Loading ...
Sorry, an error occurred while loading the content.
 

Re: Enforced TLS per MX

Expand Messages
  • Viktor Dukhovni
    ... Yep, security is a pain. I did not want to provide a false sense of security with the new policy table. None of the fancy certificate verification is worth
    Message 1 of 7 , Feb 22, 2013
      On Fri, Feb 22, 2013 at 11:33:53AM -0500, Wietse Venema wrote:

      > Viktor Dukhovni:
      > > On Fri, Feb 22, 2013 at 08:48:31AM -0500, Wietse Venema wrote:
      > >
      > > > > We are trying to establish enforced TLS with a partner that hosts about
      > > > > 2000 recipient domains. All of these point to the same four MX records:
      > > > >
      > > > > host[1-4].example.com
      > > > >
      > > > > As I did not want to specify all of these domains in our tls_policy
      > > > > file, I wanted to ask if there is any option to enforce TLS by those MX
      > > > > addresses.
      > > >
      > > > Surely, the policy table is indexed by MX hostname as well as
      > > > recipient domain.
      > >
      > > No, it is not. Only the nexthop domain is used since the MX host
      >
      > I see. This was a property of the legacy tls-per-site table.

      Yep, security is a pain. I did not want to provide a false sense
      of security with the new policy table. None of the fancy certificate
      verification is worth much if it is trivially subverted with a
      forged DNS response. We will be able to meet user expectations
      once DNSSEC is more pervasive (5-10 years with a bit of luck,
      they will typically be running 2.11 or later by then too).

      --
      Viktor.
    • Jan P. Kessler
      ... So it would have the same quality as the encrypt action, no? Something between 0 and 100, that could be explicitly mentioned in the docs. Doesn t help
      Message 2 of 7 , Feb 27, 2013
        Am 22.02.2013 17:06, schrieb Viktor Dukhovni:
        > On Fri, Feb 22, 2013 at 08:48:31AM -0500, Wietse Venema wrote:
        >
        >>> We are trying to establish enforced TLS with a partner that hosts about
        >>> 2000 recipient domains. All of these point to the same four MX records:
        >>>
        >>> host[1-4].example.com
        >>>
        >>> As I did not want to specify all of these domains in our tls_policy
        >>> file, I wanted to ask if there is any option to enforce TLS by those MX
        >>> addresses.
        >> Surely, the policy table is indexed by MX hostname as well as
        >> recipient domain.
        > No, it is not. Only the nexthop domain is used since the MX host
        > is derived from unauthenicated MX lookups and is trivially subject
        > to MITM attacks.

        So it would have the same "quality" as the "encrypt" action, no?
        Something between 0 and 100, that could be explicitly mentioned in the
        docs. Doesn't help with a MITM but keeps out the firewall/provider guy
        with debug/snoop/tcpdump - and your idp of course :-(

        But I understand the point and agree with it although it doesn't make me
        very happy. We are replacing an interconnection between some companies
        with several 1000s of domains (actively used, frequently enhanced) via
        leased lines. This required (and unfortunately still requires) a
        database for domain exchange and some kind of 'administrative
        discipline' to keep it updated in time. My expectation is that DNSSEC
        will be globally used before the last point is going to function properly ;)
      • Viktor Dukhovni
        ... Yes. -- Viktor.
        Message 3 of 7 , Feb 27, 2013
          On Thu, Feb 28, 2013 at 12:25:53AM +0100, Jan P. Kessler wrote:

          > Am 22.02.2013 17:06, schrieb Viktor Dukhovni:
          >
          > > > Surely, the policy table is indexed by MX hostname as well as
          > > > recipient domain.
          > >
          > > No, it is not. Only the nexthop domain is used since the MX host
          > > is derived from unauthenicated MX lookups and is trivially subject
          > > to MITM attacks.
          >
          > So it would have the same "quality" as the "encrypt" action, no?

          Yes.

          --
          Viktor.
        Your message has been successfully submitted and would be delivered to recipients shortly.