Re: DANE, DNSSEC, GnuTLS, Postfix, Exim

Sun, 13 Jan 2013 11:30:37 -0800 

On Sun, Jan 13, 2013 at 08:17:47PM +0100, Stefan Sels wrote:

> It is true that TLS/SMTP is often used but rarely discussed while making
> new SMTP/TLS RFCs. Most stuff is written with https and browsers in
> mind. There is a RFC-draft for S/MIME TLSA though:
> 
> http://tools.ietf.org/html/draft-hoffman-dane-smime-00

S/MIME is of course quite unrelated to transport.

> > So when a CA is  involved (certificate usage 0 or 2) the imputed
> > TLS policy would be:
> > 
> >   example.com secure \
> >     digest=sha-256 \
> >     rootca=<some-fingerprint> \
> >     rootca=<another-fingerprint> ... \
> >     match=<already-supported-match-syntax>
> > 
> > and when a CA is not involved (certificate usage 1 or 3) the imputed
> > TLS policy would be:
> > 
> >   example.com fingerprint \
> >     digest=sha-256 \
> >     match=<fingerprint> \
> >     match=<another-fingerprint> ...
> 
> that would be computed parameters? or fixed configuration (just to
> understand the example correctly) ?

I said "imputed TLS policy". That is "assigned by inference".  The
same policy could also be set explicitly in a policy table, for
example, by running a script the securely polss DNS TLSA RRsets
from time to time (for selected destination domains) and constructs
TLS policy table entries.

> > The DANE specification potentially supports mixed security models,
> > wherein some of the elements of a TLSA RRset specify usage 0 or 2,
> > and others usage 1 or 3. This is not easily accomodated by Postfix
> > at this time, since the TLS library supports exactly one of the
> > two security models for a given connection.
> 
> Maybe the client could signal the security model/use case within the TLS
> handshake? Like an extension to STARTTLS (or even STARTTLSA but that
> would be messy). Just brain storming here..

This makes no sense.

> > I would be inclined to ignore usage 0 and 2, when 1 or 3 is present,
> > since given the expected peer certificate, there is no need for
> > any CAs.
> 
> Yeah. Currently we just look if any client cert is given. It would be
> actually an improvement if we could at least verify that it is
> associated with the given DNS records.

The discussion in DANE is about server certificates, clients don't
fit into a "_service._proto.fqdn IN TLSA" lookup model. Postfix
supports certificate checks, but in practice only for a handful of
destinations.

-- 
        Viktor.

Reply via email to