Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
Jim Fenton <fenton@bluepopcorn.net> Fri, 15 April 2016 05:38 UTC
Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B6F12E74E for <uta@ietfa.amsl.com>; Thu, 14 Apr 2016 22:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.996
X-Spam-Level:
X-Spam-Status: No, score=-2.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rM3k0bGEqXMN for <uta@ietfa.amsl.com>; Thu, 14 Apr 2016 22:38:14 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57E9212E74D for <uta@ietf.org>; Thu, 14 Apr 2016 22:38:14 -0700 (PDT)
Received: from splunge.local (c-50-136-244-117.hsd1.ca.comcast.net [50.136.244.117]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.3/8.14.3/Debian-9.4) with ESMTP id u3F5cCRR019717 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 14 Apr 2016 22:38:13 -0700
To: uta@ietf.org, Chris Newman <chris.newman@oracle.com>
References: <570C0CD2.9030401@cs.tcd.ie> <20160411212128.GA26423@mournblade.imrryr.org> <CANtKdUekXNkVvsfq0UjCiaaPVBgoVGfrfnYUrdoOf0EegXMuPg@mail.gmail.com> <20160413014304.GB26423@mournblade.imrryr.org> <CANtKdUf0kN5aOmX0-NsyQXz_+PRGfaXa37DFZoCX3FqdYh5CpA@mail.gmail.com> <etPan.570e8549.3d8c14b4.1614d@jcaps-rd2.us.oracle.com>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <57107E44.3040108@bluepopcorn.net>
Date: Thu, 14 Apr 2016 22:38:12 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <etPan.570e8549.3d8c14b4.1614d@jcaps-rd2.us.oracle.com>
Content-Type: multipart/alternative; boundary="------------010403080606050808010506"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1460698693; bh=gAWEwllEfm23RJ3ytJ4Evh8t8Iq2qFPsWaSXUYb13mk=; h=Subject:To:References:From:Date:In-Reply-To; b=TEgb1LL424ieiTo3IjD8Q38NAjuXPievCF2LRtzM/gSj5c0ZK1FFxXOmKIHobHH/W dqOyiWPFIaCBnrJozw7jGT7N74/tCjaMN7np0ULsTgxpwexSMUupgisYVnDioK8imD PiswzHJltZedfLeySgMWFlQK25vemKQ8JygiMSxM=
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/S5HSfmwlLxFggrd2HlxPXXr8VAM>
Subject: Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Apr 2016 05:38:16 -0000
On 4/13/16 10:43 AM, Chris Newman wrote: > DANE is merely one method of validating a certificate, there can also > be SMTP policy orthogonal to DANE. Take for example, DEEP’s “tls11” > and “tls12” directives. Those specify a minimum acceptable version of > TLS for future connections. Although we haven’t debated yet whether to > include those in SMTP relay policy, I think it would make sense to > include those directives, particularly given the problems we’ve seen > with old versions of TLS causing real security problems. And there may > be future policy directives we want that are even more compelling. So > the question is where to put SMTP relay security policy that is > orthogonal to DANE. Seems like wherever we choose to put the policy > for SMTP relay STS (whether in a DNSSEC-protected DNS record, HTTPS > well-known or SMTP+STARTTLS), that’s where we should always look for > SMTP relay policy. > > When you're deciding whether to publish an encryption policy, it's important to consider whether there's a downgrade attack. Fundamentally, we're trying to deal with a situation where an intermediary can interfere with the negotiation of encryption, or whether an impostor server can claim not to support encryption in an effort to avoid a requirement to authenticate itself as would happen when TLS is negotiated. I don't know the details of what TLS 1.2 fixes in TLS 1.1, but I would only include tls11 and tls12 directives if there is a downgrade attack where the attacker can claim to only support TLS 1.1 and not 1.2 and benefit from that. Unless there is something about certification verification that can be exploited, the impostor server attack isn't possible because the impostor would have to authenticate to negotiate TLS 1.1 as well. Similar situation for the intermediary/MITM. Is there actually something in TLS 1.1 that can be exploited by these sorts of attackers? If not, I wouldn't include those directives. -Jim
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Jim Fenton
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- [Uta] "webby" STS and DANE/DNSSEC co-existence Stephen Farrell
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Mark Risher
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Neil Cook
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Neil Cook
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Neil Cook
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Neil Cook
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Chris Newman
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Binu Ramakrishnan
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Daniel Margolis
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Jim Fenton
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Aaron Zauner
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Eric Rescorla
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Jim Fenton
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Chris Newman
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Jim Fenton
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Viktor Dukhovni
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Chris Newman
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence =JeffH
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Stephen Farrell
- Re: [Uta] "webby" STS and DANE/DNSSEC co-existence Leif Johansson