Re: [Uta] Oppurtunistic DANE TLS
"Olle E. Johansson" <oej@edvina.net> Mon, 10 February 2014 06:51 UTC
Return-Path: <oej@edvina.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349111A07B0 for <uta@ietfa.amsl.com>; Sun, 9 Feb 2014 22:51:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.551
X-Spam-Level:
X-Spam-Status: No, score=-1.551 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z2YFdjFiMz5d for <uta@ietfa.amsl.com>; Sun, 9 Feb 2014 22:51:05 -0800 (PST)
Received: from smtp7.webway.se (smtp7.webway.se [IPv6:2a02:920:212e::205]) by ietfa.amsl.com (Postfix) with ESMTP id B6F101A05A5 for <uta@ietf.org>; Sun, 9 Feb 2014 22:51:05 -0800 (PST)
Received: from [192.168.40.13] (h87-96-134-129.dynamic.se.alltele.net [87.96.134.129]) by smtp7.webway.se (Postfix) with ESMTPA id 6B2E593C2A2; Mon, 10 Feb 2014 06:51:05 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: "Olle E. Johansson" <oej@edvina.net>
In-Reply-To: <11FC4C44-9FD7-42BD-9A85-3AED9C8BFF23@edvina.net>
Date: Mon, 10 Feb 2014 07:51:04 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <A1F9F4A3-70BF-4244-B9DC-520104AF6BD9@edvina.net>
References: <11FC4C44-9FD7-42BD-9A85-3AED9C8BFF23@edvina.net>
To: uta@ietf.org
X-Mailer: Apple Mail (2.1827)
Cc: Olle E Johansson <oej@edvina.net>
Subject: Re: [Uta] Oppurtunistic DANE TLS
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 06:51:07 -0000
On 10 Feb 2014, at 07:45, Olle E. Johansson <oej@edvina.net> wrote: > Hi! > > The DANE working group has a draft about Oppurtunistic DANE TLS. As Paul has a draft that defines Oppurtunistic TLS, I thought it would be a good thing to be aware of in this group. Here's the author's definition: > > "opportunistic DANE TLS: Best-effort use of TLS, resistant to > downgrade attacks for destinations with DNSSEC-validated TLSA > records. When opportunistic DANE TLS is determined to be > unavailable, clients should fall back to opportunistic TLS below. > Opportunistic DANE TLS requires support for DNSSEC, DANE and > STARTTLS on the client side and STARTTLS plus a DNSSEC published > TLSA record on the server side." > > http://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-05 > Missed copy/paste of the second part: " (pre-DANE) opportunistic TLS: Best-effort use of TLS that is generally vulnerable to DNS forgery and STARTTLS downgrade attacks. When a TLS-encrypted communication channel is not available, message transmission takes place in the clear. MX record indirection generally precludes authentication even when TLS is available."
- [Uta] Oppurtunistic DANE TLS Olle E. Johansson
- Re: [Uta] Oppurtunistic DANE TLS Olle E. Johansson
- Re: [Uta] Oppurtunistic DANE TLS Paul Hoffman