IETF Logo Mail Archive

Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt

Peter Saint-Andre <stpeter@stpeter.im> Thu, 23 June 2022 20:02 UTC

Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32663C157B59 for <uta@ietfa.amsl.com>; Thu, 23 Jun 2022 13:02:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.002
X-Spam-Level:
X-Spam-Status: No, score=-4.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=JFdSOBpM; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=SG5sPztO
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kGs-xmeMbqEB for <uta@ietfa.amsl.com>; Thu, 23 Jun 2022 13:02:05 -0700 (PDT)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 38905C14F730 for <uta@ietf.org>; Thu, 23 Jun 2022 13:02:05 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id B63C75C00B7; Thu, 23 Jun 2022 16:02:02 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Thu, 23 Jun 2022 16:02:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1656014522; x= 1656100922; bh=WFPL0HzWYoR7xgMQGb1ec7pTzZ2pjas/hk70KFf9Mt4=; b=J FdSOBpMMN0TiUxuYTaL9lAJ06wewf9u0nOR+Wky6OsGG0MPL+soGgZQsqG36JSqH UZzPDiUgAGfQLSI+i3V3EsjO30X4lsWTkB/F2Fl9L6gsLlpLpNAbrfB9epOByKxd eUaydLnJLOsr9T/Ig8zwbJMd/nmxD8hF9D4mGXqNW/rDuPhab5FSFWiAJnoxEmFN NVaPoRNB2Je7Z5ylIMku2bdmQjjsCnM7AvSE6EEKFWtcEKlLh+h1y7mUOHPbk8JM tz9M4HrPipbIzwWoGX4RooYYCIW3imvaWeEZQ11pD4HReB+gtGKnjg6nN/baxUpu p/NhUVcH3HW6x2LCgO0aA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; t=1656014522; x=1656100922; bh=W FPL0HzWYoR7xgMQGb1ec7pTzZ2pjas/hk70KFf9Mt4=; b=SG5sPztO6ijv8zRvg nrLq6OU7fzb/uSid+MF8EQC2WujTCXLNHfipa2M9I+r40hLVNahjM121azDXspx9 rLdt75k1ujS0nMCaq+6QXK2VaRlOpqHI1hPtZA+d49GUvOLCsgpsj7Rxtlsp9gZ/ izBM0jjMfzBvDnBN8GH7hhlIcKRAz+kqUM6/+qiTf0ktb0DIQm7C3vvQgXCRt6P7 bxRA7/R1wxU6JaL4V76qRHSprtetcCCITykPk/mep62UETCastSOLGwuohD5XLJh bVs6G4AZBns+oqI+QayD7O1oPF8tJEkp5iyI19GDKykD21au5R1FZUO1VlHXtUID U+5eg==
X-ME-Sender: <xms:uca0YjoVVWXbb2ckEGPorhFQBIpw9dw1yey0za8gYCSiZDIUNZxWtQ> <xme:uca0YtpBurt6UZhipgzXsjQ1ccKmOo9kHS6oi5mT0CNZ2-aRCHnNjosp2_eJcL3n- g7e4F8thDmU9yzMMQ>
X-ME-Received: <xmr:uca0YgM-0P0PmnkF5bxKlcZURVi2hLF2nBjDeiy-1mEY97xXJocICf0jgdGV>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudefjedgudeggecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfvfhfhffujggtgfesth ekredttdefjeenucfhrhhomheprfgvthgvrhcuufgrihhnthdqtehnughrvgcuoehsthhp vghtvghrsehsthhpvghtvghrrdhimheqnecuggftrfgrthhtvghrnhepvdeuleeuveffve ettddvtdefgeeiledtfeevgfevueejfeelleeuhfdtkedvkeehnecuffhomhgrihhnpehm rghilhgsohigrdhorhhgpdhtgihtghhrvghpmhhouggvvggthhhoughonhgvghhmrghilh drtghomhdphhhtthhpshgrnhgushhmthhprghnuggtohhmphhlvgigphgvrhguvghsthhi nhgrthhiohhntggrtghhvghsrdgrthdphhhtthhpshhprhhosggvshhinhhthhgvmhhtrg hsthgrtghkrdhinhenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhl fhhrohhmpehsthhpvghtvghrsehsthhpvghtvghrrdhimh
X-ME-Proxy: <xmx:uca0Ym6FCDPmGl_Ikb5TsGFNep60qeIrU4w1kKzAFGYpQ-pdr5qGCg> <xmx:uca0Yi5oLQTWIFJEipG86KM_xJ1SK_CjWewSrBLyhCFhyekV68GqLA> <xmx:uca0YuhLPQK9a6kHF4oN3NW92tEqFoVN6WIRjtyyHRM296rqDKfuDA> <xmx:usa0YoSQNZVOSz3C3iz6OjbJUfkIELvuFjoT6MByirEpxoVVYDzLZA>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu, 23 Jun 2022 16:02:00 -0400 (EDT)
Message-ID: <8ca42e96-dc82-932b-eea2-16b8f336ad2b@stpeter.im>
Date: Thu, 23 Jun 2022 14:02:00 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: uta@ietf.org, Viktor Dukhovni <ietf-dane@dukhovni.org>
References: <165360014937.7348.791812490092301727@ietfa.amsl.com> <39887905-080d-0caa-86d9-45adea8705b9@cs.tcd.ie> <00b3db53-9523-db44-1b18-e09dab2ff343@stpeter.im> <YrScwUqxWiLnweCH@straasha.imrryr.org>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <YrScwUqxWiLnweCH@straasha.imrryr.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/ixIOOWjvMUCbZaRne_Ud3f3NnUI>
Subject: Re: [Uta] I-D Action: draft-ietf-uta-rfc7525bis-07.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Jun 2022 20:02:10 -0000

