Loading ...
Sorry, an error occurred while loading the content.

TLS: advice on best practices

Expand Messages
  • Luigi Rosa
    ... Hash: SHA1 Hi, I have a TLS enabled Postfix with a PKI certificate. The configuration of SMTP TLS is: smtp_tls_security_level = may
    Message 1 of 3 , Sep 20, 2013
    • 0 Attachment
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1

      Hi,
      I have a TLS enabled Postfix with a PKI certificate.

      The configuration of SMTP TLS is:

      smtp_tls_security_level = may
      smtp_tls_note_starttls_offer = yes
      smtp_tls_fingerprint_digest = sha1
      smtp_tls_policy_maps = hash:/etc/postfix/tls_policy

      and in tls_policy I put some recipient domains I know with "fingerprint" and
      the fingerprint(s) of their keys.

      But many PKI keys last 365 days, so sooner or later the fingerprints are no
      longer valid and the mail will not be delivered to that domains until I change
      the policy or I put a new fingerprint.

      My question is: with PKI keys is better to leave the opportunistic TLS policy
      and use fingerprint only for self issued keys with 3650 days of validity or
      are there some better ways to handle this?

      Thank you in advance.



      Ciao,
      luigi

      - --
      /
      +--[Luigi Rosa]--
      \

      I have always imagined that paradise will be a kind of library.
      --Jorge Luis Borges
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.12 (GNU/Linux)
      Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

      iEYEARECAAYFAlI8MzwACgkQ3kWu7Tfl6ZTs9ACdERs11iAybH22fRTs+AmDU3QQ
      CBUAniWJce7Z0kb2sb2Nt69Z8BCFLnZh
      =PrkZ
      -----END PGP SIGNATURE-----
    • Noel Jones
      ... Hash: SHA1 ... fingerprint verification is intended for a very limited number of clients -- typically internal hosts or highly trusted business partners
      Message 2 of 3 , Sep 20, 2013
      • 0 Attachment
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        On 9/20/2013 6:36 AM, Luigi Rosa wrote:
        > Hi, I have a TLS enabled Postfix with a PKI certificate.
        >
        > The configuration of SMTP TLS is:
        >
        > smtp_tls_security_level = may smtp_tls_note_starttls_offer =
        > yes smtp_tls_fingerprint_digest = sha1 smtp_tls_policy_maps =
        > hash:/etc/postfix/tls_policy
        >
        > and in tls_policy I put some recipient domains I know with
        > "fingerprint" and the fingerprint(s) of their keys.
        >
        > But many PKI keys last 365 days, so sooner or later the
        > fingerprints are no longer valid and the mail will not be
        > delivered to that domains until I change the policy or I put a
        > new fingerprint.
        >
        > My question is: with PKI keys is better to leave the
        > opportunistic TLS policy and use fingerprint only for self
        > issued keys with 3650 days of validity or are there some better
        > ways to handle this?


        fingerprint verification is intended for a very limited number of
        clients -- typically internal hosts or highly trusted business
        partners willing to closely cooperate with you.

        Without close cooperation from the remote site, fingerprint
        verification just isn't practical. For an arbitrary third-party
        site, you'll probably need to stick to "encrypt" or maybe in some
        cases "verify".
        http://www.postfix.org/TLS_README.html#client_tls

        Hopefully widespread DANE adoption will take the pain out of this
        in the future.


        -- Noel Jones
        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v2.0.20 (MingW32)
        Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

        iQEcBAEBAgAGBQJSPFttAAoJEJGRUHb5Oh6gVP8H/13ES2pc0zGkSJGwBXXoBI9h
        h+epsLfdT4QX2swUI785HzjDXoLFUzNQyqUXdRo4jp3rnUoQABLP1mi/NZpZlnuy
        QKwtIvLqF1dTwxcQ4KNMkOMkWXFRE0VYHSQVnWfpYP5K/XZPYm5uIHKb2oM9C0eH
        yJvZ/geC+dmODLDEwvFXfk5Tx1U68CuJ2+25cRoouVtwX9vbD4VlorQf1osnG5Gz
        Fp3GzMXe6CIS/2DuujXv/v6CYSqVzqtmjtawbl6ZBF7+YUxf9Ae+JJaIoqpjgyf+
        ecRStPfbqsbRBzY/8/3OFW95ZoseAEBKMbjLmPCovFx1+b1YyLwY+7SgW2q+Ex0=
        =7A8M
        -----END PGP SIGNATURE-----
      • Viktor Dukhovni
        ... One should generally use secure , not verify . It was mistake on my part to create both security levels, they differ only in the default matching
        Message 3 of 3 , Sep 20, 2013
        • 0 Attachment
          On Fri, Sep 20, 2013 at 09:27:57AM -0500, Noel Jones wrote:

          > Without close cooperation from the remote site, fingerprint
          > verification just isn't practical. For an arbitrary third-party
          > site, you'll probably need to stick to "encrypt" or maybe in some
          > cases "verify".
          > http://www.postfix.org/TLS_README.html#client_tls

          One should generally use "secure", not "verify". It was mistake
          on my part to create both security levels, they differ only in the
          default matching strategy. We should have had a single level with
          a configurable global matching strategy (smtp_tls_verify_cert_match)
          that defaults safe, and with the per-site "match" overrides allowing
          users to fine-tune as necessary.

          Instead we have "verify" and "secure' that differ only in the unsafe
          setting of smtp_tls_verify_cert_match vs. a safe setting for the
          analogous smtp_tls_secure_cert_match.

          Users should probably set:

          # Default MITM safe matching (as in "secure")
          smtp_tls_verify_cert_match = nexthop, dot-nexthop
          smtp_tls_secure_cert_match = nexthop, dot-nexthop

          # Default MITM unsafe matching (as in "verify")
          smtp_tls_verify_cert_match = hostname
          smtp_tls_secure_cert_match = hostname

          and then use the two levels interchangeably.

          [ Don't try to alias one in terms of the implicit default value of
          the other, Postfix configuration parameter expansion happens
          incrementally, and the defaults are not all set when parameters
          are expanded. ]

          > Hopefully widespread DANE adoption will take the pain out of this
          > in the future.

          Amen.

          --
          Viktor.
        Your message has been successfully submitted and would be delivered to recipients shortly.