IETF Logo Mail Archive

Re: [Uta] Comments on draft-ietf-uta-mta-sts-03

Daniel Margolis <dmargolis@google.com> Mon, 27 March 2017 11:41 UTC

Return-Path: <dmargolis@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B92BD124BE8 for <uta@ietfa.amsl.com>; Mon, 27 Mar 2017 04:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l1CzdBb3ZuKb for <uta@ietfa.amsl.com>; Mon, 27 Mar 2017 04:41:08 -0700 (PDT)
Received: from mail-it0-x22c.google.com (mail-it0-x22c.google.com [IPv6:2607:f8b0:4001:c0b::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 51FC2129504 for <uta@ietf.org>; Mon, 27 Mar 2017 04:41:08 -0700 (PDT)
Received: by mail-it0-x22c.google.com with SMTP id 190so49036248itm.0 for <uta@ietf.org>; Mon, 27 Mar 2017 04:41:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=3rEg74fx/lBK0y0CGinOHtbCzwM8aXRK27xahxonLaw=; b=AmL66wR3B2S3I6lLMWBVj+iRXz2zBRQmJcxsVCm6SizCZXpnwouIjg6/U+mP9g969M 7YjphtCvsgT8Aym+y00rBc5qLJlWITMjTS+iJ3CEXW/19+UdFQ9KhtHl4GTF1qTcdUhf rIVpwFJ4m6uNGQ2jklT0dczKn0gJRF2UwZRN5MjRkTXDLownKMiJQjUJzyvAZ7R1ggIu VGEpGlsedxi2xXLwUNcJkvwXdmSF81xys0ejsCkYsLnEeULqpnal07BvsbgbRxqqe1aw oL+rx2W70bbRxpJc2+UWVrZmMFsZVFuN3EfjNwE6gT1Z4vnQ/NarjiqqTmurPZY0HItF 5ABA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=3rEg74fx/lBK0y0CGinOHtbCzwM8aXRK27xahxonLaw=; b=B2Cbwr7MzaYu9/aenr/JFOGSuav6XHnIj3KhhXomZ2dnk/czLiKJcKiVkF+k8KoAsG J93wC0iA5o49yww4FF5qbP+5/m0V9QeZ2tGrElj+7ipdRNwx0Txo4atLNGX7X5aJhJbL NtrHHaZNy99xWoFrz2rVRjcdvq88JlbL8mORbl7JVOWMYQoDPGA5qUpV4kS4xFanh8QI OCGW2ed2uMPyU3uudo1bqHhmGkzgXrqggfkYwV8ISl6Ga9/2faibbz5v1m0l8PWVI16m P7bEOSR6Y6Ns7Wzuva/wtNX7IxMEwzjrHzZnnN/hVsABI269oN/a1vgGBeEItrAHrLws 5E1w==
X-Gm-Message-State: AFeK/H0/RuVPT5nxZTjTl90dnz4g9/ywGV1VfTIEr78AA3XKBz0iVeKQ8Y3bQvcPFWAjj/gKUXUoPuXQLDpJw0I3
X-Received: by 10.107.172.134 with SMTP id v128mr23037734ioe.49.1490614866932; Mon, 27 Mar 2017 04:41:06 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.39.215 with HTTP; Mon, 27 Mar 2017 04:41:05 -0700 (PDT)
In-Reply-To: <BF2CE255-261C-4006-B8C9-9D9518EF258F@dukhovni.org>
References: <d42e535b43f14fc68b9b3e22cdff2e51@EXC01-Arezzo.diennea.lan> <BF2CE255-261C-4006-B8C9-9D9518EF258F@dukhovni.org>
From: Daniel Margolis <dmargolis@google.com>
Date: Mon, 27 Mar 2017 13:41:05 +0200
Message-ID: <CANtKdUffuLwo--4KY7XL3NsZanUcjat1MUmZF7-H_UYBergdSA@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a1148d5d4ae07a4054bb4d146"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/GKDKtJr5Q0zbcpzFZqv3xHjtoIE>
Subject: Re: [Uta] Comments on draft-ietf-uta-mta-sts-03
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 11:41:11 -0000

I like your text, Federico:

"If a MTA-STS TXT record is found but no policy can be fetched from the
HTTPS endpoint, and there is no previous cached policy, then senders
MUST assume the recipient domain does not implement MTA-STS."

I will get this into the latest draft. :) (This was previously implied
anyway by the fact that a failure to find a policy means there's no policy,
but it's not so clear as you make it with this edit.)

Regarding the threat of DoS'ing policy lookup until expiration has passed,
as Viktor notes, this is party mitigated by opportunistically fetching new
policies every so often (e.g. when delivering to the domain); Viktor has
previously suggested we call this out more explicitly in the draft (i.e.
that we suggest implementors seek some strategy to keep caches fresh).

In this scenario, I do still feel that there's some gap in a mechanism
(say, via TLSRPT) to allow senders who have non-expired policies from a
recipient domain to tell the recipient domain that they're having trouble
fetching that domain's policy, but the solution is not obvious to me and, I
think, of a lower priority--if you can DoS policy lookup for order of
months, you can potentially foil first discovery, too. And ultimately
long-lived DoSes are the kinds of things to best be discovered through
other transparency and reporting tools--https://gmail.com/postmaster/,
discussions on the IETF list, etc. ;)

Anyway, I'm very open to suggestions on how to make this more transparent
within the scope of TLSRPT, but I don't love the idea of adding policy
complexity by letting recipients specify what to do in this scenario.


On Mon, Mar 27, 2017 at 10:21 AM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

>
> > On Mar 27, 2017, at 4:08 AM, Federico Santandrea - Diennea <
> federico.santandrea@diennea.com> wrote:
> >
> >
> > Let's suppose the sending MTA finds the MTA-STS TXT record, which states
> > the receiving domain has an MTA-STS policy. The draft says "To discover
> > if a recipient domain implements MTA-STS, a sender need only resolve a
> > single TXT record". But what happens when the sending MTA can't fetch
> > the actual policy via HTTPS?
>
> Keep it simple.  It is just as easy to block access to the TXT record as
> to block access to the HTTPS site.  The TXT record is just an efficiency
> aid, so that MTAs don't have to attempt costly HTTPS connections (that
> typically time out) to domains with no STS records.
>
> Therefore, when the TXT record exists, but STS policy access fails, the
> right action is to assume no policy (regardless of whether this is a
> true first contact, or whether a previously cached policy had expired).
>
> STS is vulnerable to attack when no cached policy exists.  Once the
> cache is primed, email to destinations that receive ongoing traffic
> will continue to have unexpired policy data, because the sender
> should do proactive refresh of the policy before it expires.
>
> For first contact, or domains that don't receive sufficiently regular
> mail, STS is vulnerable to downgrade attacks.
>
> So the right behaviour with TXT records that don't lead to a policy,
> is to continue as though there is no policy.
>
> Indeed with Postfix (if/when STS is implemented) I'm likely to
> always do STS policy lookup in the background, in which case
> the first (more than one if concurrent) message(s) to a domain
> will always go out with opportunistic TLS, and secure delivery
> will only begin once the background policy retrieval succeeds.
>
> Delaying delivery while waiting for remote HTTPS lookups to
> complete is not especially appealing.
>
> --
>         Viktor.
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>

v2.23.0 | Report a Bug | By Email