On Sun, Jul 19, 2015 at 01:52:53PM +0000, Rose, Scott wrote:
> First, if the _smimecert.<domain> is hosted by a service provider (i.e.
> not the domain owner), the service provider can see who may be receiving
> encrypted mail.
Which they'll also learn by just looking at the zone data, if the
localparts are not hashed in the final spec.
I'd be more concerned above passive monitoring, because with
submission over port 587 with TLS, and forward hops from the MSA
to the destination also increasingly over TLS, there is often at
present no cleartext exposure of the envelope recipients.
With SMIMEA, passive monitoring of DNS queries will often reveal
the correspondent addresses.
> and may also learn the source IP address and other potential
> information.
That'll be less common, there will typically be iterative resolvers
between the user and the authoritative nameserver.
> Of course, the hosting provider also knows the whole list
> of (hashed) cert holders in the domain as well. Pervasive monitoring may
> also discover this (source IP A is looking for a cert for person X in
> order to send them mail), but qname-minimization may mitigate this to a
> degree.
Query minimization does not help here, it only hides the data from
operators of parent domain nameservers. Only encryption of DNS
traffic (ala DNScurve and at all zone cuts from the root down)
would help.
> Second, clients looking to validate a digital signature using SMIMEA
> queries may also be signaling a read receipt. If the original sender
> knows the recursive servers of the recipient, The sender could get an idea
> as to when the receiver MUA validated the digital signature by observing
> SMIMEA queries to their domain. This isn't a showstopper IMHO as recipients
> with cached digital signature certs may not send queries.
The cache lifetimes should be relatively short (not in excess of
the DNS TTLs of the TLSA RRs), so whenever there's a hiatus in
email flow between two correspondents (as opposed to a flurry of
immediate replies) it is quite likely that new conversations will
involve new DNS lookups.
> SMIMEA RR queries may leak information about who
> is planning to send, or has receive S/MIME protected email messages. DNS
> privacy techniques such as qname-minimization may mitigate some of the
> leakage.
Qname minimization does not help against passive monitoring, unless
that passive monitoring is in (only) in front of the root or
gTLD/ccTLD nameservers, rather than on path somewhere between author
and target domain.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
