On Fri, Dec 13, 2019 at 12:18:42AM +0000, Max Mazurov wrote:
> There is a new SMTP extension called REQUIRETLS (RFC 8689[2]) that can help
> this by providing clients with a way to require TLS use with authenticated MX
> records for security-sensitive messages.
I was involved in the IETF UTA WG process of this RFC. For the next ~10
years there'll be little to no use of its feature that requests
enforcing authenticated TLS along the entire delivery path. Too few
systems will be capable of doing that to make it useful.
The immediately useful feature of this RFC is per-message *opt-out* of
receiving system TLS policy. Which can improve mail security by
reducing the barriers to adoption of *default* TLS authentication via
DANE or MTA-STS.
More sites may be willing enable DANE and MTA-STS, once users can
opt-out of the policy when (re-)sending time-sensitive messages that
don't require confidentiality protection.
What I'm inclined to implement in Postfix is support for the
"TLS-Required: NO" header, which would be able to override mandatory TLS
security, unless the override is disabled by local policy.
The would be a global parameter:
# Opportunistically enable DANE TLS
smtp_tls_security_level = dane
# But let users opt-out, to that end, let them know when mail is
# delayed, so they can resend with "TLS-Required: NO" if need be.
# (They'd still need a way to do that, and to n
#
smtp_tls_enable_optout = yes
delay_warning_time = 1h
and a policy table equivalent:
tls-policy:
# Users can opt-out of opportunistic DANE TLS to example.com
#
example.com dane optout=yes
# Site policy requires mandatory DANE to example.net, with no
# exceptions.
#
example.net dane-only optout=no
There would ideally also be an optional equivalent for the message
subject, which is easier for users to customize in many MUAs. Something
like:
tls_optout_subject_cookie = [tls-optout]
But because message subjects are often encoded by the MUA (perhaps
to base64 in the presence of non-ASCII content, or even by default),
that would require Postfix to decode the subject header in order
to detect the magic token.
I don't know how soon we might expect MUAs to include direct support for
"TLS-Required: NO". Clearly it'll work for power-users of Mutt, Pine,
Elm, ... And thus likely for the primary use-case of postmasters who
want to inform downstream sites of TLS problems at their end.
I am not inclined to expend resources on the REQUIRETLS feature for some
years, until authenticated TLS becomes the norm rather than the
exception.
--
Viktor.