On 6/23/22 11:02 AM, Viktor Dukhovni wrote:
> On Sat, Jun 18, 2022 at 11:56:30AM -0600, Peter Saint-Andre wrote:
> 
>> On 5/27/22 7:51 AM, Stephen Farrell wrote:
>>
>>> - section 3.2: I wondered why no mention of MTA-STS or
>>>     DANE? Could/should we say that MTA implementations
>>>     SHOULD include support for such strictness?
>>
>> Hi Stephen,
>>
>> Although these technologies (RFC 8461 and RFC 7672) seem sensible, I
>> don't think we authors have a good handle on whether they are widely
>> deployed enough to justify a SHOULD in a BCP. We will reach out to folks
>> in the email community for guidance.
> 
> Both DANE and MTA-STS have now been around for some years and there is a
> body of operational experience with these protocols.
> 
> The story is roughly that:
> 
>      - Both require no changes in the receiving MTA, it just needs to
>        support STARTTLS and be configured with a "suitable" certificate
>        chain that meets the promised constraints (be they DANE, MTA-STS
>        or both).
> 
>      - Inbound DANE is supported on ~3.34 million domains.
> 
>          * Many are small domains MX hosted by the likes of:
> 
>             1,229,567 one.com
>               278,987 hostpoint.ch
>               170,237 infomaniak.ch
>               161,743 transip.nl
>               158,849 argewebhosting.nl
>               112,901 hostnet.nl
>               107,719 domeneshop.no
>               100,270 jouwweb.nl
>                96,866 loopia.se
>                95,410 webhostingserver.nl
>               ...
> 
>           * Some are email service providers hosting many users and
>             perhaps also customer domains, for example:
> 
>             web.de
>             gmx.de
>             protonmail.ch
>             mailbox.org
>             posteo.de
>             ...
> 
>      - Inbound MTA-STS is supported by a much smaller number (a few
>        thousand not millions) of domains, but notably these include many
>        of the largest email service providers:
> 
>          $ for d in gmail.com hotmail.com outlook.com yahoo.com aol.com; do
>              printf "%-20s " "$d"
>              curl -sLo - https://mta-sts.$d/.well-known/mta-sts.txt | grep '^mode:' || echo
>            done
>          gmail.com            mode: enforce
>          hotmail.com          mode: enforce
>          outlook.com          mode: enforce
>          yahoo.com            mode: testing
>          aol.com
> 
>      - Outbound deployment is considerably harder to measure, but
>        IIRC outbound DANE is supported by:
> 
>          * outlook.com and Azure hosted Exchange customer domains
>          * one.com
>          * transip.nl
>          * protonmail.ch
>          * mailbox.org
>          * posteo.de
>          * ...
> 
>      - The sending MTA does all the heavy lifting of implementing peer
>        validation per DANE or MTA-STS as applicable.
> 
>      - Software support for outbound DANE is included in Postfix, Exim, Halon MTA,
>        Power MTA, Cisco ESA, Microsoft hosted Exchange, ... with partial
>        support last I looked also in Sendmail and perhaps some Qmail
>        forks...
> 
>      - Software support for MTA-STS is NOT included in either Postfix or
>        Exim due to its rather unwieldy architectural footprint, with a
>        mixture of HTTPS and SMTP and complex per destination caches.
> 
>        At least in the case Postfix and Exim support for MTA-STS is
>        unlikely in the near term.  The developers have expressed explicit
>        distaste for the protocol.
> 
> Returning to the question asked: SHOULD MTAS support DANE and/or
> MTA-STS?
> 
>      - If the question is about the software stack, then:
> 
>        * Any MTA that supports STARTTLS already supports both inbound.
>        * Outbound support for MTA-STS is unlikely the leading open source
>          MTAs
>        * Outbound support for DANE is starting to be available even in
>          some of the cloud provider stacks, but is not yet prevalent.
> 
>      - If the question is about operator diligence then:
> 
>        * Inbound DANE requires DNSSEC support from both the recipient
>          domain and its MX host domain.  The primary operational burden
>          is on the MX host operator, and DANE scales very well when a
>          single skilled operator MX hosts many domains.  Adoption by the
>          domain hosting operator is growing, especially in northern
>          Europe, where DNSSEC-signing is presently also more prevalent.
> 
>        * Inbound MTA-STS requires an HTTPS server for policy publication,
>          with support for the ".well-known/mta-sts.txt" URL.
> 
>        * Both DANE and MTA-STS require careful management of associated
>          DNS records, in particular correct timing of DNS updates
>          relative to changes in certificate chains or the MTA-STS policy
>          respectively.
> 
>        * Outbound DANE requires a local validating resolver on the MTA,
>          which is comparatively easy to set up, but is an extra step
>          that holds back some smaller less-skilled operators.
> 
>          It also requires an X.509 layer in the TLS library that supports
>          DANE-style certificate chain validation.  This is currently
>          available in OpenSSL, but last I looked not in e.g. BoringSSL or
>          LibreSSL.
> 
>        * Outbound MTA-STS requires a complex long-term persistent policy
>          cache, and support for HTTPS probes in the MTA stack.
> 
> In light of the above, "SHOULD" is perhaps still a reach, though I do
> think that support for DANE is at this point a best practice.  As for
> MTA-STS, I am not convinced given its narrow scope of essentially
> just the largest operators that it was ever needed, policy for this
> set of operators could be implemented statically by those sufficiently
> inclined.  That is MTA-STS is IMHO too complex for too little gain,
> but I'm not exactly a neutral observer... :-)

