IETF Logo Mail Archive

Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Jim Fenton <fenton@bluepopcorn.net> Thu, 28 February 2019 17:33 UTC

Return-Path: <fenton@bluepopcorn.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF91F130EBE; Thu, 28 Feb 2019 09:33:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=bluepopcorn.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qno6z9jpyyTi; Thu, 28 Feb 2019 09:33:37 -0800 (PST)
Received: from v2.bluepopcorn.net (v2.bluepopcorn.net [IPv6:2607:f2f8:a994::2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1F006130F2B; Thu, 28 Feb 2019 09:33:36 -0800 (PST)
Received: from steel.local ([IPv6:2601:647:4300:2290:214e:1bd0:ac50:a2ec]) (authenticated bits=0) by v2.bluepopcorn.net (8.14.4/8.14.4/Debian-8+deb8u2) with ESMTP id x1SHXYW5023952 (version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 28 Feb 2019 09:33:35 -0800
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bluepopcorn.net; s=supersize; t=1551375216; bh=kA7jBbDHv5E1X6WagN2bLZniR+zT9N6j2aoljhEUBiM=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=fYI9OApVYD+9ERqAfnJJLiJ7Jd91cYKw4Rbq8Kv5Ka9lEY8d5ne5CCudouzyonlzd XXrXIhlIq1Ir3r9ou3Y+tFWK5bhRxMTUIHGp90HkFybvPPDVMKJQsqgFTeja6PY0fB g5quYzHBO/EChQLYJiMOkIpN3RH5DJ0bJREnBebA=
To: Eric Rescorla <ekr@rtfm.com>
Cc: The IESG <iesg@ietf.org>, uta@ietf.org, uta-chairs@ietf.org, valery@smyslov.net, draft-ietf-uta-smtp-require-tls@ietf.org
References: <155076162945.8595.2671476533659571699.idtracker@ietfa.amsl.com> <554356ec-de3a-08ed-a920-0397813895e0@bluepopcorn.net> <CABcZeBPOWVhPTpBt3E8GsqH7LMtG4y04voqTCLS=PG3hZk+NaA@mail.gmail.com>
From: Jim Fenton <fenton@bluepopcorn.net>
Openpgp: preference=signencrypt
Autocrypt: addr=fenton@bluepopcorn.net; prefer-encrypt=mutual; keydata= mQINBFJNz0MBEADME6UoNSsTvSDJOdzL4yWfH4HTTOOZZPUcM/at38j4joeBb2PdatlwCBtk 9ZjupxFK+Qh5NZC19Oa6CHo0vlqw7V1hx1MUhmSPbzKRcNFhJu0KcQdniI8qmsqoG50IELXN BPI5OEZ3chYHpoXXi2+VCkjXJyeoqRNwNdv6QPGg6O1FMbB+AcIZj3x5U18LnJnXv1i+1vBq CxbMP43VmryPf8BLufcEciXpMEHydHbrEBZb/r7SBkUhdQXjxRNcWOLeYvOVUOOrr1c+jvqm DEbTWUJVRnUro/WpZQBffFnymR0jjkdAa8eOVl/nF2oMLbaBsOMvxCRSSEcGhuqwbEappNVT 1nuBTbkJT/GGcXxc+lEx9uNj86oYC4384VZJMTd1BRI4qPXImNZCIdmpKegK743B6xxN6Qh1 Tg167pn9429JENQE/AFIVX5B/gpsg7Aq+3rmz9H6GbfovPvFV3TBTgsHCHAMC8XU+S4fhcqN PN0lbUeyb7g6wxaE+dYqC7TExx7G3prw4v66y0qS7ow/Cfw8XXOEkaFQ4XwP7nvfILT+9CcU yS8I40vlDFU9Wnt56CbGz0ZVQgHnwyPXL+S9kCcIwRLFx1M79s6T6qwX1TXadfpbi1uIw7XG TiPDT8Pk6i2y22oSSROyYD4D+wOhVkkvO0S8iZ3+LhAYUx86nwARAQABtCNKaW0gRmVudG9u IDxmZW50b25AYmx1ZXBvcGNvcm4ubmV0PokCVQQTAQIAPwIbAwYLCQgHAwIGFQgCCQoLBBYC AwECHgECF4AWIQS1nUkJe2fEXbvBaacbJaiwFdCfvgUCW4RXswUJCxkNcAAKCRAbJaiwFdCf