IETF Logo Mail Archive

Re: [Uta] reporting, was CBOR, XML, JSON (was Re: Updated SMTP STS Draft)

Daniel Margolis <dmargolis@google.com> Sun, 08 May 2016 17:24 UTC

Return-Path: <dmargolis@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0BB0C12D17A for <uta@ietfa.amsl.com>; Sun, 8 May 2016 10:24:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.696
X-Spam-Level:
X-Spam-Status: No, score=-3.696 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.996, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Spdgt-tU_qXc for <uta@ietfa.amsl.com>; Sun, 8 May 2016 10:24:38 -0700 (PDT)
Received: from mail-io0-x234.google.com (mail-io0-x234.google.com [IPv6:2607:f8b0:4001:c06::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7F17612D179 for <uta@ietf.org>; Sun, 8 May 2016 10:24:38 -0700 (PDT)
Received: by mail-io0-x234.google.com with SMTP id 190so154668094iow.1 for <uta@ietf.org>; Sun, 08 May 2016 10:24:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=fhLbqtA62Vd7VlQuU307T6mND7DRchWLmQZpbKhJZgM=; b=f6iZZvIdckbAkU71mmUTtmjFyzeReeFyh+nyuW2bQvulkyVdmgEowHiLd86Pt54P02 lVuGJY/w5m7F63vxtXh2q8fDqGKkPEfdX32qTzOquWqtmlEJ3buGwRi5u69sKExfkqCS G3TgKt6+hsG201Txk4upMotSuApupYZz3wOo03NgA0TYdF86ZSYZ5+fkSueVAgVDOHDV flGGobZc9Imt/jzEhqh6coyJOMm4dionLaNrbg/b5H80HQCbJCbFudgJ36Yj0jLmhEzI Zm4/DkSiZD9zxdkL6rmJObA0UiyC+Nj7liLZqj3cMNG3nB+7Ba0J4J5ethi3ZJIFT+d+ u5sw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=fhLbqtA62Vd7VlQuU307T6mND7DRchWLmQZpbKhJZgM=; b=KIziBYe2XgD7bFPof5H9pJN/HwX/lY1+xfYTJCzZFBwO045DSjmrOPMDEIZauGdfte 2BDg5B3LQ/NeOg0f2V+NYtJwHC9nNjeD0zKDjFTdFv9P0l6ZIWwO3Z6Yzt/PTC4+AVy4 xtsxPaI2/OeSuKn7oU6kJIK7gGh/2nduOjVzYlnd+vub0aeANu9UMG4NRSr2Z4hC7cs6 Djjs0/bBqnglHgYzTSmK2BKTnqkuMBPZe5DX1/19awNKTd9s50/4tjuBoI/0MRFXUuVU aPLzgTmX6wDPTlOKadbymS+kcJ2jq94IxQ8yJUgYHXoS48VjCqwdBhV7rxkEqGS7lzSP AGgQ==
X-Gm-Message-State: AOPr4FVq00mJ6U9kRx1z/DOWsHGsen36YlXVwZzLcL0lagYDyv+VDHmPkqaNeiCCMlLacKf6TObvNkB/+BWG2WMa
MIME-Version: 1.0
X-Received: by 10.107.170.207 with SMTP id g76mr32745539ioj.58.1462728277568; Sun, 08 May 2016 10:24:37 -0700 (PDT)
Received: by 10.64.91.227 with HTTP; Sun, 8 May 2016 10:24:37 -0700 (PDT)
In-Reply-To: <20160507014321.GN3300@mournblade.imrryr.org>
References: <20160506235647.GL3300@mournblade.imrryr.org> <20160507010844.32784.qmail@ary.lan> <20160507014321.GN3300@mournblade.imrryr.org>
Date: Sun, 08 May 2016 10:24:37 -0700
Message-ID: <CANtKdUc7N7GWXYuHSJBfeRaoJ94SOE5VZmXqPgSTiFfT+9+=gg@mail.gmail.com>
From: Daniel Margolis <dmargolis@google.com>
To: uta@ietf.org
Content-Type: multipart/alternative; boundary="001a114159e063ad6e053257f718"
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/UZ1ELWMpqVauw6cUUGJoC9DU5fs>
Subject: Re: [Uta] reporting, was CBOR, XML, JSON (was Re: Updated SMTP STS Draft)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 08 May 2016 17:24:41 -0000

Sorry, everyone. I've been out of the office the last few days on holiday
and haven't had a chance to catch up on the whole thread.

