New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
duplicate #1
Comments
Not at all. I appreciate the links. I'll try to reply as best I can; some of these links (particularly the mailing list threads) are new to me, though. DEEP: The last I looked at the DEEP draft it was, to the best of my reading, only for MUA-server connections, not server-server connections. So this would be a complementary protocol. Your link [1] is quite on target. We started out by analogizing to HSTS, and similar suggestions have been made (I believe on this list) in the past by some of my colleagues (https://www.ietf.org/mail-archive/web/dane/current/msg06044.html, https://www.ietf.org/mail-archive/web/ietf-smtp/current/msg07768.html). I think there's a lot to like about this, but there are two reasons (that I can think of offhand) to prefer a DNS-based approach over an SMTP extension:
Without the second property, pinning becomes in certain ways irrevocable, which is of some concern for the hosted use case, especially if you want to both make such security features available to hosted customers and to avoid locking them in during early stages of adoption. That said, I am very open to suggestions on how to improve this or bring it in line with complementary efforts, of which, as you say, there are quite a few. Our goal was really to try to figure out what we could do today-ish that would both provide a real security benefit and complement further work (by us and, hopefully, others) down the road. Do you think we miss that target? Do you think there are changes we should consider to improve on either of those goals? Thanks for the thoughtful comments and links. Dan |
I've also thought about a way for feedback, though I've not a final, presentable solution yet. We seem to have the usual "not invented here" problem. TACK was a better solution in my opinion but Google heavily pushed for HPKP and HSTS in IETF and other bodies instead, we now have zero pinning deployment on the web [0]. As an attacker, I will attack anything that relies on DNS with ease in a local WiFi/LAN and at the carrier as nation-state or soon-to-be-ousted-government attacker. This is also why DNSSEC and DANE are broken by design [1] [2]. As I understand this solution it's very useful to large hosting providers - controlling a lot of support infrastructure, but again, you're doing well. I know, I use Gmail for my domain :) Most MXs on the Internet are some small Postfix, Sendmail or ancient Exchange boxes that won't do that well and are barely reachable nor anywhere near secure and have no "proper" DNSSEC setup, DMARC et cetera. We need a real solution for them. I think the solution is something that works without use of DNS but TACK (which is a TLS extension anyway) and maybe a $PROTO extension. Maybe even something custom with JOSE [3] providing feedback? Need to think about that last one though, not sure. BTW why do you prefer XML to JSON? My preference would be to abolish all current e-mail protocols and build something that fits today's times, considering the deployment of more than 4 million mail servers on the Internet this is not likely to happen in any considerable amount of time. Which also means we need a solution that is easy to deploy (say Aaron [0] - https://www.ietf.org/proceedings/92/slides/slides-92-saag-2.pdf |
It might be not-invented-here, but (as in all such cases) that's not the I think our proposal is somewhat tolerant of compromised DNS. (In fact, You could do more or less the same thing as we proposed with x509 But there's no particular preference for DNS here, of course. Another The XML is mostly cribbed from the existing DMARC reporting format. I Dan On Thu, Dec 3, 2015 at 9:57 PM Aaron Zauner notifications@github.com
|
I'm not sure the run-of-the-mill postmaster will have such ease publishing DNS records nor a web-page to which his domain belongs (there's often a lot of indirection and bureaucracy, think universities and large non-tech organizations/companies), even less so for authenticated DNS (DNSSEC). MTAs usually have unsigned certificates, they're now required to use signed ones for out-of-band authentication anyway by your proposal (as far as I can tell). TACK deals nicely with the problem of untrusted/unsigned certificates. The caching is nice but I think TACK would do more nicely. What I really like about your proposal is the feedback-loop, I don't like that it is completely out-of-band though. I've suggested and discussed a very similar out-of-band design using HTTPS but quickly abandoned it after discussion with other crypto and security people this last January at RWC15. I have no particular problem with XML there (doesn't seem to be too bloated), just curious. The draft is still unfinished, so I guess my commenting is a bit unfair. But it might help to improve the draft. Depending on the way you go I'd even collaborate on it -- the draft should maybe explicitly state deployment problems for small-scale set-ups and choose a more appropriate name as I cannot imagine this tech. to be widely deployed among mail servers in a couple of years (but who knows, I've been wrong on quite a few occasions. DNSSEC and IPv6 security were not among them for now :)). What do you define as "MTA changes"? MTA server daemons will have to be upgraded (e.g. Thanks, |
(Sorry for the slow reply. This was in my Drafts folder for a while.) I think depending on DNS TXT records is pretty reasonable, since I'm happy to integrate changes and suggestions, by the way. It's probably a Anyway, feel free to send along pull requests or more suggestions. Thanks! Dan On Tue, Dec 8, 2015 at 12:06 AM Aaron Zauner notifications@github.com
|
Hey Dan, I have no issues with XML. I was just curious why it's used here. Makes sense - as you say - with DMARC sporting a similar syntax and using the same markup language. That wasn't my problem with your proposal, I did already note that. I don't really follow what you mean by "TACK also falls into this camp"? Could you explain in more detail? I'd be very interested as I'm working on a TACK based proposal. TACK is especially interesting for MTAs as these usually use unsigned Certs. TACK is not a X.509 (PKIX) extension, it's a TLS extension. Which means roll-out is as easy as shipping an OpenSSL update (noted before) with some hooks in MTAs. Which would be required with your proposal as well (out-of-band authentication via WebPKI - the MTA still has to signal there somewhere). I actually think the MTA integration would even be simpler with TACK + SMTP extension than with the current SMTP-STS proposal. Added to that is the deployment problem for small mail-shops, as I've noted before - these would have a much easier time upgrading their MTA and TLS libraries, on any platform really. Setting up the out-of-band WebPKI authentication (which, again, requires valid certificates in the first place) will be more bothersome to them. Let me quote from the TACK draft (https://datatracker.ietf.org/doc/draft-perrin-tls-tack/) as of version 02. Section 5.3:
As you see, this is entirely optional.
