IETF Logo Mail Archive

Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Thu, 28 February 2019 02:18 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2EC7E12E04D; Wed, 27 Feb 2019 18:18:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mit.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GgphBBAqbwqc; Wed, 27 Feb 2019 18:18:25 -0800 (PST)
Received: from NAM03-BY2-obe.outbound.protection.outlook.com (mail-eopbgr780121.outbound.protection.outlook.com [40.107.78.121]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6372212867A; Wed, 27 Feb 2019 18:18:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mit.edu; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=bsParjv7oCm6FwHEHwX7msyz3pb1+Mk3wlz8fuwdkcA=; b=U88kzk7/0HYMZgj20qyWhqnYdRx8WXmzhtHsqMHe4R+rRSP24ijODhCsexn8vf37Zd6xcQFaM6SLHoi2sjnGAp0DLVqFbzMzTVqWtg2DguDbKHlzpzkWcZth/QHldS4K7X4Lt+qalYCBpDdI5JePnJ05XGYM+EPlOS7+zGBJMMQ=
Received: from CY4PR01CA0016.prod.exchangelabs.com (2603:10b6:903:1f::26) by BYAPR01MB4853.prod.exchangelabs.com (2603:10b6:a03:91::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1643.18; Thu, 28 Feb 2019 02:18:24 +0000
Received: from CO1NAM03FT031.eop-NAM03.prod.protection.outlook.com (2a01:111:f400:7e48::203) by CY4PR01CA0016.outlook.office365.com (2603:10b6:903:1f::26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.16 via Frontend Transport; Thu, 28 Feb 2019 02:18:24 +0000
Authentication-Results: spf=pass (sender IP is 18.9.28.11) smtp.mailfrom=mit.edu; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=bestguesspass action=none header.from=mit.edu;
Received-SPF: Pass (protection.outlook.com: domain of mit.edu designates 18.9.28.11 as permitted sender) receiver=protection.outlook.com; client-ip=18.9.28.11; helo=outgoing.mit.edu;
Received: from outgoing.mit.edu (18.9.28.11) by CO1NAM03FT031.mail.protection.outlook.com (10.152.80.171) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1643.13 via Frontend Transport; Thu, 28 Feb 2019 02:18:23 +0000
Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x1S2IJaH001579 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 27 Feb 2019 21:18:21 -0500
Date: Wed, 27 Feb 2019 20:18:19 -0600
From: Benjamin Kaduk <kaduk@mit.edu>
To: uta@ietf.org, uta-chairs@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org, The IESG <iesg@ietf.org>
Message-ID: <20190228021819.GY53396@kduck.mit.edu>
References: <155072491254.20210.15187912705241578950.idtracker@ietfa.amsl.com> <7061cefb-0f2d-5257-e10c-95be14a7413f@bluepopcorn.net> <20190227201137.GS53396@kduck.mit.edu> <20190227202659.GX916@straasha.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20190227202659.GX916@straasha.imrryr.org>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:18.9.28.11; IPV:CAL; SCL:-1; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(346002)(136003)(39860400002)(396003)(376002)(2980300002)(189003)(199004)(336012)(23726003)(47776003)(478600001)(33656002)(186003)(55016002)(2906002)(426003)(14444005)(26005)(8676002)(58126008)(316002)(356004)(106466001)(26826003)(104016004)(446003)(11346002)(46406003)(956004)(88552002)(75432002)(53416004)(2201001)(7696005)(6246003)(97756001)(93886005)(476003)(486006)(126002)(246002)(16586007)(8936002)(110136005)(5660300002)(50466002)(36906005)(786003)(1076003)(450100002)(76176011)(305945005)(86362001)(106002)(229853002)(18370500001); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR01MB4853; H:outgoing.mit.edu; FPR:; SPF:Pass; LANG:en; PTR:outgoing-auth-1.mit.edu; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 2f7c610c-605c-4bd9-fc28-08d69d230434
