IETF Logo Mail Archive

Re: [Uta] draft-moore-smtp-addrquery

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 02 August 2015 05:37 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5DC51A00D4 for <uta@ietfa.amsl.com>; Sat, 1 Aug 2015 22:37:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.7
X-Spam-Level:
X-Spam-Status: No, score=0.7 tagged_above=-999 required=5 tests=[BAYES_50=0.8, J_CHICKENPOX_47=0.6, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R0U0IlmIOBRc for <uta@ietfa.amsl.com>; Sat, 1 Aug 2015 22:37:40 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D61551A00DC for <uta@ietf.org>; Sat, 1 Aug 2015 22:37:39 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 7346D284D68; Sun, 2 Aug 2015 05:37:38 +0000 (UTC)
Date: Sun, 02 Aug 2015 05:37:38 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org
Message-ID: <20150802053738.GB19228@mournblade.imrryr.org>
References: <20150729220204.GI25592@mournblade.imrryr.org> <55BA4413.9050900@network-heretics.com> <20150730175247.GX4347@mournblade.imrryr.org> <55BA82F2.6090401@network-heretics.com> <20150731152857.GI4347@mournblade.imrryr.org> <55BBBD1D.8050707@network-heretics.com> <20150731203310.GU4347@mournblade.imrryr.org> <55BBFB97.3000302@network-heretics.com> <20150801051433.GZ4347@mournblade.imrryr.org> <55BC5996.7060604@network-heretics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <55BC5996.7060604@network-heretics.com>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/XgdQ2GnL6G8ngp8aXpqLVFS57us>
Subject: Re: [Uta] draft-moore-smtp-addrquery
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: uta@ietf.org
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 02 Aug 2015 05:37:41 -0000

On Sat, Aug 01, 2015 at 01:31:02AM -0400, Keith Moore wrote:

> It's pointless to continue arguing about this.

Yes, we're done.  Contact me off-list to arrange a time to chat
when you're ready.  The below are just clarifications, not a
counter-argument.

> >I did not mention anything about resource constraints.  The contraints
> >are rather mobility in and out of captive portals and port 25
> >blocking.  With super-computers in every pocket, I'm not too
> >concerned about the cost of performing a couple of public key
> >operations now and then.  Much cheaper than streaming Neflix.
> 
> Agree about pocket super-computers.  Can you elaborate on what you mean by
> "mobility in and out of captive portals"?

MUAs on phones, laptops, ... inevitably find themselves on networks
on trains, at airports, in hotels, and even at home where middleboxes
proxy DNS and don't support RRSIG/DNSKEY/... and sometimes even MX
records!  Just A/AAAA/CNAME/PTR is about all you can get in many
of these environments.  And often only ports 80/443/587.

> Both X.509 DV and DNSSEC-signed TLSA records basically equate control over
> the domain with the required assurance.

Correct.

> That's already a leap because an email address really isn't a person's
> identity, the domain isn't really designed to be a CA (even for its own
> users), and the sender really wants to send to a person rather than whoever
> happens to be currently associated with an email address.   But let's
> accept that as a necessary limitation for now.

Intrinsic to the proposed approach to the key distribution problem
(unlike Web of Trust), is that in order to address scalability, it
delegates bindings of email address to key to the domain owner, so
that's who we have to authenticate.  Sometimes that's not ideal
(when emailing my parents it is them I want to reach, not some
particular mailbox at their provider).  Other times, I ready do
want to reach the bank branch manager at bank.example, and not the
person who happens to occupy that seat.

> X.509 DV has the additional problem that any trusted CA can sign any key.
> DNSSEC has better partitioning, as you point out, but trusting the AD bit is
> a hole big enough to fly a 747 through, and there are lots of known
> implementation bugs.

For the record, I must object to this as sheer FUD.  The AD bit
from my local nameserver is just fine.

> So the threats are different, but I can't make a case
> that in practice DANE is inherently more secure than X.509 DV.

It does a better job of verifying domain control.  That's all I
expect from it.  It certainly does not tackle typo-squatting, or
"identity", ...  Just lookup of data for a domain, that resists
modification in transit.

> No it doesn't, because there's no way to prevent abusive clients from
> talking directly to SMTP servers.   Port 25 blocking, while widespread, is
> far from universal.

For AQRY, can harden the protocol to only grant access to MSAs.
For example, the MSA might have to be listed in a suitable SRV
record (because this is anti-abuse, not data integrity, authentication
is not required).  One might also deny access to domains that are
too new, or have a bad reputation.  The point being that a small
number of legitimate MSAs are far easier to service while refusing
service to botnets.  Connections directly from each home user don't
lend themselves to this time of approach.

> >Indeed, if the MSA is compromised, users may see forged keys, but
> >the MSA would have to stay compromised indefinitely, or users would
> >later see unforged keys, and MUAs might let users know that keys
> >for a recipient changed, and that they might double check that this
> >happened with the correspondent.
> 
> So it's just like when using an ssh client that says "hey, the remote host's
> key changed".   Users learn to click "ok" and continue as if nothing
> happened.

I'm not designing UI here, just talking about one way in which
attacks can be tamper-evident.  Users who tune out authentication
failures will likely not be protected against targetted attacks by
any security technology.  The best we can hope for is that some
users will pay attention, and most of the rest will not be worthy
attack targets.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email