On 8/23/18 6:49 PM, Viktor Dukhovni wrote:
This is recognized in the Security Considerations: Another active attack involves the spoofing of DNS MX records of the recipient domain. An attacker having this capability could cause the message to be redirected to a mail server under the attacker's own control, which would presumably have a valid certificate. REQUIRETLS does not address this attack.Might it not make sense to close this hole and require one of MTA-STS or DANE? This delays the practical deployment of REQUIRETLS (yes) to such time as at least of one MTA-STS or DANE is generally present, but I think this is better than leaving the above security gap unaddressed.
In my latest draft, I dismissed this comment, apparently after not reading it carefully enough. I considered requiring DANE for the destination server to be enough of a deployment hurdle that I thought it would fatally inhibit REQUIRETLS deployment. But I didn't consider the possibility of MTA-STS here.
The idea, of course, is that the MTA-STS policy specifies the hostname(s) of mail server(s) for the domain, and therefore a spoofed MX would be detected (and the mail would not be sent, as a result).
But I don't think DANE is necessary, except that it requires DNSSEC (although Viktor has pointed out to me, off-list, that DANE deployment is trivial compared with the effort to DNSSEC sign a domain). What we're trying to counter is MX spoofing for the destination domain, and DNSSEC is sufficient for that. Once we have found the correct MX hostname(s) to send the message to (which if course could be in a different domain), the certificate, verified using either DANE or the certificate chain, would be sufficient to authenticate the server to which the message is being sent.
How does the WG feel about this? Should I add a requirement for the destination to have either MTA-STS or DNSSEC, or leave the "MX hole" as is, documented?
-Jim _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
