On Sat, Jan 09, 2016 at 10:56:40AM -0500, Wietse Venema wrote:
> > Is CheckTLS.com just insisting that the CN of the certificate should
> > match the mx record of the mail domain in question or is this genereally
> > expected?
>
> Regardless of what CheckTLS.com says, what is the server name in
> the MX record? That is the name that needs to match the certificate.
White lies to children? :-) The more complete story is that with
port 25 SMTP, absent DANE, nobody checks the OP's certificate
anyway, it can say "example.com" and TLS will work exactly as
securely as with any other name.
However, if the OP uses DANE, and if the TLSA records pin a
trust-anchor (certification authority) rather than an end-entity
(server) certificate, then the DNS name in the certificate needs
to be the MX hostname.
On the other hand, if the OP is asking some peer domains to implement
explicit mandatory WebPKI TLS verification for mail to his domain,
then the certificate needs to match the recipient domain, rather
than the MX hostname, as in the CheckTLS report. Otherwise,
verification is subject DNS-based MITM attacks (barring DNSSEC, at
which point better to use DANE, and ask the peers to enforce that).
I am hoping more MTAs will implement DANE over the next couple of
years, now that OpenSSL has DANE support (in the "master" dev
branch, expected to be released as 1.1.0-alpha2 this week).
--
Viktor.
