Re: [Uta] MTA-STS-03 review
Daniel Margolis <dmargolis@google.com> Mon, 03 April 2017 20:53 UTC
Return-Path: <dmargolis@google.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 45604128C83 for <uta@ietfa.amsl.com>; Mon, 3 Apr 2017 13:53:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MARKETING_PARTNERS=0.001, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 228bCNtZItos for <uta@ietfa.amsl.com>; Mon, 3 Apr 2017 13:53:03 -0700 (PDT)
Received: from mail-it0-x231.google.com (mail-it0-x231.google.com [IPv6:2607:f8b0:4001:c0b::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AAAA126FB3 for <uta@ietf.org>; Mon, 3 Apr 2017 13:53:03 -0700 (PDT)
Received: by mail-it0-x231.google.com with SMTP id a140so18160472ita.0 for <uta@ietf.org>; Mon, 03 Apr 2017 13:53:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to; bh=rvI0iLP7347w3d6yllpEAgUMi4XDsHR1Mg0t9V5yIjM=; b=DzPptlm5bWM6sLFHnSMPoYXmNYeWy5LzZ/yVIDEUE4w6xOGlw5A+5Khoe4LaLueLuD KdHUmbEg81DmDXAak70JDcLg8BO50jdcZ1x+YhSi07kj+Kg9J7C6TiNWjSS7hUx/m1Lo MpDfz1t2LzDII4/oPuDwrn+JW6cPfsRAIaaH9GOKOYuvnVV7TvEjmx931hmwN3OYv0xD IuIkIQXREw7sty9OKjVdigCvfygPeZ+BdnKcD3Hy1tqB8dPjb3JN8EJWo1DkUXlk3p8B sRNIP0AVPDJ0tvROt0vQglJ4rB6qKv8zf3kzQPMsbfNP3LnUo6amZxXP5Lql/atB7q+U W2ng==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to; bh=rvI0iLP7347w3d6yllpEAgUMi4XDsHR1Mg0t9V5yIjM=; b=AksBh74FeYOcEmz/Hcsknyya9ViZNdN4ORX2/Gzpc4PGc+jNMbXBEh3VrXaQLIcpNS NJJwVmrdF/mMZQtt/vKiUxz5VBhBrUiTsjKXEFVEffACS802NWUBdqz07o6fUDrlAOVY 9yz3JfAo6yW8dXrIEmavHEz37nwdijEB9vSOL0mswH2lJnVnJqlni7GQNn1gbuMdjA/B qLS/Lkt+HEzPJl0u4/aiO8d8XgtxUU3fzacKHXsRcmav80EqaEmLjHfvIbg+8Il8XMtf 3BsPOzNMZzyBYE9sFmjiLW/R+yh56vJb8Z5VzK6UtPtAcmWeNkMsY5DulCzp3udvT+wo 4EwQ==
X-Gm-Message-State: AFeK/H2NLty4oEwSiIYykcS8PCSPdghTsShi+HC4LmgtSU1lAPf089Ot xTbSLyi0+qh5OQDlPzDT/w3cezkODTVWbdBDWA==
X-Received: by 10.36.115.146 with SMTP id y140mr4216051itb.21.1491252782025; Mon, 03 Apr 2017 13:53:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.39.215 with HTTP; Mon, 3 Apr 2017 13:53:00 -0700 (PDT)
In-Reply-To: <20170403193531.GO25754@mournblade.imrryr.org>
References: <4C0807DA-4852-4DAC-80ED-8A25371CFFAA@dukhovni.org> <CANtKdUfOZYSr_SuGHdDHHgrF8J5VjEWwVw_7KC2xS5DrCKhu-w@mail.gmail.com> <20170326205218.GN11426@blitiri.com.ar> <92500952-2A50-4508-8686-03CDBF72485D@dukhovni.org> <CANtKdUfL+RT05KSqj5i4YeoRa=gHywNosou2VPF6acPDpRhG0g@mail.gmail.com> <20170330105556.GR11426@blitiri.com.ar> <20170403193531.GO25754@mournblade.imrryr.org>
From: Daniel Margolis <dmargolis@google.com>
Date: Mon, 03 Apr 2017 22:53:00 +0200
Message-ID: <CANtKdUdYU0yvQOXHqkvtD06jvEyNhhtwA2JSS9MzFE-XHcJh_Q@mail.gmail.com>
To: uta@ietf.org
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="001a11443bc2627958054c495851"
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/t3RvuTiv7Gvv89arCqMHHoznxqQ>
Subject: Re: [Uta] MTA-STS-03 review
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Apr 2017 20:53:06 -0000
>
> That, unfortunately, means modifying the complex MX host selection
> code in the MTA, which up till now has been quite separate from
> TLS authentication. I would really like to avoid touching the MX
> processing loop, and implement TLS policy strictly in the TLS
> handshake layer.