Regarding big providers' ability to monitor for misconfigurations, I think
we should not assume they will always catch errors. Especially in the early
stages of deployment, as Viktor noted, a small percentage of dropped mail
could go unnoticed, so having a means to accurately report failures and
their causes strikes me as valuable to everyone. Anyway, I'm not really
seeing an argument that only certain classes of mail hosts would benefit
from this, and of course that's not anyone's goal.

It sounds to me from the tail end of this thread that the main argument
here is contrasting out of band reporting (via HTTP) with SMTP-based
reporting in a separate message and in-band reporting via some SMTP status
indicator. Is that right?

If so, can I guess at the pros and cons (non-exausively) as something like:

- HTTP
pro: works with hosted mail, works with outsourcing reporting (a la
dmarcian), works even if the only MX for a domain is down
con: requires a separate HTTP endpoint (that can handle POST or PUT, which
is more than STS requires)

- SMTP-separate-message
pro: similar to DMARC, can be outsourced, requires no new infrastructure
con: requires senders to not validate STS/DANE or requires recipients to
have a different dedicated domain/outsourced recipient; potentially fails
in the same way as the original message

- SMTP-in-band
pro: doesn't require aggregation, allows indication at a fine granularity
("this transaction failed"), no extra infrastructure required
con: doesn't provide aggregation, in-band means if the MX is really
misconfigured or the sender never talks to the right MX there's no way to
get reports across

These don't strike me as mutually exclusive. Having an in-band indicator of
why the sender terminated the connection (like "STARTTLS wasn't supported
and I require it") seems useful. Having out-of-band aggregation also seems
very useful.

In particular, one of the methods by which we would hope an *intermittent
MITM* would be revealed is that reports of the occasional STARTTLS failure
would indicate exactly this. If reports can only be sent *during the MITM
to the MITM'ed MX*, this property is lost, is it not?

So I believe we need to keep some method for aggregate reporting; I don't,
however, think the option for aggregate reporting precludes more verbose
in-band indicators of why a connection is terminated.

(I will sit down and read the rest of the thread in the next day or two, so
if I've missed something, please be patient.)

Dan


On Fri, May 6, 2016 at 6:43 PM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:

> On Sat, May 07, 2016 at 01:08:44AM -0000, John Levine wrote:
>
> > > It is the long tail of much smaller domains where SMTP transport
> security needs
> > > an effective alerting channel.
> >
> > So they can point the reports at some place like dmarcian.com, which
> > does the analysis for small mail systems for free.  Once again, this
> > is not a new problem, and practical solutions are well known to people
> > who take a few seconds to look for them.
>
> Most of the small domain operators will not do that.  And this leaks
> sensitive data.
>
> If you can't send DMARC reports to some domain, no big deal nobody
> cares.  There's little operational impact.  If their certs expire,
> and they don't notice, everybody who's trying to send them email
> (and their postmaster staff getting support calls) feels the pain.
>
> I am not buying the outsourced processing model as sufficiently
> broadly applicable.  Why are you so opposed to recognizing that
> perhaps we have two different use-cases to address, and might well
> address both?  I am not denying your use case, just saying it is
> less urgent based on operational experience of resolving TLS issues
> in forward delivery.
>
> As for the authors of the draft, they should not be focused on
> *just* the large provider problem if this is to be broadly applicable
> technology.  If their part of the elephant requires aggregate report
> flows, so be it.  Not everyone will send them such reports, they
> require a bunch of heavy-lifting.  A simple in-band status indication
> stands a better chance of being enabled by default.
>
> [ I am really hoping to not hear a counter-argument, I don't think
>   I am saying anything radically controversial, but I keep being
>   surprised ... ]
>
> --
>         Viktor.
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>

v2.23.0 | Report a Bug | By Email