On Wed, Jan 15, 2014 at 08:15:48PM -0500, Wietse Venema wrote:
> The main changes in no particular order are:
>
> * Support for PKI-less TLS server certificate verification with
> DANE (DNS-based Authentication of Named Entities) where the CA
> public key or the server certificate is identified via DNSSEC
> lookup. This requires a DNS resolver that validates DNSSEC
> replies. The problem with conventional PKI is that there are
> literally hundreds of organizations world-wide that can provide
> a certificate in anyone's name. DANE limits trust to the people
> who control the target DNS zone and its parent zones.
Thanks for the support getting this out the door. Much appreciated.
The next revision of the associated draft RFC will be uploaded to
the IETF in the next few days. You can find a preview at:
http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-05.html
If anyone has the energy to read it carefully and provide feedback
or, if you're extra generous, a patch to the XML source file: (git
clone https://github.com/vdukhovni/ietf) that would be great.
IMPORTANT DISCLAIMER: If you want to try DANE security in the
Postfix SMTP client, you MUST ensure that /etc/resolv.conf contains
only "127.0.0.1" and/or "::1" as nameserver entries.
- No DHCP modifying /etc/resolv.conf, the nameserver MUST be
fixed. The caching resolver running on 127.0.0.1 needs to
implement DNSSEC with at least the root trust anchor defined
(and root key roll-over automated).
- The nameserver can forward to a nearby or ISP cache if desired,
and channel security is not required, since replies are checked
via DNSSEC.
If you want to join the experiment as a receiving site, implement
DNSSEC signing for your domain and publish TLSA records for your
MX hosts.
A DANE_README tutorial is planned, that documents all the required
steps for Postfix SMTP servers and clients in one place. For now
you can start with:
http://www.postfix.org/TLS_README.html#client_tls_dane
http://www.postfix.org/postconf.5.html#smtp_tls_security_level
http://www.postfix.org/postconf.5.html#tls_dane_digest_agility
http://www.postfix.org/postconf.5.html#tls_dane_digests
The Postfix configuration for DANE is quite simple really, the hard
part will be care and feeding of DNSSEC and updating TLSA records
during key roll-over. I hope that some of you will be motivated to
be early adopters and will get DNSSEC up and running for your
domains. If you do, do it with care. Good luck.
You may find:
http://tools.ietf.org/html/draft-ietf-dane-ops-02
helpful in your planning.
You can reduce reliance on the DNSSEC root key for critical peer
domains by configuring explicit trust anchor keys, provided of
course, that they are willing to coordinate key rotation with you,
or you automate signed DNSKEY/DS RRset rotation.
Related to DANE, but not DANE is a new feature that allows you to
specify a per-destination set of trusted issuing CA certificates
or public keys via smtp_tls_policy_maps:
http://www.postfix.org/postconf.5.html#smtp_tls_trust_anchor_file
This complements fingerprint security for leaf server certificates
by making it possible to locally define per-destination CAs.
Naturally, DANE scales better, when the destination domain makes
that possible.
--
Viktor.
