[Uta] Last Call: <draft-ietf-uta-mta-sts-15.txt> (SMTP MTA Strict Transport Security (MTA-STS)) to Proposed Standard

Discussion:

The IESG

2018-04-09 15:03:11 UTC

The IESG has received a request from the Using TLS in Applications WG (uta)
to consider the following document: - 'SMTP MTA Strict Transport Security
(MTA-STS)'
<draft-ietf-uta-mta-sts-15.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
***@ietf.org mailing lists by 2018-04-23. Exceptionally, comments may be
sent to ***@ietf.org instead. In either case, please retain the beginning of
the Subject line to allow automated sorting.

Abstract

SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a
mechanism enabling mail service providers to declare their ability to
receive Transport Layer Security (TLS) secure SMTP connections, and
to specify whether sending SMTP servers should refuse to deliver to
MX hosts that do not offer TLS with a trusted server certificate.

The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-ietf-uta-mta-sts/ballot/

The following IPR Declarations may be related to this I-D:

https://datatracker.ietf.org/ipr/2776/

Dave Cridland

2018-04-11 11:38:38 UTC

Permalink

Since this was mentioned to me at IETF 101, I managed to find the time to
look it up and review. Several design decisions have left me confused; most
notably the notion of a call-out to HTTPS in the first place. Much of the
document is unclear to me, despite having a background of both Internet
Mail and the application of PKI in application protocols, and it appears to
willfully ignore prior art in this area.

1) A History Lesson

First, some history: In XMPP-land, we faced a similar issue with
large-scale providers (most notably Google) not wishing to host or manage
the certificates for their customers, alongside an assertion that customers
would not wish to provide their private keys to their provider. Despite the
strong evidence to the contrary in the case of HTTPS, the community
nevertheless developed POSH (RFC 7711), and did so in a protocol-neutral
way. In POSH, an entity fetches a well-known document from an HTTPS server
in order to securely obtain information with which to validate a
certificate by means other than building a traditional chain etc.

Notably, this was against a backdrop of CAs which were not free, and
generally quite expensive - this has changed markedly over the years since,
and I should note that POSH's support for self-signed certificates is
probably no longer relevant.

However, it surprises me that the MTA-STS draft does not appear to note
this prior art at all, and this makes me wonder whether it was even on the
radar.

Importantly, POSH was never deployed very heavily - I can find only one
deployment (and "most users opt to just give us the cert"). This was in
part because of Google's withdrawal from standards-based IM, which
liberated the community from having to support a use-case only Google
really felt important, and also the rise of free CAs, which avoided the
cost issue associated with traditional PKIX.

For reference, the XMPP community has a high penetration of DANE records
(around 10% of the self-selected group who test their servers through
community tooling) and a very high penetration of CA-signed certificates
(mostly Let's Encrypt).

2) HTTPS Call-out

Given the policy is essentially trust-on-first-use, it's not clear to me
why much of the STS policy cannot be transferred within SMTP itself,
perhaps in response to the EHLO issued after STARTTLS completes. This is
good enough for HTTPS's STS variant, and feels intuitively simpler for MTAs
to implement.

3) DNSSEC or not?

The MTA-STS problem is reasonably well-defined in the document - SMTP
servers often do host numerous domains, and unfortunately operating one's
own server has become a rarity, so domains are concentrated on a few
servers. STARTTLS is, as the abstract notes, theoretically susceptible to a
downgrade attack - but this does require either active MITM or some fairly
tight hoops to jump through to actually exploit.

The draft then goes on to compare the solution to DANE, and notes that
DNSSEC is not required with MTA-STS - "at a cost of risking malicious
downgrade attacks". These would be performed by DNS spoofing, which has a
known history of occurring. In any case, what is distinctly unclear to me
is whether MTA-STS without DNSSEC is materially different from RFC 7672
without DNSSEC; if unsecured DNS is "good enough" for MTA-STS, my immediate
question is whether it might therefore be good enough for at least some
cases of DANE.

I'd note that in RFC 7672, the presence of a (DNSSEC-secure) TLSA record is
sufficient to mandate TLS - hence my question is whether an insecure TLSA
record stipulating a particular trust anchor and/or valid certificate
(PKIX-TA and PKIX-EE) might be sufficient to meet the same security
requirements here.