vjdyD/wNUBktyTqGVI5JGE8TJX6+6bmq5HHJ/I+CgGNtyvjriNZdxZJ86L5Z7MIidBeUOXvl /DZK+1zvS/hq8oMe7rPMbSepHHdhMyVTBuWnUG3n48dYOMqQjttBxisauC9GXrejhDJeGP+y WDLRdkMs1h5M48MKpEHf69pvkb+CCewbJeJH3kpPc5Iv9lJEOM/SrGlR72RUsMHeBcc3ykPR CeW0MpXGKAo5QCRw51uvuy7jZdlxOrLMMvMSyqCVanaW2Iz8mXQKufahkDfjff/eBUgXSfxS L1H2ZUN8XeyLttn6iei0Jqs1aSTmU1y0XxMM5k0rgA+3PoZrkgYTSvVBQMhE+sIyeoiB9oat 5h7M7nZBXc4LQTEwMFCamE4GIaSkpLFwBBwZwPa487XKnPbGV6zr7sYEzDaCvkQGJdfw6NqA 5IxLgmAoCAWnp3h26OtUJ0lmgpRy/Vy4yinbVAvkBq1CB1gRlNDYn0Ton06Bz0ltSpBTWTzj m6zvnA2JLzyFrTc30PR22WD/m18/qgua7YCiP1xu88AsnY5HPgxDj88PDiiyuFftYHhSY0Dy nV+iz+NEPal/LaklqVmA1+l8qj/SPAdycbD/s2X6MHjPBamdBmzytuEZnv+LImPTkdswExLD AORVDaH2SYuznhFs7xZ/t1rB5Yo1l5eDGdTQ6KLsDLkCDQRSTc9DARAAwZaXYs3OzGlpqvSH 3HR9GjSzIeP0EmsBCjpfIdZbQBwQ3ZREiMGInNxV+xkdjLDg0ctrWzUCUe3plWe5NJkpjqm+ KMc7GKhyeWJ5MZRtVrh0VpFTqi8UwYPWumAYqE1y/U1me/zHpfG9EDwdSYqMkPF76Fy5W+vh ZP2ILKaY8qWSLyH8TPl5mFGBypfT8Q6UuzlRs2aTbsTtBX/qwH7gztMRJSjQtYo20AqCgBBH IA/0xV5qDH7CVYyKyPQ4tJLQ8/xyTysUS5fewrj8lZo/G9SaNtC3CEvrJYwyA0nvYB6+hJPM qMP/tyRXM/9XY3qO4Vxuc+m5fYbTZa5GYAZNNuB5dvqI1U0sFTWBEbpAeabqCQ40ZnFSj+t1 tBuwfj4ey/oJ78WRyg5+VTvPKRRubOmZcnzj5yfTS3VGxAZb4Nsj1S2f3KLP0Z+Cv4dt893I 2JWTChw7jA1omF0QTQaBq140n084PFndBHudrZ3cz+APC89iie2HQ4jGQldXZXnGySHnHlA+ WUyZ9wgOplW9F4Q/Lps1bnuh5VttPVpNfjX8hiV48al+b+ut4nfzXAripIRWF3TL72/6JqgE KNhRKyRn0S6BidieSyHWzqJR3Roi/YNTvyXyLh6i6jtByb3FbnhYf/9olobDpj0E+kTemLrw owre85gwupSphqlzVSUAEQEAAYkCPAQYAQIAJgIbDBYhBLWdSQl7Z8Rdu8FppxslqLAV0J++ BQJbhFZUBQkLF7qRAAoJEBslqLAV0J++wvgP/jPjfjH3zEGYhdv89B0vFsRIBDDZzJuMxZZL EW/FyqKqswTHt6HD2ScuiGNEsNWebKEZbj2+Y673KqWnBGMFuJovAzlLeNNxQToJq03pzm/9 4A0ePYk9xzrMgtW+DEUemWElvMbSwZYid8Zj4lAx+U/X6Dh7HPSTx8DO4BKRA4cLrASOaUuS /w8/2eTXNEJssqc8Shwq6bNO5cPXrjb/qJgbb/MOLp0Nn1vNIPjoi/88910pyOV9chYJJFRX zOofGwaRjvcO55X57lveBrNEgH453EHa7QAHL4wD2dbCd445YOPkn0mBNJe3Un5JTsi6IQaK NHUMfwTWrVWN8RapFaPv6YXVBEvpA13G88TFkR5UHlz6YEUMATmgJQpmTFRkPYT0DTEbL4/O ywFgqMzmY1ojKV/Z6iWCAHqVnyFr6NtTFmT/qkOtb933YWJZW6Pg/Us2rZHro7uvQ/bf7Uxb vkn4lX+VneDBjsk3RPnHO/6k8lY2xQ343O7QOedSkM6rJpB9IbgXvHJNJfAWV+L89ElZeKJr VNaQqAw/1uXM7s8MVc+qwoT+DN0jsdqkBcuBxnbYeyM/8X6wcZHopV74r7SAbH4TrtjcBft5 nyM0UroVaEXvJxLzL3kQTsHIiDtGVuYwDTHzVl9591fuyEe0cYZVP2WckXcuM7EUn4CPBUYJ
Message-ID: <b79b4b8a-a2b9-8954-83fd-e2789b4cd3c3@bluepopcorn.net>
Date: Thu, 28 Feb 2019 09:33:29 -0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.5.0
MIME-Version: 1.0
In-Reply-To: <CABcZeBPOWVhPTpBt3E8GsqH7LMtG4y04voqTCLS=PG3hZk+NaA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------12DA98D051DCEC3B0321AAFA"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/VSwRtNrHDTZ0t5wJ5TRUm-gFiQ4>
Subject: Re: [Uta] Eric Rescorla's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 17:33:40 -0000