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600127)(711020)(4605104)(4608103)(4709054)(2017052603328)(7153060); SRVR:BYAPR01MB4853;
X-MS-TrafficTypeDiagnostic: BYAPR01MB4853:
X-Microsoft-Exchange-Diagnostics: 1; BYAPR01MB4853; 20:UUq1wIw99PfZhPFbx2fOkcRH1eanezxXNOBYdNcKwxfBmHz+67BitGi5dK/5gQuiX6O/ziM6IXMmw8DINZ5eIXjsX3RTMeqyBqpREYYQ0nacGdMvChJF6M7lNIUV0fnz/bnD4XxKEHe8xVSIDTvpuMiIlN66BTSJmzHqcwXSyfs+CyQoJmzqvQoM/RIb2KCJMKAZhw8GuIsxN5YNP4kndpTBU4m3ZCgazWY0iIDQmFMQ+i0iG4MjOq3258EdU4oqmREMVBWyjaRGh/6r2JloG8wSKmkd3xIzJ7+OwkwgHIfQqdWz8rVB7ejtJxWTYz7QtSJNFuWEJMTXbtHVT80gXUMK8b0zcdtiI9APSzpwp4XTtun6cy+0kupEF8MqkQttzRh86/zxCUXL/MUnZaiN9cpmxJiKb4W6x2HhlLnPYZJ8T3fvx3Ygtq1T27GDa7Jbdee/aNOQ5cAhoZy0TJLyL0mlf/7FVtMvzq9VOMbAg+tKWf04Ws/RUeap9ZUKqxxnCmbh7aCoZg5WcxH1g591I9N80bZE9vQeP5qAoyLQhBQ2ZwkyiSS5C+zggwrmoAMnId5KxMaQRarXv/kyazjektr1eCE3qG9JHmqMS8AkEoo=
X-Microsoft-Antispam-PRVS: <BYAPR01MB48531E885421B22EFA9B8DFDA0750@BYAPR01MB4853.prod.exchangelabs.com>
X-Forefront-PRVS: 0962D394D2
X-Microsoft-Exchange-Diagnostics: 1; BYAPR01MB4853; 23:c6H5azwJCzBtpbrT/v46O+lKe5bHACpS3AdxdDNZlqNGdi+ygRlODH5hVgUnpcrMKWPkavjkGp0/4X2cqnunEsUoqnIRzZUfQ0Cij+4Sei3B/WZ0oQwVTH0V2KuTPXg5k5Of5USarmyxy4r4ImGDOcD63tFWgsjO+W+UxefxI0EWJJqS7fD7L7IXFVtDr4s3hxu/a1W/B1Pa6QOBpEAGExLEgSWl1Cm1wTACracBLU/0MHl+WKWoR9+ppwfzdhEMD2htaQ+/eNTY3L8OHquoBWiR10SbnuN777WemPNARwV5P2Tts30Xgs/ZjOBmFDQjFqQdAA+zPZNQQQCxF4Xir4H4ad+g2U6aVikmEm0gwtouyN9U4VRQiTyBnyP6IKQC72lPy1mHIDapM55Mb4gVl1NHOJgHwWkJ65dk8/VX9VUciBu41PeYSRiGAW6NKzsGRUhVUXTQ7Cbati4UIwxJt9OCCnUG8EasSUqqZ77sjYSwvrJi1zWOh8iMvkqJ5ZKohQJWI8LjpACTQwG1CNV0RvJGiMVP/Wh06zNYfvkNuD0pg32DhzPZJsl40Db5eEKGc15BFnslL5UYIJCbzFOxBcD1QY+YIbyBDTNital83kD/lI0TLaabowFnn72Swe0UuMj3YxJZzhw9NfiOBVb623Hly1/Vse7Z9MxTZYhTOFoT69QKeorRhxThm4IYk80CxQgnDQCQ7C0C6llVeXAssyrxj0rVMA1JjN1IfitzqYQ7/fTczVJQpssWE9TgkHt09GGmGnxtV+D7rZCFiv8ZkT7qfcguFRTMcsaTYZVQqC0ZUeq0BQZb61YUoKSaz7zS7+0GzvqFJZTxQzT2NBCqr425fTDirLAm3jRT7BIFG8wyjg5BGxOmNsoXSSKbq73sPscuB0GP0L8ZWGzbxFnk1vRxb+lmLqkUKpV+P95+68G/P3GqiSqMGbpRgL1lIF41sdOcHs9uXCrUO84fTsCzls98qVFIT63DNuN7fwKSLhfQ1+CG910QDpr4ZGhc/QZ65MdB/xJ/xSTVKGpG0QjdHAmTLdN9GcRDQoGc7X32t9Pp5PlmXy8iIOSewWeohvMbDLVyxWzhDXdApE/SnY7MZFF0XoW1wXFd5Mi8rHSQ/X1onqh9nCvrTC52t/37c6ZyRIB+oMOCgYRjtFmu/qfPPzB7mkvbuEbPsLKvLWI/WkQ7E9lEVz0v1RzyLmDdh9CjNSH7mF3lQ+rxkpekJVWsKR4tFfp9Wz2lgnj2OAk4wqw=
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: Qfbi7BvTI9Fs7tZCBVwZijaPS0o0xG7PiWEo5M4WgXGvQTjUpOe81XjYPl+TgVZYIL1eWCqpAR6gHlYkhpahm/RL5Yhml2k/mTTqLrf1QN6mZ2N/oSG5LeetpNXEAP2ISL8YfOSXxk8E7fPCF+esfArxBhX5C+bHAd5XvGNDvA+liPb5MgQ6EHvQiZBLObh16/15kGFFsI0zjM+g3RYA8LW/dRzcj/+mdo3/FOWEdjEJQiQmVZ1rVUL5rs3ImvvFtV+Q0fKxKgSbW8gutKyM6gTJju3lTZEToUfjT15IPDtZ7qgREMRXXwgKhDgmmwPec+leTHOCybZOUNZzG17zt8mI4YACSrjrthZybzCW0asACYQB0mVdi01TDPnmHWB+BmTSv9Hl+LZpAUxWE5KsaP2R+TVFgdV7Ukw6cpA/RaQ=
X-OriginatorOrg: mit.edu
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 28 Feb 2019 02:18:23.5371 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 2f7c610c-605c-4bd9-fc28-08d69d230434
X-MS-Exchange-CrossTenant-Id: 64afd9ba-0ecf-4acf-bc36-935f6235ba8b
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64afd9ba-0ecf-4acf-bc36-935f6235ba8b; Ip=[18.9.28.11]; Helo=[outgoing.mit.edu]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR01MB4853
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/cgn3syBJQnZosuFtOG795_amltk>
Subject: Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 28 Feb 2019 02:18:28 -0000

