Re: [Uta] REQUIRETLS: another SMTP TLS mechanism
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 25 March 2016 22:19 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4097C12D612 for <uta@ietfa.amsl.com>; Fri, 25 Mar 2016 15:19:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7pu03XcoG2MR for <uta@ietfa.amsl.com>; Fri, 25 Mar 2016 15:19:40 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7517512D0FC for <uta@ietf.org>; Fri, 25 Mar 2016 15:19:40 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 69FE4284F45; Fri, 25 Mar 2016 22:19:39 +0000 (UTC)
Date: Fri, 25 Mar 2016 22:19:39 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org
Message-ID: <20160325221939.GV6602@mournblade.imrryr.org>
References: <56F49E9B.2090403@bluepopcorn.net> <20160325182425.GR6602@mournblade.imrryr.org> <56F592E6.60302@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <56F592E6.60302@bluepopcorn.net>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/WyS3mRl25VuUD42PmT_ZfWol0io>
Subject: Re: [Uta] REQUIRETLS: another SMTP TLS mechanism
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: uta@ietf.org
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2016 22:19:42 -0000
On Fri, Mar 25, 2016 at 12:35:02PM -0700, Jim Fenton wrote:
> > If the entire goal is to ensure the integrity of the RFC 6125
> > "reference identifier" used to authenticate the nexthop SMTP
> > server, then it is perhaps a good idea to say so explicitly.
>
> The primary purpose was indeed to ensure the integrity of the reference
> identifier; this is discussed in the Security Considerations (section
> 6.2, paragraph 3).
If so, with DNSSEC validation required, CNAMEs need only be secured
to the extent that they affect "reference identifier" selection.
* CNAME/DNAMEs between the MX qname and the owner domain of
the ultimate MX RRset definitely need to be validated.
* For domains with no MX RRset, the absence of the MX RRset
would potentially need to be DNSSEC validated.
* Otherwise, CNAMEs only need to be validated to the extent
that (e.g. following RFC 7672) the ultimate "reference
identifier" is determined in whole or in part based on
the result of the CNAME lookup.
> > <quote>
> > The CHAIN and DANE parameters are additive; if both are specified,
> > either method of certificate validation is acceptable. If neither
> > CHAIN nor DANE is specified, the certificate presented by the SMTP
> > server is not required to be verified.
> > </quote>
> >
> > This is reasonably clear, either suffices when both are specified.
> > I am concerned that giving the user the choice to specify either
> > alone, rather than just a single "AUTHENTICATED" (or similar)
> > keyword, may be too much rope.
>
> By not using the CHAIN and DANE options, certificate verification is not
> required, so if too many messages are being bounced with those options,
> they'll not see use. But without those options, we're limiting the
> effectiveness of REQUIRETLS to passive attacks only; MITM attacks will
> still be possible.
NOTE: I am not suggesting that REQUIRETLS should not be able to
require authenticated TLS. Rather, I am (strongly) suggesting that
such a requirement needs be mechanism-neutral, and should not be
so specific as to be able to specify the use of DANE, WebPKI or
some future alternative.
> I have received suggestions that there also be options to require
> specific TLS version, cipher suites, PFS, etc. as well, and my gut feel
> is that's getting too specific.
Don't let this be over-engineered. That's a guaranteed way to fail
to produce a workable protocol. Of course it is clear that even
a simple REQUIRETLS can gain sufficient traction, but to the extent
that you want this to have a fighting chance you should resist all
calls for overly-specific policy.
--
Viktor.
- [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Aaron Zauner
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jeremy Harris
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jeremy Harris
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism John Levine
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Orit Levin (CELA)
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Chris Newman
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Jim Fenton
- Re: [Uta] REQUIRETLS: another SMTP TLS mechanism Viktor Dukhovni