To rathole very slightly on this--and not looking at the Postfix code
specifically, say--I don't really understand this point.
In hypothetical pseudocode, your MX is going to be doing something like
this:
for candidate in mx_list:
if try_to_send(candidate):
success = True
break
And in the cert validation (or DANE validation or anything else) step, we
modify "try_to_send()" to close the connection and return False if the cert
validation fails, no?
So your point seems to be that the MX selection logic must be modified to
support the MX matching approach:
for candidate in filter_mx_list(mx_list):
# etc
Right? But why would you not simply modify "try_to_send()" to check the
hostname against the policy (same as it would check the cert SANs or CN
against the policy)?
I'm not trying to get too into the pseudocode since this is a vast
oversimplification, but I'm afraid I don't understand the distinction you
are drawing between modifying candidate selection and modifying cert
validation. Can you explain a little more?
Thanks.
On Mon, Apr 3, 2017 at 9:35 PM, Viktor Dukhovni <ietf-dane@dukhovni.org>
wrote:
> On Thu, Mar 30, 2017 at 11:55:56AM +0100, Alberto Bertogli wrote:
>
> > > 2. It seems (and I suspect this was part of Viktor's motivation) to
> match
> > > nicely with https://tools.ietf.org/html/rfc7672#section-3.2.2, which
> if I
> > > read it correctly leaves the door open to a certificate matching the
> > > nexthop domain rather than the MX hostname; by requiring MX hostname
> > > matches in STS we would break that behavior.
> >
> > Yes, my reading from that reference is that the nexthop domain can be
> > used to match as well.
> >
> > > I think #2 is a pretty compelling point.
> >
> > It is definitely a point, but I'm not sure it's that compelling (sorry
> > Viktor!).
> >
> > There's, AFAIK, no very clear and well defined way to do certificate
> > matching for MTA-to-MTA TLS connections, and this RFC is a chance to fix
> > that.
>
> Well, the prior practice, since at least 2007 in Exchange, and 2005
> in Postfix, is to match the destination domain, rather than the MX
> hostname (which obtained from DNS MX lookup was not secure).
>
> This is used for bilaterally coordinated "secure-channel" TLS
> "tunnels" between partner sites.
>
> > Differring from that, and adding complexity to how SMTP does TLS
> > validation based on a particular section of RFC 7672 which, as far as I
> > know (and please correct me if I'm wrong) is not widely deployed and
> > hasn't got nearly as much production exposure, seems to me to be risky,
> > and is IMHO not worth it.
>
> Well, RFC7672 did not create this feature from thin air. The reason
> it appears in RFC7672 is to support existing practice. It is true
> that non-opportunistic TLS was not especially common in SMTP (due
> to lack of scalability), but it was used.
>
> A site that has the destination domain in the certificate can
> support both DANE and secure-channel mandatory TLS.
>
>
> > Bringing SMTP certificate validation in line with how HTTPS
>
> Analogies between HTTPS and TLS for SMTP are often misleading if
> not outright damaging. So having differences is somewhat of a
> feature.
>
> > Note, in case it's not clear, that I'm not advocating for the removal of
> > the MX list from the policy, but to keep it as in the current draft
> > (i.e. use it as a filter mechanism, and then do TLS validation on the
> > resulting MX name).
> >
> > All this said, I don't want to drag my point along or interfere with the
> > normal flow of things. I much appreciate your thoughtful replies, and if
> > you don't find my arguments convicing, I understand :)
>
> That, unfortunately, means modifying the complex MX host selection
> code in the MTA, which up till now has been quite separate from
> TLS authentication. I would really like to avoid touching the MX
> processing loop, and implement TLS policy strictly in the TLS
> handshake layer.
>
> --
> Viktor.
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>
- [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Jeremy Harris
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review David Illsley
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Alberto Bertogli
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Alberto Bertogli
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis
- Re: [Uta] MTA-STS-03 review Viktor Dukhovni
- Re: [Uta] MTA-STS-03 review Daniel Margolis