On Wed, Feb 27, 2019 at 03:27:00PM -0500, Viktor Dukhovni wrote:
> On Wed, Feb 27, 2019 at 02:11:38PM -0600, Benjamin Kaduk wrote:
> 
> > > > I'm also unsure exactly how tightly nailed down the (non-DANE) TLS
> > > > certificate validation process is supposed to be as a result of this
> > > > document; more in the COMMENT section.  It seems that without some form
> > > > of strict certificate (host)name validation, this mechanism does not
> > > > actually mitigate the lack of server authentication by the client that's
> > > > described as a goal.
> > > In what respect is the certificate name validation not strict? DNSSEC or
> > > MTA-STS is required to make sure that the MX hostname can't be altered
> > > in a DNS response, and that should be the name on the certificate.
> > 
> > DANE and/or MTA-STS give me an MX hostname.
> 
> MX records give you an MX hostname.  With DANE, that MX hostname is
> DNSSEC verified.  With MTA-STS the hostname is checked against the
> MTA-STS policy via a (sometimes cached) HTTPS callout.
> 
> > Do I require that exact hostname to be present in the X.509 certificate
> > presented by the TLS server?
> 
> Not in the case of DANE (for SMTP).  The certificate can be completely
> anonymous, and would still be matched via a "3 [01] [012]" TLSA record.
> 
> With MTA-STS, yes, the name would have to match the certificate.
> (Which makes deployment more difficult in some use-cases, but
> c'est la vie).

Section 2 has this nice note about "MUST verify successfully using DANE as
specified in RFC 7672".  I am demanding an equivalent level of
specification for the previous clause, about "verify successfully in a
trust chain leading to a certificate trusted by the SMTP client", which
sadly lacks a current single comprehensive reference.

> > I didn't see any text in the document that clearly says the answer
> > is "yes".
> 
> Since, the answer is not always yes, the appropriate behaviour is
> left to the security mechanism.

It still needs to actually be specified somewhere!  My understanding is
that the intent here is to make the TLS verification of X.509 certificates
for the non-DANE case more strict than current practices, and as such we
need to actually specify the desired practices, here.

> > "verify successfully" is pretty vague.  Do I just verify the signatures
> > along the chain?  Do I need to check those fiddly keyUsage bits?  Do I care
> > what the CN/SAN is?  We cite RFC 6125 in Section 4.2.1, but it's probably
> > prudent to reference it here as well.
> 
> In the case of DANE-EE(3) the only requirement is that the "3 X Y"
> TLSA record matches.  Name checks and expiration, etc. are out of
> scope, but I would expect friction with some implementations if the
> keyUsage is not compatible with TLS or the negotiated key exchange
> mechanism.  So the certificate keyUsage SHOULD be provisioned with
> under same constraints the same as would apply with WebPKI.
> 
> With MTA-STS, all the usual WebPKI stuff applies.

Then the document needs to say so!

> > > Either STARTTLS or implicit TLS (i.e., on a different port) would
> > > satisfy this requirement. It's because of the "straight to TLS" case
> > > that STARTTLS isn't mentioned here. This is REQUIRETLS, not
> > > REQUIRESTARTTLS.
> > 
> > I'm complaining more about the transition from (3) to (4) than either one
> > per se.  If I open a connection and then establish a (new?) TLS-protected
> > session, that seems to mostly be STARTTLS.  But if I use implicit TLS, why
> > do I need to bother with (3) at all?
> 
> There is no implicit TLS for MTA-to-MTA relay, and none in the
> foreseeable future, so this issue is moot.

So why can't (4) use the string "STARTTLS" and be less confusing to the
reader?

> 
> > Given that 4954 just talks about the client's "understanding of the server
> > hostname", I'd suggest that this document explictly state that the MX
> > hostname must match, independently of the question of citing 4954 and/or
> > 6125 here.
> 
> Except that's not the case with DANE.

Apparently the implicit "for the non-DANE case" got lost.  Sorry.

-Benjamin

v2.23.0 | Report a Bug | By Email