On Mon, Feb 24, 2014 at 07:03:21PM +0100, Dirk St?cker wrote:
> >Nonsense. Patrick Koetter's .de domain is DNSSEC signed. His
> >mailserver has TLSA records. Enabling DNSSEC does not prevent you
> >from communicating with the rest of the world. Furthermore, you
> >can enable DNSSEC validation in your resolver before your own domain
> >is signed. The two are independent.
>
> So what do you think really - How long will it take until 10% of all
> mail hosts use DANE/TLSA? Wouldn't it be a good idea to at least
> increase security (even a little bit) for what we have now? I'd be
> happy when a higher percentage would support TLS at all.
With a bit of luck roughly 5 years. Exim has not implemented DANE
yet, and the RFC for DANE TLS for SMTP has not yet been ratified
by the IETF. The first Postfix release with DANE just came out
last month, and is not in most O/S distributions.
We should see the RFC adopted in the next few months, and Exim
implementing this year. Getting a major provider like Gmail, Yahoo,
AOL, ... would be nice, this will take a bit longer, but will make
a big impact when it does.
I'm working with the OpenSSL team to add DANE support to OpenSSL
so that other applications can adopt DANE without doing all the
hard work from the ground up.
Changing the infrastructure on Internet scale takes time.
> But you din't answer my question: What harm would it do, when the
> checks implemented already to verify certs and domain names and
> maybe TLS protocol quality are also executed for "Opportunistic TLS"
> and the results printed in the log?
You're asking for a verification status that would indicate
conditional MITM protection:
- False negative: MITM protection is illusory when the MX
hostname is compromised through DNS record forgery.
- False positive: No claim of MITM protection when the MX
host's certificate does not match what was expected, even
though it is the right MX host.
- False negative: Your root CA list contains a rogue CA, or
an intermediate CA signed by a trusted CA is rogue.
- False positive: Your root CA list contains too few CAs.
Most Postfix users would be ill-served by such a confusing signal.
> >No, DANE secures SMTP transport between publishing servers and
> >validating clients regardless of what everyone else is doing. The
> >adoption model is incremental.
>
> Is there a test server I can use to verify correct function? It does
> not sound like a good idea to send some test mails to a server
> without a permission to do so.
Testing is possible without sending email. You just need to complete
a TLS handshake.
Since with DANE we know what an authenticated connection means, we
can and likely will soon add a setting which allows DANE to optionally
fall back to an MITM vulnerable mode ("encrypt" or "may") after
logging a warning, when authentication fails or TLS is unavailable
on the server. That will allow more cautious users to pilot DANE
without worrying about denial of service.
--
Viktor.
