| < draft-ietf-dane-smtp-with-dane-09.txt | draft-ietf-dane-smtp-with-dane-10.txt > | |||
|---|---|---|---|---|
| DANE V. Dukhovni | DANE V. Dukhovni | |||
| Internet-Draft Two Sigma | Internet-Draft Two Sigma | |||
| Intended status: Standards Track W. Hardaker | Intended status: Standards Track W. Hardaker | |||
| Expires: November 7, 2014 Parsons | Expires: November 26, 2014 Parsons | |||
| May 6, 2014 | May 25, 2014 | |||
| SMTP security via opportunistic DANE TLS | SMTP security via opportunistic DANE TLS | |||
| draft-ietf-dane-smtp-with-dane-09 | draft-ietf-dane-smtp-with-dane-10 | |||
| Abstract | Abstract | |||
| This memo describes a downgrade-resistant protocol for SMTP transport | This memo describes a downgrade-resistant protocol for SMTP transport | |||
| security between Mail Transfer Agents (MTAs) based on the DNS-Based | security between Mail Transfer Agents (MTAs) based on the DNS-Based | |||
| Authentication of Named Entities (DANE) TLSA DNS record. Adoption of | Authentication of Named Entities (DANE) TLSA DNS record. Adoption of | |||
| this protocol enables an incremental transition of the Internet email | this protocol enables an incremental transition of the Internet email | |||
| backbone to one using encrypted and authenticated Transport Layer | backbone to one using encrypted and authenticated Transport Layer | |||
| Security (TLS). | Security (TLS). | |||
| skipping to change at page 1, line 36 ¶ | skipping to change at page 1, line 36 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on November 7, 2014. | This Internet-Draft will expire on November 26, 2014. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2014 IETF Trust and the persons identified as the | Copyright (c) 2014 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 14, line 47 ¶ | skipping to change at page 14, line 47 ¶ | |||
| clients elect to make use of the provider's TLSA records. | clients elect to make use of the provider's TLSA records. | |||
| When the MX records are not (DNSSEC) signed, an active attacker can | When the MX records are not (DNSSEC) signed, an active attacker can | |||
| redirect SMTP clients to MX hosts of his choice. Such redirection is | redirect SMTP clients to MX hosts of his choice. Such redirection is | |||
| tamper-evident when SMTP servers found via "insecure" MX records are | tamper-evident when SMTP servers found via "insecure" MX records are | |||
| recorded as the next-hop relay in the MTA delivery logs in their | recorded as the next-hop relay in the MTA delivery logs in their | |||
| original (rather than CNAME expanded) form. Sending MTAs SHOULD log | original (rather than CNAME expanded) form. Sending MTAs SHOULD log | |||
| unexpanded MX hostnames when these result from insecure MX lookups. | unexpanded MX hostnames when these result from insecure MX lookups. | |||
| Any successful authentication via an insecurely determined MX host | Any successful authentication via an insecurely determined MX host | |||
| MUST NOT be misrepresented in the mail logs as secure delivery to the | MUST NOT be misrepresented in the mail logs as secure delivery to the | |||
| intended next-hop domain. When DANE TLS is mandatory (xref | intended next-hop domain. When DANE TLS is mandatory (Section 6) for | |||
| target="madatory"/>) for a given destination, delivery MUST be | a given destination, delivery MUST be delayed when the MX RRset is | |||
| delayed when the MX RRset is not "secure". | not "secure". | |||
| Otherwise, assuming no DNS errors (Section 2.1.1), the MX RRset is | Otherwise, assuming no DNS errors (Section 2.1.1), the MX RRset is | |||
| "secure", and the SMTP client MUST treat each MX hostname as a | "secure", and the SMTP client MUST treat each MX hostname as a | |||
| separate non-MX destination for opportunistic DANE TLS as described | separate non-MX destination for opportunistic DANE TLS as described | |||
| in Section 2.2.2. When, for a given MX hostname, no TLSA records are | in Section 2.2.2. When, for a given MX hostname, no TLSA records are | |||
| found, or only "insecure" TLSA records are found, DANE TLSA is not | found, or only "insecure" TLSA records are found, DANE TLSA is not | |||
| applicable with the SMTP server in question and delivery proceeds to | applicable with the SMTP server in question and delivery proceeds to | |||
| that host as with pre-DANE opportunistic TLS. To avoid downgrade | that host as with pre-DANE opportunistic TLS. To avoid downgrade | |||
| attacks, any errors during TLSA lookups MUST, as explained in | attacks, any errors during TLSA lookups MUST, as explained in | |||
| Section 2.1.1, cause the SMTP server in question to be treated as | Section 2.1.1, cause the SMTP server in question to be treated as | |||
| End of changes. 4 change blocks. | ||||
| 7 lines changed or deleted | 7 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||