Re: [Uta] Comments on draft-ietf-uta-mta-sts-03
Daniel Margolis <dmargolis@google.com> Mon, 27 March 2017 20:42 UTC
Return-Path: <dmargolis@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A5F2129669 for <uta@ietfa.amsl.com>; Mon, 27 Mar 2017 13:42:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rgx_wQio6Of2 for <uta@ietfa.amsl.com>; Mon, 27 Mar 2017 13:42:18 -0700 (PDT)
Received: from mail-it0-x22b.google.com (mail-it0-x22b.google.com [IPv6:2607:f8b0:4001:c0b::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F3CC12966C for <uta@ietf.org>; Mon, 27 Mar 2017 13:42:15 -0700 (PDT)
Received: by mail-it0-x22b.google.com with SMTP id y18so69273884itc.1 for <uta@ietf.org>; Mon, 27 Mar 2017 13:42:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=/n6sXkMBxvx2TQIGJU5pwV4nc9tWJqbEk41jctFva6w=; b=faGq5dInx3Qj3MySNDQmu+H1SbcKtJ7KsggGMXP0X6XC0V/rJjmuyNP9qMRyKnuGrD meersUMQVGfW4SLDLtU3YnaRwpHzu2OBGA5eauO9oIe8RgTUIKR6gagFWXT/qwOfRkwM WruH0Wn6RWGvfEq4U1c7B12zKbronXTyA+i1C9aslq3BY/pU2RVNC9pCtJlhPNt9G1jS WILpzBpa9aWR58izehGJZOVifZpjPTSs1xSGOBNJfw1YE486PpVOSAZThZhSOxu+BbVz ZawhgSTmjBqsfFqm2wUAlEQU3l7RzHzYCpnKtjs+mBVuCQIBOFlwUYMjGkIdw0In+OGu WQig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=/n6sXkMBxvx2TQIGJU5pwV4nc9tWJqbEk41jctFva6w=; b=l5mNMJmCxRboHX+TjdqSgvwbkJ/PUS1lb0Wr/fnGmiuuEN3OkJnw2CeXfh9dYQ2qZM FjEoDD+efzjUWE2HOCAno1WZtXLXsdgEQ5sAXwdaZpKZR3gXY1LA9Sav2l36+pLu5Cmb N7mixkZhSHoaE0+a1dsm3EI5NJTnzhE9O01K2zv4tYP/ktP/t8NrrdiUdHDeV8GAFOEt DMy/rdcKiV/IiNqlNPT125iv6Emb2nNBtXSVmcDbHjqSpoxhF4SW4jrCSBlJqy6qo133 gtF88IVXsg+JWuGdZ25/G5chmaJgxAKPbuj/fV53JyIKr0igIb58jAIx7qIpoRof/91+ iIrA==
X-Gm-Message-State: AFeK/H0BEAqFgCQ8IgjmpB6twplo2Mk/5J4xSpiFwVHCPNCUZ2FO0Dza/wVym747A+srr5FcUwiMVXUeFqbmO4jo
X-Received: by 10.36.80.213 with SMTP id m204mr11277047itb.105.1490647334065; Mon, 27 Mar 2017 13:42:14 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.39.215 with HTTP; Mon, 27 Mar 2017 13:42:13 -0700 (PDT)
In-Reply-To: <FA3784DC-3BA0-452D-9AB2-8FF7D7AB5AC8@dukhovni.org>
References: <d42e535b43f14fc68b9b3e22cdff2e51@EXC01-Arezzo.diennea.lan> <BF2CE255-261C-4006-B8C9-9D9518EF258F@dukhovni.org> <909c4e01-3701-ae7a-2406-f3aa4dfeefe8@bluepopcorn.net> <FA3784DC-3BA0-452D-9AB2-8FF7D7AB5AC8@dukhovni.org>
From: Daniel Margolis <dmargolis@google.com>
Date: Mon, 27 Mar 2017 22:42:13 +0200
Message-ID: <CANtKdUf017dd-8uCjNXTH95Qf5df_Urc_ruLRpyWhvtaip5g0w@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a1145f2fadf1f53054bbc606b"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/jljDObjYaw3UqxJ6IKLijk5_MCI>
Subject: Re: [Uta] Comments on draft-ietf-uta-mta-sts-03
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 27 Mar 2017 20:42:20 -0000
I'm also not convinced that it is harder to block the HTTPS request, since
the hostname there is not the nexthop domain but is itself a special
hostname ("mta-sts"). Given that, an attacker who can block the TXT can
just block the CNAME/A/AAAA record for "mta-sts".
You'd have to get rid of that and host the .well-known path at the naked
domain (or something innocuous, like www) for that to not work (without the
risk of noticeable side effects), and that has serious downsides in other
ways.
That said, while I'm not sure this focus is incorrect, it is worth
restating that for many cases--notably, for large hosts who cannot easily
deploy DNSSEC because of unrelated constrains--the primary defense against
persistent refresh blocking will be transparency, in the form of reports
(like Postmaster Tools), person-to-person contact, etc.
(To analogize very slightly to a mostly different context, the same
argument applies to provide some justification for "unsafe" defaults on,
say, WhatsApp end-to-end encryption: while key-exchange MITMs are
possible--a sort of spiritually similar attack to the policy discovery
attack here--as long as some people are turning on key validation some of
the time, any *widespread* MITM is likely to be discovered, posing a
substantial risk to bulk interception.)
On Mon, Mar 27, 2017 at 5:17 PM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:
>
> > On Mar 27, 2017, at 11:05 AM, Jim Fenton <fenton@bluepopcorn.net> wrote:
> >
> > The TXT record is more than an efficiency aid if cloaking it causes the
> > policy not to be discovered at all. OTOH, if it is used just to discover
> > policy updates, we wouldn't have that problem. But that would increase
> > the traffic load on the HTTPS server considerably.
>
> The phrase "the HTTPS server" hides an important assumption, namely
> that there is an HTTPS server in the first place. For the majority
> of domains there will (for some time) be no STS policies, and no
> secure way to discover whether there should be a server or not.
>
> Publishing an STS policy is not a requirement for SMTP, so STS
> discovery is opportunistic, and for lack of DNSSEC vulnerable
> to downgrades.
>
> The cacheable TXT record is an efficient mechanism for signalling
> when to try to load a (new?) policy.
>
> If we did not want to signal expedited updates by changing the id,
> the signal could be just the existence of an A record for some
> "reserved" hostname in the domain, but that also runs into the issue
> that reserved hostnames are not a good idea or popular at the IETF.
>
> --
> --
> Viktor.
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>
- [Uta] Comments on draft-ietf-uta-mta-sts-03 Federico Santandrea - Diennea
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Viktor Dukhovni
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Daniel Margolis
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Jim Fenton
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Viktor Dukhovni
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Daniel Margolis
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Federico Santandrea
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Federico Santandrea
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Daniel Margolis
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Daniel Margolis
- Re: [Uta] Comments on draft-ietf-uta-mta-sts-03 Viktor Dukhovni