IETF Logo Mail Archive

Re: [Uta] "webby" STS and DANE/DNSSEC co-existence

Jim Fenton <fenton@bluepopcorn.net> Fri, 15 April 2016 05:38 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75B6F12E74E for <uta@ietfa.amsl.com>; Thu, 14 Apr 2016 22:38:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.996
X-Spam-Level:
X-Spam-Status: No, score=-2.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rM3k0bGEqXMN for <uta@ietfa.amsl.com>; Thu, 14 Apr 2016 22:38:14 -0700 (PDT)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57E9212E74D for <uta@ietf.org>; Thu, 14 Apr 2016 22:38:14 -0700 (PDT)
Received: from splunge.local (c-50-136-244-117.hsd1.ca.comcast.net [50.136.244.117]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.3/8.14.3/Debian-9.4) with ESMTP id u3F5cCRR019717 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 14 Apr 2016 22:38:13 -0700
To: uta@ietf.org, Chris Newman <chris.newman@oracle.com>
References: <570C0CD2.9030401@cs.tcd.ie> <20160411212128.GA26423@mournblade.imrryr.org> <CANtKdUekXNkVvsfq0UjCiaaPVBgoVGfrfnYUrdoOf0EegXMuPg@mail.gmail.com> <20160413014304.GB26423@mournblade.imrryr.org> <CANtKdUf0kN5aOmX0-NsyQXz_+PRGfaXa37DFZoCX3FqdYh5CpA@mail.gmail.com> <etPan.570e8549.3d8c14b4.1614d@jcaps-rd2.us.oracle.com>
From: Jim Fenton <fenton@bluepopcorn.net>
Message-ID: <57107E44.3040108@bluepopcorn.net>
Date: Thu, 14 Apr 2016 22:38:12 -0700
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <etPan.570e8549.3d8c14b4.1614d@jcaps-rd2.us.oracle.com>
Content-Type: multipart/alternative; boundary="------------010403080606050808010506"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1460698693; bh=gAWEwllEfm23RJ3ytJ4Evh8t8Iq2qFPsWaSXUYb13mk=; h=Subject:To:References:From:Date:In-Reply-To; b=TEgb1LL424ieiTo3IjD8Q38NAjuXPievCF2LRtzM/gSj5c0ZK1FFxXOmKIHobHH/W dqOyiWPFIaCBnrJozw7jGT7N74/tCjaMN7np0ULsTgxpwexSMUupgisYVnDioK8imD PiswzHJltZedfLeySgMWFlQK25vemKQ8JygiMSxM=
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/S5HSfmwlLxFggrd2HlxPXXr8VAM>
Subject: Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Apr 2016 05:38:16 -0000

On 4/13/16 10:43 AM, Chris Newman wrote:
> DANE is merely one method of validating a certificate, there can also
> be SMTP policy orthogonal to DANE. Take for example, DEEP’s “tls11”
> and “tls12” directives. Those specify a minimum acceptable version of
> TLS for future connections. Although we haven’t debated yet whether to
> include those in SMTP relay policy, I think it would make sense to
> include those directives, particularly given the problems we’ve seen
> with old versions of TLS causing real security problems. And there may
> be future policy directives we want that are even more compelling. So
> the question is where to put SMTP relay security policy that is
> orthogonal to DANE. Seems like wherever we choose to put the policy
> for SMTP relay STS (whether in a DNSSEC-protected DNS record, HTTPS
> well-known or SMTP+STARTTLS), that’s where we should always look for
> SMTP relay policy.
>
>
When you're deciding whether to publish an encryption policy, it's
important to consider whether there's a downgrade attack. Fundamentally,
we're trying to deal with a situation where an intermediary can
interfere with the negotiation of encryption, or whether an impostor
server can claim not to support encryption in an effort to avoid a
requirement to authenticate itself as would happen when TLS is negotiated.

I don't know the details of what TLS 1.2 fixes in TLS 1.1, but I would
only include tls11 and tls12 directives if there is a downgrade attack
where the attacker can claim to only support TLS 1.1 and not 1.2 and
benefit from that. Unless there is something about certification
verification that can be exploited, the impostor server attack isn't
possible because the impostor would have to authenticate to negotiate
TLS 1.1 as well.  Similar situation for the intermediary/MITM.

Is there actually something in TLS 1.1 that can be exploited by these
sorts of attackers?  If not, I wouldn't include those directives.

-Jim

v2.23.0 | Report a Bug | By Email