.amsl.com> <290706DA-2C5E-4255-8BB7-C6951B385CD6@dukhovni.org> <20190227193541.GR53396@kduck.mit.edu> <20190227201204.GW916@straasha.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190227201204.GW916@straasha.imrryr.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(376002)(136003)(396003)(39860400002)(2980300002)(199004)(189003)(93886005)(186003)(26005)(47776003)(97756001)(104016004)(2201001)(86362001)(106002)(14444005)(36906005)(336012)(126002)(58126008)(476003)(486006)(956004)(110136005)(316002)(786003)(33656002)(426003)(16586007)(11346002)(446003)(2906002)(8676002)(246002)(75432002)(8936002)(88552002)(6246003)(305945005)(46406003)(55016002)(50466002)(106466001)(7696005)(76176011)(26826003)(478600001)(53416004)(229853002)(450100002)(5660300002)(1076003)(356004)(23726003)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BL0PR01MB4849; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; A:1; MX:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 1d03b7b7-981d-4cce-0f7d-08d69d224b1f
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:BL0PR01MB4849;
X-MS-TrafficTypeDiagnostic: BL0PR01MB4849:
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4849; 20:2/LScfeAevKoRahEMPLwHWTt44MuJSfg5i0O6oaC+sk82t59HDQk5buVmqR+O/AXfQJ8WTNaM771TWP+k+La/EQf13483nIG3IuPXQXFRMZc/YX8Aq7WPcJANMLXxEqTlGDToqvN4DP3Kn1EHc5qHYRRjlm/UvOKQTCie72Pyx3BtjynI6Y0Cvs0vo5KpJSmnTXkCAUuSUsBV2cxDkH/LgrODKNfaJ4/XJBOzvEY3PDuAZBZbq9Y6lz0nlDa7O0hgqNP9R3pw37MH3J5+HcITLcWjw17qIkQUzpanEEQbaAO9vu5Yj3DDOo03TYemXhRn901jXyusfGyTE+LrOsFlxShAn2Ss7ui1wCpZf+hhoccEd4Khg+rUpOaeZDvUyxmNRSpUCEL2WXhynyhT4P4+OwWJ4vdv9Ke9dcakgpX0A7wFEGpmRaZ8JoEdePgrAxT4kOJh/xK59EPzK2w90PJn/WRS255tSE0j+cYkz5QMI8BKGFIDW7KJjeTH+oHcfgu0KYRXf52S7fUI5IH9YkvgbNi2MhbpDjFM2OJHyeBMeTypla9V9RBQy+zdkoYkQ90v29T+sCJ9tfQh138C9VJhyHhUcstQgdqlPZ3ERuu3Bc=
X-Microsoft-Antispam-PRVS: <BL0PR01MB484981859913AC5702380003A0750@BL0PR01MB4849.prod.exchangelabs.com>
X-Forefront-PRVS: 0962D394D2
X-Microsoft-Exchange-Diagnostics: 1; BL0PR01MB4849; 23:vct8NcgjCl8BeCPm3HDqYxWWaueTdXAWEn9n/T2d1huU5qnmVtVuHXHYSGDCcLIKJSGIVIglKFxgvv0ffENjdNoMQEdKJYrTpMuT9OAOoxMVJ4icTlk+GgHH+5mweGsYyqlEzios6wzV9ujh/8qwd4mB4b/2LIqHyI0zIVEGCmPFx+UHrPu5EpKIZjTTwMU3IUDqSOhjUgP5hmoYzptyb4U6boFGVNq06e7Mi0cq4zf6/bJCUx8qyhktNlOan4GDFe5IdEutKDgdFTdK6vqif00DcmdieNvIL4R2w5tDZaxnkdoAgL8FYYgs7Dw62em0o1SbQ+A4iUYNmdCeGLL7tOFhQwyW5FPtzpqgXYbgKGihA7cLBN9UcIA42IH66tTPfHLnhKYCuBWQxktct1dNQN9HZxL7hveTs6BY7UnzZrbo7Zja+fzihUKtBna/1FABvQjowK+lq1tKSeeBhUaUQywRW33EYVNO3J4iOiGsemVXP+vTIAfGwbi8YIEqagO7ja9pIWffdnFyEfAXAndzaJidv+rLnyvlWk3SAWqKTooMPUQAWx/+rndiY8Dd1XTvj+fiU64XWRm88lL5/ntBoiK+5Cs/mEzRnzeZ9NqhT71UtrlbEefj286bLSriA7oc+hiWkdU0ZxFjct1/zhcNEEuPSLP9HtuEDsuV58eSF+l4vU8ny2b5H/kTc88XuaHQOydJSbAf4XSLKSw1R4Tcv1tD0iUHAS/yUYbhw2kwNA5BuK4MgO4VO+i1X1FUYaIZh5nBG7JSlCCUfbvcj079onXdt+6tD7+a5T2ZctuBGwBPIbeFJsBf3WHMsVnbO0OBn1kKrT/xypb/m4fi0QE1qI7z7ChY4CPnuMN+Y20o1ZhKSUhysEyaP26i2a3mptrCAY+t84cHgir0BbOhemM9BLcrsJZffxAn7j7p9/3zhRspfjh5dfvlSCZNt+/I0Qgs5EB8u3o3xXs9aNYMojZ1SaNTVkGpS0Tdeg6VyHumvuIVvfGydx7a3EDPJxGXO3P1laI9llwBDEy0s4N68b8YLJyxGnlHgkew8EgO2nZjebjfIJ4ZYy4YvNmo5vcbOYgly5utBvZhwYPQVV79gQecWFSCmqoy6/VbACWxKb+A4KVdKu9C3HcBvSag05F538H5UjtGc41viDZNSu57DlGfOTVDa+BLfYu10EM4lcZWU4nnEyjtmBd/dxhqHtypE1rAVUgfGicjHnf57dumeqUbiZ+EKY1A616vQ3JLyvMQ7p8=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: 50FGDzL6arIAsBJxABXmw/ak8qA6xVZ9KYMFMLBPDPeAzjnj/0jwFomdshd5WoPOD92a6C71POHW7sfhcywD3WUzpiMvZZI+w0IxNqtXBoMJiS+O+LlCaNYzJkJdh68CcYSJmZiYYHrQTNt/wkIzTdDre2O/FCI8pZ4b7YExq3m65pa5uszbw3A5QmHiaB8aueKw7N4Kw8+xSkBkz/LpTBmM+u97+mKWyMOoUhl63z7ZDIW4WDcMp49de2I+n0FWLf7JsWBIaU54jcPLRk/Ofh7eQv+29ILnnk6nShVSkaW4YcMtXaPT3NAjzCHlTMHbJZ6sHWhUb8H5vxMd1cMbvA24tRHEz4/d2OHLe1EqbLIIwv7FyWVU8/vc+0Q1w4TxgrNKM9xcBFrK6Vcf/8S35k2CDmjk/6DGKHYmVKuGr5E=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2019 02:13:13.0176 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 1d03b7b7-981d-4cce-0f7d-08d69d224b1f
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR01MB4849
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/C37OX5ldSodTTvoWRisIYFb25SY>
Subject: Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 02:13:20 -0000