4) Wildcard on Wildcard Action.

It is deeply unfortunate that MTA-STS mandates a name match based on
dNSName SANs only. I would have thought that emulating an SRV, and matching
a corresponding sRVName, would be more useful - and overall, the idea that
a new matching algorithm has been included so as to match an "mx pattern"
to a dNSName wildcard just feels like an exploit waiting to happen. It
would feel considerably safer to do one of:

a) Make matches operate the same way as DANE, by being based on hashes of
SubjectPublicKeyInfo and/or the complete certificate. (Similar to POSH's
approach of a certificate hash).
b) Make matches operate the same way as RFC 6125 (unreferenced, I note).
c) Both/either of the above.

I assume the logic behind allowing a wildcard-to-wildcard match is to allow
a Google user to simply specify ".googlemail.com" and ".l.google.com" as
their MX identity patterns; however it feels as though Google could simply
use a known name within the certificate for all their receiving MTAs,
irrespective of the DNS records involved. This, of course, presupposes that
the administrator of the mail domain somehow does not know the precise
names of the MTAs used in their own DNS records.

I further assume the logic in mandating matches against dNSName SANs is
because these are readily available; however sRVName SANs, by restricting
their use to a particular service, have the advantage that customers giving
these to their service provider might be deemed more acceptable.

5) Terminology and Nomenclature.

It is well-known that naming things remains the hardest problem in
technology.

However, this draft appears to have taken bold strides in demonstrating
that coming up with new names for things needn't be so challenging.

Take Â§7.1, for example, which dictates that the SNI extension MUST contain
the "MX hostname" - this latter term does not appear anywhere else in the
document. I'm going to guess that it means the RHS of the MX record, as
defined in RFC 7672 (and informative reference), which is the same as RFC
7672. "MX host", which appears once in RFC 5321, also appears elsewhere in
this draft, including in Â§1.1, where it is in this definition:

o MTA-STS Policy: A commitment by the Policy Domain to support PKIX
[RFC5280] authenticated TLS for the specified MX hosts.

Impressively, by my reading, the commitment is for the Policy Domain to
support PKIX for all SMTP; and not just for specified hosts.

Using more common - and more uniform - terminology would be of huge
benefit: "Sending MTA", "Receiving MTA", and so on are well-known terms. If
a new term is needed, please do define it. If you mean to use terms from
other RFCs, these need to be Normative References and noted in the
Terminology section.

6) Reference Identifiers and derivation.

RFC 6125 provides a slew of terminology and best practise - from the same
UTA working group, as I recall. RFC 7672 also provides terminology and much
behaviour.

It feels as though this draft should at least attempt to use the same
terminology, and ideally the same behaviour, as RFC 7672 (and RFC 6125).

This is particularly noticeable in the difference between the reference
identifiers used within RFC 7672 (and used within the SNI discussed there)
compared with this draft, see for example this draft's Â§7.1, compared with
RFC 7672 Â§8.1

7) Trust Anchors

RFC 7672 suggests that MTAs cannot rely on a set of common trust anchors,
in Section 1.3.4. While I'm not actually convinced this is really the case,
I'm finding it odd that on the one hand, we have a consensus
standards-track document that makes this assertion, yet on the other this
draft makes - implicitly - the opposite assertion.

It would be useful to understand if circumstances have changed.

Dave.

Viktor Dukhovni

2018-04-11 17:19:03 UTC

Permalink

Post by Dave Cridland
For reference, the XMPP community has a high penetration of DANE records
(around 10% of the self-selected group who test their servers through
community tooling) and a very high penetration of CA-signed certificates
(mostly Let's Encrypt).

There's no comparable uptake of DANE in email and IMO there's little if
any prospect of that changing in the immediate future.

There are at least 205,000 domains whose MX hosts have TLSA records.
I expect around another 300k domains (hosted by a provider that's
in the process of adding support) in the next month or two. Among
the existing adopters are:

* web.de / gmx.de with millions of users
* comcast.net with millions of users
* posteo.de and mailbox.org with customers who want email security
* domeneshop.no and transip.nl hosting over ~150k customer domains.

