Re: [Uta] Last call: <draft-ietf-uta-smtp-require-tls-03> "SMTP Require TLS Option"
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 24 August 2018 01:49 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C15BA130E50 for <uta@ietfa.amsl.com>; Thu, 23 Aug 2018 18:49:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xPIydtKM21rZ for <uta@ietfa.amsl.com>; Thu, 23 Aug 2018 18:49:31 -0700 (PDT)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F4A9130E27 for <uta@ietf.org>; Thu, 23 Aug 2018 18:49:31 -0700 (PDT)
Received: from [10.200.0.109] (unknown [8.2.105.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by straasha.imrryr.org (Postfix) with ESMTPSA id 4D4E3302375 for <uta@ietf.org>; Thu, 23 Aug 2018 21:49:29 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <04ba01d41ebf$c9436110$5bca2330$@gmail.com>
Date: Thu, 23 Aug 2018 21:49:27 -0400
Content-Transfer-Encoding: quoted-printable
Reply-To: uta@ietf.org
Message-Id: <792C74AF-EDAA-4316-B3FC-4075BC3F8EB3@dukhovni.org>
References: <04ba01d41ebf$c9436110$5bca2330$@gmail.com>
To: uta@ietf.org
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/_-MqpwYOFhiO4Mn0Qqv5QxeL6z8>
Subject: Re: [Uta] Last call: <draft-ietf-uta-smtp-require-tls-03> "SMTP Require TLS Option"
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Aug 2018 01:49:33 -0000
> On Jul 18, 2018, at 1:50 PM, Valery Smyslov <smyslov.ietf@gmail.com> wrote: > > draft-ietf-uta-smtp-require-tls-03 In https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-03#section-4.2.1 bullet 3, the reference to DANE authentication is to RFC6698, but DANE for SMTP is defined in RFC7672. The RFC6125 reference as an alternative may not be a sufficient alternative to DANE, since absent one of DANE or MTA-STS (and in the absence of DNSSEC validation of the MX lookup) the protocol is vulnerable to DNS forgery of the MX hostname. The same issue re non-DANE authentication is also in Section 2: o The certificate presented by the SMTP server MUST either verify successfully in a trust chain leading to a certificate trusted by the SMTP client or it MUST verify succesfully using DANE as specified in RFC 7672 [RFC7672]. For trust chains, the choice of trusted (root) certificates is at the discretion of the SMTP client. In this document MTA-STS seems to only be mentioned as policy source to ignore with "RequireTLS: NO", but not as the alternative authentication mechanism when DANE is not available. This is recognized in the Security Considerations: Another active attack involves the spoofing of DNS MX records of the recipient domain. An attacker having this capability could cause the message to be redirected to a mail server under the attacker's own control, which would presumably have a valid certificate. REQUIRETLS does not address this attack. Might it not make sense to close this hole and require one of MTA-STS or DANE? This delays the practical deployment of REQUIRETLS (yes) to such time as at least of one MTA-STS or DANE is generally present, but I think this is better than leaving the above security gap unaddressed. -- Viktor.
- [Uta] Last call: <draft-ietf-uta-smtp-require-tls… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jim Fenton
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jeremy Harris
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Viktor Dukhovni
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jim Fenton