On Wed, Feb 27, 2019 at 03:12:04PM -0500, Viktor Dukhovni wrote:
> On Wed, Feb 27, 2019 at 01:35:42PM -0600, Benjamin Kaduk wrote:
> 
> > It seems like implicit in this stance is a belief that DANE and/or MTA-STS
> > as currently specified are flawed, in that they do not have a reasonable
> > path to substantial deployment (in bounded time).
> 
> REQUIRETLS "no", is essential for at least the "postmaster" address
> (in the rare cases when that still works), or some address scraped
> from the destination domain's website, found in the few WHOIS records
> that still list contact addresses, or in a working DNS SOA "mrname".
> When all else fails, the user can notify the peer end user on the
> receiving domain to contact his postmaster, open a support ticket etc.
> 
> Both specifications do a fine job of specifying the recipient's
> preferred policy.  No specification, regardless of the details, can
> ensure that the recipienet lives up to the promised service level.
> 
> DANE, MTA-STS, any superior design or security-theatre-de-jour, will
> still lead to cases where security degrades delivery.  At the very
> least one needs to be able to exempt delivery to the email address
> of the domain contact.
> 
> And when all else fails, and the message is just "let's do lunch",
> nothing will be more effective than a clear user choice to deliver
> anyway.  This a fact of life, and not a defect in DANE or MTA-STS.

If it's a fact of life; why was the capability to do so not built into DANE
or MTA-STS?  It really does seem like a defect, the way you're portraying
it: the stated goal of the spec is at odds with reality, and reality is not
going to break.  So, yes, as you say below, my point is that they should
have provided an end-user opt-out from the outset, and if this document now
is to provide that opt-out, it should be treated as an update that remedies
the omission.

-Benjamin

> The need is intrinsic to multi-hop asynchronous delivery, by providing
> the equivalent of the "press OK" to skip various warnings in
> end-to-end interactive applications.
> 
> If your point is that DANE and MTA-STS should have provided an
> end-user opt-out from the outset, maybe so, but I should note that
> RequireTLS entered the UTA queue about the same time as MTA-STS,
> and with the understanding that the "no" mechanism will be a useful
> complement for both MTA-STS and DANE or any other techology which
> by defers delivery in the face of apparent active attacks (which
> are often simply operational negligence on the receiving end).
> 
> -- 
> 	Viktor.
>

v2.23.0 | Report a Bug | By Email