Re: [Uta] Comments on draft-ietf-uta-mta-sts-03

Federico Santandrea <federico.santandrea@diennea.com> Tue, 28 March 2017 10:18 UTC

Return-Path: <federico.santandrea@diennea.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D0221293D9 for <uta@ietfa.amsl.com>; Tue, 28 Mar 2017 03:18:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NXPp_2ct1-wa for <uta@ietfa.amsl.com>; Tue, 28 Mar 2017 03:18:09 -0700 (PDT)
Received: from mail3.informatica.it (mail3.informatica.it [151.99.189.163]) by ietfa.amsl.com (Postfix) with ESMTP id 9151F129353 for <uta@ietf.org>; Tue, 28 Mar 2017 03:18:09 -0700 (PDT)
From: Federico Santandrea <federico.santandrea@diennea.com>
To: uta@ietf.org
References: <d42e535b43f14fc68b9b3e22cdff2e51@EXC01-Arezzo.diennea.lan>
Message-ID: <7113f172-0742-05b3-c504-8763175df7f0@diennea.com>
Date: Tue, 28 Mar 2017 12:18:08 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <d42e535b43f14fc68b9b3e22cdff2e51@EXC01-Arezzo.diennea.lan>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-GatewayId: federico.santandrea=2.634461300016064633130110@diennea.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/ueHkCG_3mcsOXGFAUdk4npg0acM>
Subject: Re: [Uta] Comments on draft-ietf-uta-mta-sts-03
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Mar 2017 10:18:11 -0000

 From Security Considerations section of draft-ietf-uta-mta-sts-03:

    "Similarly, we consider the possibilty of domains that deliberately
    allow untrusted users to serve untrusted content on user-specified
    subdomains.  In some cases (e.g. the service Tumblr.com) this takes
    the form of providing HTTPS hosting of user-registered subdomains
     [...] In these cases, there is a risk that untrusted users would be
    able to serve custom content at the "mta-sts" host, including
    serving an illegitimate SMTP STS policy."

It's likely that such domains serve wildcard certificates for
user-specified subdomains. I think a further mitigation of this could
be to require the HTTPS connection's certificate to be valid precisely
for the mta-sts.example.com host, ignoring wildcard matches.

-- 
Federico