On 4/18/21 8:04 PM, Viktor Dukhovni wrote: > On Sun, Apr 18, 2021 at 07:59:07PM -0400, Demi Marie Obenour wrote: > >>>> Would it be possible to support trusting based on subject alt name? >>>> I would like a machine with a certificate for a.example.com to send >>>> mail from a.example.com domains. > > This rather mixes end-to-end properties (the message envelope sender is > a fixed element of a mult-hop SMTP relay chain) with hop-by-hop > properties (TLS client certificates). > > Permitting particular client certs is fine for MSA relay authorisation, > but is rather dubious for enforcing the envelope sender domain. > > Are then going to forbid the use of these sender domains unless the > client presents a corresponding certificate? Is this an a message > submission service or an inbound MTA? > >> Each system is issued a certificate for its own domain. Perhaps a >> better example would be email Subject Alternative Names. > > That's not an example (use-case), it is a certificate field. What > is the use-case. With some specificity...
If I were to run my own email server (I don’t, but I plan on doing so someday), my preferred means of authentication would be by client certificate. And I would want users to be able to send emails as a specific user if, and only if, I have issued them a certificate with the corresponding email address in the SAN. Why client certificates? Because requiring authentication to even connect to the service avoids whole heaps of problems. If the user doesn’t present a certificate, they aren’t going to even get an SMTP greeting, much less be able to send mail. And that is extremely easy to validate: I just need to ensure that connections with no certificate, or with an invalid certificate, fail during TLS negotiation. Furthermore, client certificate authentication does not require any form of credentials (other than the server’s own certificate) to be stored on the server, nor does it require that the server have any form of authentication database. Finally, Postfix needs to run TLS and verify certificates anyway, so that it can securely relay mail. So client certificate authentication hardly increases the attack surface at all. Sincerely, Demi
OpenPGP_0xB288B55FFF9C22C1.asc
Description: OpenPGP public key
OpenPGP_signature
Description: OpenPGP digital signature