On Wed, Jul 09, 2014 at 12:28:37PM -0400, Warren Kumari wrote:
> Dear collages
Auto-corrupt?
> This is a call for discussion on "how to do? / ?is this possible / advisable?.
> If there is sufficient progress in in the next week the chairs would
> like to dedicate some time at the meeting in Toronto to this topic.
For SMTP, the plausible use-case is that the client's EHLO name is used
to construct a TLSA lookup key, something along the lines of:
_smtp-client.${ehlo_name} IN TLSA ?
which then *could* make it possible for the server to obtain key material
to authenticate the client (request client certs when TLSA records are
found, ...).
A serious difficulty is that even legitimate clients with non-negligible
frequency use bad EHLO names, for which DNS lookups tempfail.
Since timeouts due to bad input cannot be distinguished from timeouts
due to transient network problems, client DANE TLSA authentication
cannot be reliably applied opportunistically (zero configuration).
This is likely OK, since client authentication is perhaps only
useful when the client domain is whitelisted or otherwise already
known to the server. Authentication of a stranger domain has rather
limited utility.
So I can see SMTP client authentication with DANE serving some
limited use cases, for example, relay access via a provider's
outbound gateway (for MTAs, not submission).
So the main task is to identify sensible use-cases, then define
associated lookup keys and lookup error handling for each use-case.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