On 2/27/19 2:10 PM, Eric Rescorla wrote:
>
>
> On Tue, Feb 26, 2019 at 3:37 PM Jim Fenton <fenton@bluepopcorn.net
> <mailto:fenton@bluepopcorn.net>> wrote:
>
>     On 2/21/19 7:07 AM, Eric Rescorla wrote:
>     >
>     ----------------------------------------------------------------------
>     > DISCUSS:
>     >
>     ----------------------------------------------------------------------
>     >
>     > I support Benjamin's DISCUSS.
>     >
>     > To elaborate on one point a bit: it seems to me that it's harmful to
>     > security to allow the sender to unilaterally override the
>     recipient's
>     > preferences that something be encrypted. To forestall one argument,
>     > yes, the sender knows the contents of the message, but the recipient
>     > knows their own circumstances, and they may be at particular risk
>
>
>     The general approach of REQUIRETLS is that the sender is in a good
>     position to determine the sensitivity of the message(s) they are
>     sending, because they know what the message is.
>
>
> Right, this is what I am disputing.


If I'm reading this correctly, you're concerned about the header field
(don't require TLS even if recipient domain policy says to) rather than
concerned about the REQUIRETLS SMTP extension requiring the use of TLS.
Let me know if this is incorrect.

The preferences we're talking about here (MTA-STS and DANE) are
basically advertisements saying, "if you send mail to this domain, you
should expect to use TLS when doing so." There will always be SMTP
clients that don't implement MTA-STS and DANE (and possibly even
STARTTLS) and will behave exactly as they do today. You described it
correctly as a preference; if the sender wants to emphasize delivery
over security, they can ignore that preference. That's basically what
the header field (RequireTLS: no or perhaps TLS-Required: no) does.

>
>
>     Ultimately, for the last
>     hop anyway, the recipient has the ultimate control: they can refuse to
>     accept a message unless STARTTLS has been negotiated.
>
>
> Actually, this doesn't work for two reasons:
>
> 1. There might be an active attacker.


Please elaborate on the type of active attacker you are referring to. An
impostor SMTP server? Note that either DNSSEC or MTA-STS is required in
the secure (SMTP extension) case in order to guard against forged MX
records.


> 2. Requiring TLS on the *receiver* side means that you can't talk to
> clients which don't speak TLS.


I probably should have labeled it as a non-serious idea. But if the
concern is that someone might override the domain's preferences that
messages be sent via TLS by sending a message without TLS, you can't
talk to clients that don't speak TLS, right?

-Jim

v2.23.0 | Report a Bug | By Email