> On Jul 18, 2018, at 1:50 PM, Valery Smyslov <[email protected]> wrote:
>
> draft-ietf-uta-smtp-require-tls-03
In https://tools.ietf.org/html/draft-ietf-uta-smtp-require-tls-03#section-4.2.1
bullet 3, the reference to DANE authentication is to RFC6698, but DANE for SMTP
is defined in RFC7672. The RFC6125 reference as an alternative may not be a
sufficient alternative to DANE, since absent one of DANE or MTA-STS (and in the
absence of DNSSEC validation of the MX lookup) the protocol is vulnerable to DNS
forgery of the MX hostname.
The same issue re non-DANE authentication is also in Section 2:
o The certificate presented by the SMTP server MUST either verify
successfully in a trust chain leading to a certificate trusted by
the SMTP client or it MUST verify succesfully using DANE as
specified in RFC 7672 [RFC7672]. For trust chains, the choice of
trusted (root) certificates is at the discretion of the SMTP
client.
In this document MTA-STS seems to only be mentioned as policy source to
ignore with "RequireTLS: NO", but not as the alternative authentication
mechanism when DANE is not available.
This is recognized in the Security Considerations:
Another active attack involves the spoofing of DNS MX records of the
recipient domain. An attacker having this capability could cause the
message to be redirected to a mail server under the attacker's own
control, which would presumably have a valid certificate. REQUIRETLS
does not address this attack.
Might it not make sense to close this hole and require one of MTA-STS
or DANE? This delays the practical deployment of REQUIRETLS (yes) to
such time as at least of one MTA-STS or DANE is generally present, but
I think this is better than leaving the above security gap unaddressed.
--
Viktor.
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