Postfix and Exim have DANE support as do MailChannels and Halon.
Cisco just announced DANE support in the Beta of the next release
of SMTP for their SMTP gateway (formerly IronPort).

So if your "immediate future" horizon is ~6 months, then sure, adoption
will remain light on *that* timescale, but there's a good chance of much
broader support in 2019/2020, perhaps even by more of the same providers
behind STS.

--
Viktor.

Viktor Dukhovni

2018-04-11 18:20:31 UTC

Permalink

Post by Dave Cridland
2) HTTPS Call-out
Given the policy is essentially trust-on-first-use, it's not clear to me why much of the STS policy cannot be transferred within SMTP itself, perhaps in response to the EHLO issued after STARTTLS completes. This is good enough for HTTPS's STS variant, and feels intuitively simpler for MTAs to implement.

A key difficulty with using a receiving MTA (MX host) as a policy source for active-attack prevention (in the absence of DNSSEC) is that the MX RRset is not secured, so the policy thus obtained is not only subject to "stripping" on first contact (as is the case with STS as proposed) but also subject to tampering by an attacker who can cause a forged policy to be vended by a rogue MX host, and then keep that policy in place preventing connections to the real receiving MTAs.

A related issue is that when all the MX hosts are switched to an alternative provider, there's not a good way to learn of the policy change. None of the new MX hosts are trusted per the old policy, and the none of the old MX hosts are in the new MX RRset.

So unfortunately, a catch-22 prevents use of the MX hosts as oracles to authenticate themselves (lift themselves by their bootstraps).

Post by Dave Cridland
3) DNSSEC or not?
The draft then goes on to compare the solution to DANE, and notes that DNSSEC is not required with MTA-STS - "at a cost of risking malicious downgrade attacks". These would be performed by DNS spoofing, which has a known history of occurring. In any case, what is distinctly unclear to me is whether MTA-STS without DNSSEC is materially different from RFC 7672 without DNSSEC; if unsecured DNS is "good enough" for MTA-STS, my immediate question is whether it might therefore be good enough for at least some cases of DANE.
I'd note that in RFC 7672, the presence of a (DNSSEC-secure) TLSA record is sufficient to mandate TLS - hence my question is whether an insecure TLSA record stipulating a particular trust anchor and/or valid certificate (PKIX-TA and PKIX-EE) might be sufficient to meet the same security requirements here.

Without DNSSEC the protocol is not noticeably different from just STARTTLS, which has been quite successful at protecting against passive monitoring (90% of traffic in/out of Gmail uses TLS per the transparency report site). For active attackers DNS forgery is in scope, at which point some way to guard against MX RRset tampering is needed. Hence DNSSEC for DANE in SMTP and the HTTPS call-out in this draft.

For the record, I'd still rather see the providers in question implement DANE, and this should be increasingly doable as they move their email servers to dedicated domains (e.g. in Google's case many new customers are on googleemail.com MX hosts, rather than the legacy aspmx.l.google.com et. al.). So I see STS as a transitional technology that buys time. I am not advocating STS, but I recognize that there's an operational reality that makes DANE difficult for the large providers at present.

Post by Dave Cridland
4) Wildcard on Wildcard Action.
It is deeply unfortunate that MTA-STS mandates a name match based on dNSName SANs only. I would have thought that emulating an SRV, and matching a corresponding sRVName, would be more useful - and overall, the idea that a new matching algorithm has been included so as to match an "mx pattern" to a dNSName wildcard just feels like an exploit waiting to happen.

I see little evidence that such certificates are about to become mainstream. Indeed SRV serves little purpose here, as the name being authenticated is that of the receiving MTA, which is in the provider's domain, so there's largely no need for "virtual hosting", and the MTAs are dedicated machines, that are not also Web servers, FTP servers, ...
So DNS-ID is just fine for the SMTP certificates.

