IETF Logo Mail Archive

Re: [Uta] draft-ietf-uta-mta-sts-07 STS policy removal.

Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 08 August 2017 14:30 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 585EA1323C0 for <uta@ietfa.amsl.com>; Tue, 8 Aug 2017 07:30:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bBWAsXLhRW-f for <uta@ietfa.amsl.com>; Tue, 8 Aug 2017 07:30:23 -0700 (PDT)
Received: from welho-filter4.welho.com (welho-filter4.welho.com [83.102.41.26]) by ietfa.amsl.com (Postfix) with ESMTP id 1A4191323BC for <uta@ietf.org>; Tue, 8 Aug 2017 07:30:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter4.welho.com (Postfix) with ESMTP id C4A8E97A82; Tue, 8 Aug 2017 17:30:20 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter4.welho.com [::ffff:83.102.41.26]) (amavisd-new, port 10024) with ESMTP id NF_BgGore4vd; Tue, 8 Aug 2017 17:30:20 +0300 (EEST)
Received: from LK-Perkele-VII (87-92-19-27.bb.dnainternet.fi [87.92.19.27]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 889452313; Tue, 8 Aug 2017 17:30:18 +0300 (EEST)
Date: Tue, 08 Aug 2017 17:30:18 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Daniel Margolis <dmargolis@google.com>
Cc: uta@ietf.org
Message-ID: <20170808143018.m6zqnapcnkiushfq@LK-Perkele-VII>
References: <149874228049.6468.6647983832951662733@ietfa.amsl.com> <20170807215520.GM8146@mournblade.imrryr.org> <CANtKdUfJs=p-jiZ-QQ6Mk=iKh_2h6=596SYWLJ=mJsf61R0=9g@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CANtKdUfJs=p-jiZ-QQ6Mk=iKh_2h6=596SYWLJ=mJsf61R0=9g@mail.gmail.com>
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/EoXCkAlXAyMSSzk206Jv8iAsuvM>
Subject: Re: [Uta] draft-ietf-uta-mta-sts-07 STS policy removal.
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Aug 2017 14:30:25 -0000

On Tue, Aug 08, 2017 at 08:58:03AM -0400, Daniel Margolis wrote:
> Hi, Viktor,
> 
> Thanks for the thorough writeup. A question about the "requirements" stated:
> 
> 1.  We need to provide a means for a domain to transition
> >     from having an STS policy to not having an STS policy.
> > 2.  The transition process should not look like failure to
> >     obtain the policy, generating warnings in the logs that
> >     don't look different from an active attack.
> > 3.  It should be possible to remove policy in a timely manner.
> 
> 
> What do you mean by "remove" and "not having" a policy? What specific
> behavior do you want from senders?
> 
> E.g. senders will stop
> 
> a) performing any kind of certificate validation checks per the policy?
> b) making reports based on those checks?
> c) any change in delivery behavior based on those checks?
> d) maintaining a policy cache entry for the recipient domain?

The way I understand the request, it is full clear of policy, that is:

- The existing policy is (immediately) invalidated.
- The policy cache entry for the recipient is deleted.

And since there is no policy anymore:

- All certificate validation per the policy ceases.
- All reporting per the policy ceases.
- There is no difference in delivery behavior (for future deliveries)
  from STS policy having never existed.


This is similar behavior with what happens with HSTS if valid HSTS
header with max-age=0 is ever received: The HSTS policy is instantly
deleted and the name reverts to non-HSTS operation (http:// connections
work and certificate errors can be clicked through).


-Ilari

v2.23.0 | Report a Bug | By Email