Hi Viktor (and John too),

Thanks as always for the detailed information. I'll note that we already 
have the following text about HSTS in the section on "Strict TLS" 
(combining bullet points here for readability)...

    *  HTTP client and server implementations MUST support the HTTP
       Strict Transport Security (HSTS) header [RFC6797], in order to
       allow Web servers to advertise that they are willing to accept
       TLS-only clients. Web servers SHOULD use HSTS to indicate that
       they are willing to accept TLS-only clients, unless they are
       deployed in such a way that using HSTS would in fact weaken
       overall security (e.g., it can be problematic to use HSTS with
       self-signed certificates, as described in Section 11.3 of
       [RFC6797]).

Given the state of play for mail (and the ambiguity for non-mail 
application protocols), I might suggest that we add the following 
informational sentence at the end:

       Similar technologies exist for non-HTTP application protocols,
       such as MTA-STS for mail transfer agents [RFC8461] and methods
       founded in DNS-Based Authentication of Named Entities (DANE)
       [RFC6698] for SMTP [RFC7672] and XMPP [RFC7712].

We could also add something to the effect of "these technologies are 
experiencing increased adoption so, even though they are not best 
current practices at the time of writing, pay attention to future 
developments" but that's fairly wishy-washy. If we have a clear 
direction in the WG for normative language about DANE (for instance) at 
this time, then I'd be open to that as well.

Peter

v2.23.0 | Report a Bug | By Email