Section 3 describes the TACK extension in more detail:
Working code: https://github.com/tack (we need to build on that and get it running, too. I know.) As I've noted before; the draft is expired and some work would be needed to update it to todays recommended crypto standards (see CFRG discussion on new signature algorithms, curves et cetera). TACK was originally designed for Thanks, |
But these are orthogonal concerns (as I think you indicated): telling MTAs On Mon, Dec 21, 2015 at 8:09 PM Aaron Zauner notifications@github.com
|
Sorry for the delay, have been busy the last couple of days and without a notebook/PC. I don't really follow your last sentence could you clarify what you mean by "require certificate validation for these domain names"? sAN? SMTP banners not matching CNs in certificates? As it stands today the TACK proposal is not very useful for this approach (MTA to MTA security), I'm currently looking into updating it and maybe define the SMTP extension and 'MTA TACK' in a single document. I'm still speaking with operators and implementers about details and am a bit busy with research as well at the moment, but I hope to have something ready to present within the next month or two. Thanks, |
Hi I think what he meant is that we need something like STS to say "when you Thanks for all the commentary. Happy New Year On Wed, Dec 30, 2015, 1:10 PM Aaron Zauner notifications@github.com wrote:
|
Header, TOC, and brief scenario and testbed description
Closing this as an "issue" because the discussion has moved to the uta thread. |
@mrisher is the offer on looking into MTA-TACK for auth/validation still open? I had been busy until recently and as you had published this to UTA by then I figured we should just go on over there. |
Hi,
There's already a couple of proposals being worked on in that direction. One is called DEEP [0]. I've presented a similar solution to your draft to UTA in july at IETF93 and on list (though not very formal) [1] using JSON instead of XML -- which could also be used for MTA-MTA, though this is an issue. DEEP actually brings security indications for user-agents as well. For MTA to MTA traffic we have a huge problem with fallback: which is, of course, plaintext if we fail to establish any new scheme properly between servers. TACK and a local cache could do, I've written about this to UTA [1] multiple times [2]. I've also presented our preliminary e-mail TLS-enumeration results at IETF93 in the security area open meeting [3] warning about large-scale MITM attacks. A document that updates various e-mail related RFCs on how to handle certificate validation is currently in IETF Last Call in UTA [4]. Distributing policy information via DNS has the usual problem of missing DNS authenticity and zero DNSSEC deployment. Even where DNSSEC is available, upstream ISPs collaborating with governments will deliver wrong records. This might be nice for large mail hosters but will yield zero additional security for all of the small MXs that are out there. You guys are already doing pretty well anyway.
Am I missing something? Sorry, I'm not trying to be rude - just curious what you are up to.
Aaron
[0] - https://datatracker.ietf.org/doc/draft-ietf-uta-email-deep/
[1] - https://mailarchive.ietf.org/arch/msg/uta/nB5Vf_8BRhYR54fNrYn4CeNVh0o
[2] - https://mailarchive.ietf.org/arch/msg/uta/coFJM0sU6nL-ycJ5nMyAx4rN8Qg
[3] - https://www.ietf.org/proceedings/93/saag.html
[4] - https://datatracker.ietf.org/doc/draft-ietf-uta-email-tls-certs/
The text was updated successfully, but these errors were encountered: