Hi Viktor, > On 05 Apr 2016, at 01:35, Viktor Dukhovni <[email protected]> wrote: > > On Mon, Apr 04, 2016 at 05:24:59PM +0200, Aaron Zauner wrote: > >> As for authentication/TOFU: I see no better proposal than TACK around. > > I was briefly interested in TACK for SMTP before I started work on > DANE 2 years ago, but gave up after realizing that TACK cannot > protect the MX records. Without protecting the MX records you get > no active attack protection. > > STS proposes to validate MX records (MX host patterns) via HTTPS, > at which point one can consider various mechanisms for authenticating > the credentials of the validated MX hosts.
But if I use a TOFU model like TACK then if an attack on any MX record I try to resolve happens and I get redirected I end up with a TLS alert instead of a classic MITM because the attacker does not control my keys. DOS can happen in any case. > Are you proposing TACK without WebPKI for the STS HTTPS URL or > WebPKI + TACK pins? Note also that secondary MX hosts are rarely > used so senders will often lack prior contact with these, but an > attacker can block access to the primary MX, at which point you > get cold-start with a secondary MX (reducing TACK to WebPKI). WebPKI + TACK essentially (plus an SMTP extension). And again; the TACK draft would have to be updated and retrofitted. Thanks, Aaron
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