The reason for MX patterns is to avoid the operational pain of having to always update one's MX RRset in two places (in DNS and on a web server). A domain with an MX RRset
of the form:

example.com. IN MX 0 mx1.mail.example.com.
example.com. IN MX 0 mx2.mail.example.com.

would be able to specify a stable MTA-STS policy of:

mx: .mail.example.com.

and later change the MX RRset to:

example.com. IN MX 0 mx1.mail.example.com.
example.com. IN MX 0 mx2.mail.example.com.
example.com. IN MX 0 mx3.mail.example.com.
example.com. IN MX 0 mx4.mail.example.com.

without having to update the MTA-STS policy.

Post by Dave Cridland
a) Make matches operate the same way as DANE, by being based on hashes of SubjectPublicKeyInfo and/or the complete certificate. (Similar to POSH's approach of a certificate hash).

That kind of pinning is not viable for long-term client caching.

Post by Dave Cridland
b) Make matches operate the same way as RFC 6125 (unreferenced, I note).'

That fails to deal with the issue of forcing every MX RRset update to require
MTA-STS policy updates.

Post by Dave Cridland
c) Both/either of the above.

See above.

Post by Dave Cridland
I assume the logic behind allowing a wildcard-to-wildcard match is to allow a Google user to simply specify ".googlemail.com" and ".l.google.com" as their MX identity patterns;

exactly, and not have to keep changing the MTA-STS policy when the specific host names change.

Post by Dave Cridland
however it feels as though Google could simply use a known name within the certificate for all their receiving MTAs, irrespective of the DNS records involved.

This is why the MTA-STS policy was changed (at my request IIRC) to be not a filter on the MTA names, but rather a filter on the content of their certificates. It allows for either a single name across all the certificates, or distinct certificates for each MTA (less likely a single point of failure) that don't share names (some CAs don't like multiple outstanding certificates for the same name) with a common "base name".

Post by Dave Cridland
This, of course, presupposes that the administrator of the mail domain somehow does not know the precise names of the MTAs used in their own DNS records.

See above.

Post by Dave Cridland
7) Trust Anchors
RFC 7672 suggests that MTAs cannot rely on a set of common trust anchors, in Section 1.3.4. While I'm not actually convinced this is really the case, I'm finding it odd that on the one hand, we have a consensus standards-track document that makes this assertion, yet on the other this draft makes - implicitly - the opposite assertion.
It would be useful to understand if circumstances have changed.

Certainly there've been many changes in the last ~4 years since
RFC7672 was under development, and now a single CA (Let's Encrypt)
dominates the landscape. Out of a total of 6773 IP endpoints
with DANE-verified certificate chains, the top 10 issuers of the
EE certificate are:

3958 Issuer CommonName = Let's Encrypt Authority X3
534 Issuer CommonName = COMODO RSA Domain Validation Secure Server CA
419 Issuer CommonName = AlphaSSL CA - SHA256 - G2
109 Issuer CommonName = COMODO RSA Organization Validation Secure Server CA
73 Issuer CommonName = DigiCert SHA2 Secure Server CA
64 Issuer CommonName = Gandi Standard SSL CA 2
62 Issuer CommonName = RapidSSL SHA256 CA
61 Issuer CommonName = RapidSSL SHA256 CA - G2
51 Issuer CommonName = CAcert Class 3 Root
48 Issuer CommonName = Thawte TLS RSA CA G1

and so to some extent not that many CAs need to be trusted to verify the majority of remote SMTP servers, my concern in 7672 was and remains that there's no way to
exclude any of the CAs in the usual CA bundles (which bundle is authoritative?
Mozilla's?) from being fully trusted for all domains.

On the one hand, one wants to be able to send email to any destination around
the globe, and can't predict which CA some remote domain will prefer. On the
other hand one might not want to fully trust each and every CA for the world
at large. MTAs don't have an interactive user to "click OK" when authentication
fails due to missing or stale trust anchors. So my goal in 7672 was to avoid
relying on a globally coherent set of trust anchors.

If MTA-STS is primarily implemented by its sponsoring large providers, then
this is mostly a non-issue, as they're unlikely to use certificates from
"exotic" CAs that are not nearly-universally trusted. If STS-adoption
spreads like wildfire to lots of self-hosting domains around the globe,
then the CA bundle issue might become relevant.

--
Viktor.

Dave Cridland

2018-04-11 22:52:34 UTC