IETF Logo Mail Archive

Re: [Uta] "webby" STS and DANE/DNSSEC co-existence

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 14 April 2016 06:30 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 58D4312DD9F for <uta@ietfa.amsl.com>; Wed, 13 Apr 2016 23:30:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8cfQts_AzNJe for <uta@ietfa.amsl.com>; Wed, 13 Apr 2016 23:30:09 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72A0B12DD97 for <uta@ietf.org>; Wed, 13 Apr 2016 23:30:09 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 3FE7C284DCA; Thu, 14 Apr 2016 06:30:08 +0000 (UTC)
Date: Thu, 14 Apr 2016 06:30:08 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org
Message-ID: <20160414063007.GA17212@mournblade.imrryr.org>
References: <570C0CD2.9030401@cs.tcd.ie> <20160411212128.GA26423@mournblade.imrryr.org> <CANtKdUekXNkVvsfq0UjCiaaPVBgoVGfrfnYUrdoOf0EegXMuPg@mail.gmail.com> <20160413014304.GB26423@mournblade.imrryr.org> <CANtKdUf0kN5aOmX0-NsyQXz_+PRGfaXa37DFZoCX3FqdYh5CpA@mail.gmail.com> <etPan.570e8549.3d8c14b4.1614d@jcaps-rd2.us.oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <etPan.570e8549.3d8c14b4.1614d@jcaps-rd2.us.oracle.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/uta/pWiomF24qFExQATskgzcFDGZGuM>
Subject: Re: [Uta] "webby" STS and DANE/DNSSEC co-existence
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: uta@ietf.org
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2016 06:30:11 -0000

On Wed, Apr 13, 2016 at 10:43:31AM -0700, Chris Newman wrote:

> DANE is merely one method of validating a certificate, there can also be
> SMTP policy orthogonal to DANE.

Sure, but I don't see DEEP-style policy latches playing much of a
role, if any, in MTA-to-MTA opportunistic transport security.  No
plans to implement.  Sorry about that.

> Take for example, DEEP's 'tls11' and 'tls12' directives. Those specify a
> minimum acceptable version of TLS for future connections.

I don't see adding any support for this in Postfix.  Keep in mind
that MTA-to-MTA TLS is still opportunistic security even with DANE.
The client cannot be expected to jump through excessive hoops for
marginal gain.

Caching of TLS policy pins for every MX host ever contacted is not
a sensible requirement on the sending MTA.  Nor does this achieve
broad security, since secondary/tertiarry/... MX hosts are rarely
contacted, and MITM attackers can often block access to these, and
cause connections to use MX hosts that have not been used recently.
Caches with no size or TTL constraints are not viable.

The higher we set the bar for use of opportunistic TLS the less
useful it becomes.  We need to be reasonably modest in our goals,
so that they remain broadly achievable.

> So the question is where to put SMTP relay security policy
> that is orthogonal to DANE.

Opportunistic transport security for relays needs to avoid being
overly-prescriptive or require significant sender resources.

> Seems like wherever we choose to put the policy for SMTP relay STS (whether
> in a DNSSEC-protected DNS record, HTTPS well-known or SMTP+STARTTLS),
> that's where we should always look for SMTP relay policy.

DEEP is a fine hammer for MUAs, let's not make every SMTP-related
problem a DEEP nail.

DANE SMTP is deliberately minimally prescriptive.  The "floor"
security policy on acceptable ciphers and protocols will gradually
rise via adjustments to local policy and MTA software defaults as
older protocols and ciphers become increasingly rare.  Keeping the
design as simple as possible is a key feature.

If STS is to be a successful (be it perhaps in some sense secondary)
alternative it too needs to remain (or become) sufficiently simple.

Transparent interoperability is more important than dialing security
up to 11.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email