Re: [Uta] Last call: <draft-ietf-uta-smtp-require-tls-03> "SMTP Require TLS Option"
"Valery Smyslov" <smyslov.ietf@gmail.com> Thu, 16 August 2018 06:53 UTC
Return-Path: <smyslov.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C9376130EE9 for <uta@ietfa.amsl.com>; Wed, 15 Aug 2018 23:53:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_SORBS_WEB=1.5, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LlLYIIko8wmI for <uta@ietfa.amsl.com>; Wed, 15 Aug 2018 23:53:27 -0700 (PDT)
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com [IPv6:2a00:1450:4864:20::135]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A04FB1271FF for <uta@ietf.org>; Wed, 15 Aug 2018 23:53:26 -0700 (PDT)
Received: by mail-lf1-x135.google.com with SMTP id a4-v6so2623470lff.5 for <uta@ietf.org>; Wed, 15 Aug 2018 23:53:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:references:in-reply-to:subject:date:message-id:mime-version :content-transfer-encoding:thread-index:content-language; bh=fcHk9ni62cygtvwccVziu76e9Se8nAwNmSzx27VLHhk=; b=aPfndo1TIkrYJPragps+B+20IaEFhbyjzNAmTQy5ROSalA6BnIK3N5chjwqCu5Sijs kSDw0t3SYNtbip9aHlDZiEvhev2HrTDTN5z4lBx4Y2YOSss6d2UYhghHIPbZCM7oWZ9P EQgwVc+nbIZ1n/B/07c8x2B83wEAhl8msQE3Wh+YNbzJqamrt4PbMYCUPnCkIGavgzqZ BnMkH+LVf44br2d9kZWlarT2IFwmwX2A3zjmF3VLec18hkdhUeanirhPdD5zgBknm5w7 8fJjqXO2XJXNx5Cf6Mb898dVkA568B8tPkHjw9mfu/ZuzUqCb14AUoD1KJleRm1lxfTZ eH6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:references:in-reply-to:subject:date :message-id:mime-version:content-transfer-encoding:thread-index :content-language; bh=fcHk9ni62cygtvwccVziu76e9Se8nAwNmSzx27VLHhk=; b=RFtKAnIcDNUzDcxVcikDi/eZwbJRfrCVLsZkM5H6Cb9lk6zDdsGuYQS2WSHfalaxNX PFjJ01RT6VnuTwWCRY5AyCLhIIMnz3ECIez1ycdrIUv4KeDaZLRiy8fyhZjT4fRi4/iT veWu/lvGZ99xkjfjgHgatz2pNO1jiUnF2H05MkhB6+T/Mzuu44o++ywT1jqvPptxZX2I dRIGdEm2XAnZH9uWy9UCg7YftTdWWWuH2JfTvTAlHV5eVbxyuhPrUH40zNdsfVX2nwfI SA+FkMXf9mSvD8yOYueuBkzQlmLTanSbgQgAHpccg1VmhxGgr3E3JIxXDRBGj+Q9pW7m 5vKw==
X-Gm-Message-State: AOUpUlEFACXpG4WJ2s0zVAh7G36YTdQuvo/bY5HqDXT1nt9uU5GhOSVi CtlKs9Yzsklk/F0BvWHJnESFTPYt
X-Google-Smtp-Source: AA+uWPykeBhjArvMwd3TTaEHxluvjAcdBdgIhrPG8d2SAEDI2P14B3PgdSglHAYw1jPno9Z3G4oBeg==
X-Received: by 2002:a19:6801:: with SMTP id d1-v6mr18198323lfc.8.1534402404783; Wed, 15 Aug 2018 23:53:24 -0700 (PDT)
Received: from buildpc ([82.138.51.4]) by smtp.gmail.com with ESMTPSA id z10-v6sm4229842ljh.57.2018.08.15.23.53.23 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 15 Aug 2018 23:53:24 -0700 (PDT)
From: Valery Smyslov <smyslov.ietf@gmail.com>
To: 'Jim Fenton' <fenton@bluepopcorn.net>, uta@ietf.org
References: <002801d434a7$fab29f60$f017de20$@gmail.com> <a320d95a-e0a4-4c15-ee85-97070bfebba4@bluepopcorn.net>
In-Reply-To: <a320d95a-e0a4-4c15-ee85-97070bfebba4@bluepopcorn.net>
Date: Thu, 16 Aug 2018 09:53:16 +0300
Message-ID: <00ce01d4352d$cf6a2ef0$6e3e8cd0$@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: AQHuGN2y3Kp4S5ljLyZtHNXNl69yFALOijK/pHemuBA=
Content-Language: ru
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/nJCUhi5N3QyCp0Q_BCWgikGy2a0>
Subject: Re: [Uta] Last call: <draft-ietf-uta-smtp-require-tls-03> "SMTP Require TLS Option"
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Aug 2018 06:53:29 -0000
Hi Jim,
> Valery,
>
> Thanks for your review. Responses inline.
>
>
> On 8/15/18 7:55 AM, Valery Smyslov wrote:
> > Hi,
> >
> > here is my review of the document.
> >
> > The draft is well written, however I found few places where it could be improved.
> >
> > 1. Section 2:
> >
> > In the following para:
> >
> > In order to specify REQUIRETLS treatment for a given message, the
> > REQUIRETLS option is specified on the MAIL FROM command when that
> > message is transmitted. This option MUST only be specified in the
> > context of an SMTP session meeting the security requirements that
> > have been specified:
> >
> > The last sentence uses uppercase MUST, while in fact using MUST NOT is more
> > appropriate giving the meaning of the sentence. I.e. "This option MUST NOT be
> > specified unless all the following requirements are met in the context of SMTP session:"
>
> "MUST only" is logically equivalent to "MUST NOT...unless". Since
> they're equivalent, I have no objection to the wording you suggest,
> although IMO "MUST NOT...unless" is somewhat of a double negative as
> compared with "MUST only".
Well, my reasoning for the change is as follows. The "MUST" word is a
positive imperative (do it), while the "MUST NOT" is a negative one
(don't do it). In fact, the construction "MUST only" changes the imperative
from positive to negative (don't do it unless), so I think that it is more
appropriate to rephrase the sentence so that uppercase imperative is negative.
> > And in the following list I believe using uppercase words is unnecessary,
> > since they described not a protocol (REQUIRETLS) behavior, but
> > the requirements for REQUIRETLS to be used. I suggest changing
> > those MUSTs to lowercase.
> >
> > o The session itself MUST employ TLS transmission.
> >
> > o The certificate presented by the SMTP server MUST either verify
> > successfully in a trust chain leading to a certificate trusted by
> > the SMTP client or it MUST verify succesfully using DANE as
> > specified in RFC 7672 [RFC7672]. For trust chains, the choice of
> > trusted (root) certificates is at the discretion of the SMTP
> > client.
> >
> > o Following the negotiation of STARTTLS, the SMTP server MUST
> > advertise in the subsequent EHLO response that it supports
> > REQUIRETLS.
>
> I'm not claiming to be an expert on RFC 2119 usage, but the three MUSTs
> that you cite are absolute requirements of the specification. It could
> be worded to be more normative to the implementation of REQUIRETLS, that
> in order to send a message requiring TLS that the session MUST employ
> TLS transmission, verify certificates, and advertise its support of
> REQUIRETLS in STARTTLS sessions. But I still think that my use of
> uppercase MUST is proper. Other opinions?
Well, my understanding of using RFC2119 words is that they describe
the behavior of the protocol being specified. These bullets are not
the REQUIRETLS protocol, they are prerequisites for REQUIRETLS,
while the behavior of the protocol ("don't use REQUIRETLS unless
all the prerequisites take place") is described in the previous para,
where uppercase word is needed. Putting it differently,
I as implementer usually look for all uppercase words in the spec to make
sure that my implementation meets all the RFC2119 words requirements.
In this case implementers of REQUIRETLS have no control over
these bullets, they take place outside REQUIRETLS code.
Well, in case of any doubt we can leave this to IESG.
> > 2. I also have a question regarding the last bullet above - why advertising
> > REQUIRETLS is linked with negotiation of STARTTLS?
> > It is my understanding that TLS session may be established
> > without negotiation STARTTLS (as recommended by RFC8314),
> > so why the last bullet doesn't say just: "The SMTP server must
> > advertise in the EHLO response that it supports REQUIRETLS"?
> > Am I missing something here? The same question is applicable
> > to the first para in Section 4.3, where STARTTLS and REQUIRETLS are
> > also logically linked.
>
> As Jeremy Harris pointed out while I was typing this, REQUIRETLS is only
> accepted within TLS-protected sessions. I had originally proposed
> advertising REQUIRETLS in all EHLO responses (TLS or not) as an
> optimization (don't bother negotiating STARTTLS if you have a message
> requiring TLS and the server doesn't support REQUIRETLS) but that
> wouldn't have been correct.
>
> But you are correct that REQUIRETLS should be advertised in EHLO
> responses for all TLS-protected sessions, not just STARTTLS. Support for
> REQUIRETLS in such sessions was an afterthought on my part and I seem to
> have missed that adjustment here.
That was my point. To be clear - I don't propose advertising REQUIRETLS
in non-TLS sessions, I only want to decouple it from STARTTLS, because
TLS session can be established either with STARTTLS or implicitly
by connecting to a port 465, and RFC8314 suggests the latter way
to be preferred over the former.
> > (and note a typo in a second bullet above: s/succesfully/successfully)
>
> Thanks!
> >
> > 3. Section 8.1.
> >
> > REQUIRETLS is generally effective against passive attackers who are
> > merely trying to eavesdrop on an SMTP exchange between an SMTP client
> > and server. This assumes, of course, the cryptographic integrity of
> > the TLS connection being used.
> >
> > I assume that it is encryption (and not an integrity) that protects
> > messages confidentiality against passive eavesdroppers, doesn't it?
>
> I didn't mean content integrity -- I meant that the TLS session has
> integrity (i.e., is secure). But I can see how this might be interpreted
> as you have read it. Perhaps it should say "cryptographic security"
> rather than "cryptographic integrity".
That would be more correct (at least formally).
Regards,
Valery.
> -Jim
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
- [Uta] Last call: <draft-ietf-uta-smtp-require-tls… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jim Fenton
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jeremy Harris
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Valery Smyslov
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Viktor Dukhovni
- Re: [Uta] Last call: <draft-ietf-uta-smtp-require… Jim Fenton