Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.txt> (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard
Dave Cridland <dave@cridland.net> Thu, 12 April 2018 09:27 UTC
Return-Path: <dave@cridland.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A0E86126B6D for <uta@ietfa.amsl.com>; Thu, 12 Apr 2018 02:27:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cridland.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uNlUWOKSaQwM for <uta@ietfa.amsl.com>; Thu, 12 Apr 2018 02:27:27 -0700 (PDT)
Received: from mail-lf0-x22c.google.com (mail-lf0-x22c.google.com [IPv6:2a00:1450:4010:c07::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39F96124F57 for <uta@ietf.org>; Thu, 12 Apr 2018 02:27:27 -0700 (PDT)
Received: by mail-lf0-x22c.google.com with SMTP id d20-v6so6684716lfe.3 for <uta@ietf.org>; Thu, 12 Apr 2018 02:27:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cridland.net; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=VjjuYOh18m+L//mC6kZ0Q5zwW3gmNUh8C9XKbSxKBDc=; b=avLJUiLVdp5X1I5AA+3S8mjC5MXf2kYBBt7IduT+Bd9Z11Ao/S6JshdKZS2q+Ot99F aSuPQhNGTKRJYZgppUy/xuEE+PSPKrzl3kQf2luUGCdZCeU8Rv6zRnEoD47Cy4P+c+N/ GqA8v3ZGvcM+4vPAtlHIkmmTxouc6pXKlXB0Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=VjjuYOh18m+L//mC6kZ0Q5zwW3gmNUh8C9XKbSxKBDc=; b=SvfaOoxPU7TMe9ioxlhHeMlutbOa5slhoGdxuHfoXYBkuZOu9Sq5O/gPc0KDlI9FHj e9q1/rzh1mCMMQobdJb5kK9R1YzBXvwVBi5/VjNAUXKVGfVTkITX3WT9dfqJx8kdI8Dd z44qY9Hq3Q2pnUz9C1Y15AT2Dem9mva8ZqtlpZn3/AAzom7PbsBworWSSB6O/Hlfctlz nFx4zmBAK5XF8C5w3GVBa7uYuZRfEoMKLYredfYPhUQGHv9a/J6ABdmN1IVRCbp3v/cf yPwsibkLZRKIk0OENNlnp3mW5Vpjc4cIO0dtwkTXQX1H9pS1hbSi6y+TVdbZZGQdrbug Pycw==
X-Gm-Message-State: ALQs6tDNWq2jNTxRpCATfHYTPHqDwD0z9NZ1IMkIqcdAEJAeeW1x8RXF 3yHe3TpnEVvW/Isn5PqJp19RL7NoLrpZ20932xU2mLb5
X-Google-Smtp-Source: AIpwx48TM5yRbR2oTYEHvyWtYjruZr75Wo73taEyf0i0QoIw+qjPzse0Juh6HI8W79pEdvEzivm/P+CMhZzIXDjMn/o=
X-Received: by 10.46.134.89 with SMTP id i25mr100931ljj.121.1523525245443; Thu, 12 Apr 2018 02:27:25 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.179.71.202 with HTTP; Thu, 12 Apr 2018 02:27:25 -0700 (PDT)
In-Reply-To: <3D9206C8-925A-4993-83BA-587E1CA8E0FC@dukhovni.org>
References: <CAKHUCzwes5vHjBSDqYXkvGRCGPeSPnqNgsJ2J_tDzF2FG+RuMg@mail.gmail.com> <FFB5B96A-E0BA-47D6-987F-245C7243012C@dukhovni.org> <CAKHUCzyOUqsONrxSLOXk9wZrUCRiBTw6mrHPsHkYQk87DyV0HA@mail.gmail.com> <3D9206C8-925A-4993-83BA-587E1CA8E0FC@dukhovni.org>
From: Dave Cridland <dave@cridland.net>
Date: Thu, 12 Apr 2018 10:27:25 +0100
Message-ID: <CAKHUCzy5h6tvJMqFzDY1Ot1qFjkK=XVQTf-Q9baBnKKPOuv+cQ@mail.gmail.com>
To: "ietf@ietf.org Discussion" <ietf@ietf.org>, uta@ietf.org
Content-Type: multipart/alternative; boundary="f4f5e80eea8c0fb5970569a35db4"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/DVJ91oRj7Bq_ro1SdwmTGwz83_E>
Subject: Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.txt> (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Apr 2018 09:27:31 -0000
On 12 April 2018 at 03:23, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: > > > > On Apr 11, 2018, at 6:52 PM, Dave Cridland <dave@cridland.net> wrote: > > > > Well, one assumes that an MTA gives out the policy for the MTA, not the > domain, but otherwise I take your points. I don't think that we'd end up in > a place markedly different, with the exception that it'd be MTA policy > rather than domain policy. > > Unfortunately, per-MTA rather than per-domain policy entirely loses all > protection against active attacks when the MX RRset is not secure. The > MiTM just forges the MX RRset, yielding new hosts for which no policy > is stored. > > I can see I'm in the rough here, but I'm still unconvinced there's any real difference between forging the MX RRset or forging the TXT record. FWIW, POSH acted after the certificate had failed to validate by other means, and performed a direct HTTPS call without querying DNS, so didn't have this shortfall, while acting as a pure fallback. > >> For the record, I'd still rather see the providers in question > implement DANE, and this should be increasingly doable as they move their > email servers to dedicated domains (e.g. in Google's case many new > customers are on googleemail.comMX hosts, rather than the legacy > aspmx.l.google.com et. al.). So I see STS as a transitional technology > that buys time. I am not advocating STS, but I recognize that there's an > operational reality that makes DANE difficult for the large providers at > present. > > > > I can sympathise with that, but MTA-STS is not built as a transitional > technology. > > Time will tell. Either approach may yet fail to gain much traction. > So, yes, we can't assume that MTA-STS is transitional, that's mostly how > I like to think of it... > > I think the two are subtly incompatible at the moment in some cases, and the flow involved means sending MTAs need to find out the policy prior to connecting. > >> The reason for MX patterns is to avoid the operational pain of having > to always update one's MX RRset in two places (in DNS and on a web > server). A domain with an MX RRset > >> of the form: > >> > >> example.com. IN MX 0 mx1.mail.example.com. > >> example.com. IN MX 0 mx2.mail.example.com. > >> > >> would be able to specify a stable MTA-STS policy of: > >> > >> mx: .mail.example.com. > >> > >> and later change the MX RRset to: > >> > >> example.com. IN MX 0 mx1.mail.example.com. > >> example.com. IN MX 0 mx2.mail.example.com. > >> example.com. IN MX 0 mx3.mail.example.com. > >> example.com. IN MX 0 mx4.mail.example.com. > >> > >> without having to update the MTA-STS policy. > > > > If we assume that the MTA-STS document will always be created manually. > But the only POSH-supporting provider I could find generates the POSH JSON > document for their customers; it's trivial for a provider to do. > > There will be all kinds of implementations, and all kinds of ways for > operators to mess up their deployment. Making it easier to not mess up has > a very high priority from my perspective. Overly brittle security gets > turned off. > > I agree; which is why I both suspect and hope these policy documents will be generated by the providers. > > I genuinely feel that matching a pattern against another pattern is > introducing an unnecessary complexity into a security protocol. > > This is not difficult, OpenSSL has supported this type of peername > matching for some time, with the API simplified in 1.1.0: > > https://www.openssl.org/docs/man1.1.0/ssl/SSL_set_hostflags.html > https://www.openssl.org/docs/man1.1.0/ssl/SSL_add1_host.html Well, I never knew that this API supported wildcard matching against wildcards. I still think this is wrong, but it's wrongness that's been implemented already so I'll assume it's too late to fix. > In any case, if the MX RRset changes in that way, an administrator has to > check each certificate to see what the dNSNames are anyway, surely? > > Only if they don't already know that what's in the policy. If their > design has a fuzzy MTA-STS policy of ".mail.example.com" and their > operational practice is to always name MX hosts "mx<N>.mail.example.com" > for some value of <N>, then they don't need to check anything when adding > or removing MX hosts. > Well, yes, but the clearest way for the provider to communicate that policy is just to provide the policy file, as I say, in which case it makes no odds. But if this is already in OpenSSL, then I suppose it's a moot point. Dave.
- [Uta] Last Call: <draft-ietf-uta-mta-sts-15.txt> … The IESG
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… ned+uta
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Dave Cridland
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… ned+uta
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Viktor Dukhovni
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Viktor Dukhovni
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Dave Cridland
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Dave Cridland
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… ned+uta
- [Uta] Digression on DANE for MTAs implementation … Viktor Dukhovni
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Viktor Dukhovni
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Dave Cridland
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Dave Cridland
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Viktor Dukhovni
- Re: [Uta] Last Call: <draft-ietf-uta-mta-sts-15.t… Daniel Margolis