One other question about this proposal. My reading of DANE says that if a TLSA record is not verified by DNSSEC, you should basically ignore it. Precious few people have yet deployed DNSSEC (Paypal is the only company that comes to mind). If a zone hasn't deployed DNSSEC, I certainly understand not treating a TLSA record on _443._ tcp.bank.com as a valid SSL certificate for https://www.bank.com. But what about the case of SMTP? On SMTP, today you're going to connect on port 25, and you're going to either not see STARTTLS in which case you presumably will send mail unencrypted, or you will see STARTTLS and as we discussed earlier in this thread, probably just take whatever certificate you get and hope for the best.
Now, let's assume you have a TLSA record for _ 25.tcp.gmail-smtp-in.l.google.com, which specifies 2 1 1 and our certificate. Let's assume also for the moment that it's not secured via DNSSEC, and that DNSSEC deployment for google.com isn't going to happen overnight. Now, you've got an option. You can use that (admittedly insecure) information and do one of three things: 1. Ignore it and do what you would have done had you not seen the TLSA record (per the DANE spec) 2. Ignore the fact that it's lacking DNSSEC and treat it as "I should only send mail over TLS and expect the following cert" I'm curious what Postfix will do in that case, and what guidance we might be able to put into the draft in that case. For better or worse, there's probably others who are capable of publishing a TLSA record before they are capable of fully deploying DNSSEC. In the case of someone being able to spoof your DNS, they could just direct the MX records elsewhere, and not bother with spoofing TLSA (maybe they offer STARTTLS, maybe they don't). It doesn't seem like trusting the TLSA record opens you up to any new vulnerabilities here. In the case of HTTP, it does open you up to vulnerabilities as you presumably send secure cookies to a certificate you otherwise wouldn't have trusted. In the case of SMTP, you basically either bounce the mail or you deliver it; someone who can publish a fake TLSA record to mess with you could just as easily publish fake MX records to accomplish the same result, so it's not clear to me that a TLSA record for MX need to depend strongly on DNSSEC. Thoughts? On Wed, Sep 4, 2013 at 6:09 PM, Viktor Dukhovni <[email protected]>wrote: > On Wed, Sep 04, 2013 at 07:43:20PM -0400, James Cloos wrote: > > > VD> If you publish usage 0, you will not interoperate with Postfix, > > VD> which accounts for a large fraction of the MTAs on the Internet. > > > > I thought that you previously wrote that, in the absense of of CAfile > > setting, postfix would treat 0/1 like 2/3? Or did I miss a change? > > The mapping from 0/1 to 2/3 is best effort. With 1 it just works, > with 0 it fails with matching type != 0. > > Also Wes convinced me that we should not promise this behaviour in > the draft. Therefore, while Postfix may map 0/1 to 2/3 as best it > can the draft behaviour for these is undefined and SMTP servers > SHOULD NOT publish these usages. > > -- > Viktor. > _______________________________________________ > dane mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dane >
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
