| draft-ietf-uta-mta-sts-11.txt | draft-ietf-uta-mta-sts-12.txt | |||
|---|---|---|---|---|
| Using TLS in Applications D. Margolis | Using TLS in Applications D. Margolis | |||
| Internet-Draft M. Risher | Internet-Draft M. Risher | |||
| Intended status: Standards Track Google, Inc | Intended status: Standards Track Google, Inc | |||
| Expires: May 12, 2018 B. Ramakrishnan | Expires: June 7, 2018 B. Ramakrishnan | |||
| Yahoo!, Inc | Yahoo!, Inc | |||
| A. Brotman | A. Brotman | |||
| Comcast, Inc | Comcast, Inc | |||
| J. Jones | J. Jones | |||
| Microsoft, Inc | Microsoft, Inc | |||
| November 8, 2017 | December 4, 2017 | |||
| SMTP MTA Strict Transport Security (MTA-STS) | SMTP MTA Strict Transport Security (MTA-STS) | |||
| draft-ietf-uta-mta-sts-11 | draft-ietf-uta-mta-sts-12 | |||
| Abstract | Abstract | |||
| SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a | SMTP Mail Transfer Agent Strict Transport Security (MTA-STS) is a | |||
| mechanism enabling mail service providers to declare their ability to | mechanism enabling mail service providers to declare their ability to | |||
| receive Transport Layer Security (TLS) secure SMTP connections, and | receive Transport Layer Security (TLS) secure SMTP connections, and | |||
| to specify whether sending SMTP servers should refuse to deliver to | to specify whether sending SMTP servers should refuse to deliver to | |||
| MX hosts that do not offer TLS with a trusted server certificate. | MX hosts that do not offer TLS with a trusted server certificate. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| provisions of BCP 78 and BCP 79. | provisions of BCP 78 and BCP 79. | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on May 12, 2018. | This Internet-Draft will expire on June 7, 2018. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2017 IETF Trust and the persons identified as the | Copyright (c) 2017 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| carefully, as they describe your rights and restrictions with respect | carefully, as they describe your rights and restrictions with respect | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Related Technologies . . . . . . . . . . . . . . . . . . . . 3 | 2. Related Technologies . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Policy Discovery . . . . . . . . . . . . . . . . . . . . . . 4 | 3. Policy Discovery . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.1. MTA-STS TXT Records . . . . . . . . . . . . . . . . . . . 4 | 3.1. MTA-STS TXT Records . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.2. MTA-STS Policies . . . . . . . . . . . . . . . . . . . . 5 | 3.2. MTA-STS Policies . . . . . . . . . . . . . . . . . . . . 5 | |||
| 3.3. HTTPS Policy Fetching . . . . . . . . . . . . . . . . . . 8 | 3.3. HTTPS Policy Fetching . . . . . . . . . . . . . . . . . . 8 | |||
| 3.4. Policy Selection for Smart Hosts and Subdomains . . . . . 9 | 3.4. Policy Selection for Smart Hosts and Subdomains . . . . . 9 | |||
| 3.5. MX Certificate Validation . . . . . . . . . . . . . . . . 10 | 4. Policy Validation . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 4. Policy Application . . . . . . . . . . . . . . . . . . . . . 10 | 4.1. MX Certificate Validation . . . . . . . . . . . . . . . . 10 | |||
| 4.1. Policy Application Control Flow . . . . . . . . . . . . . 11 | 5. Policy Application . . . . . . . . . . . . . . . . . . . . . 10 | |||
| 5. Reporting Failures . . . . . . . . . . . . . . . . . . . . . 11 | 5.1. Policy Application Control Flow . . . . . . . . . . . . . 11 | |||
| 6. Interoperability Considerations . . . . . . . . . . . . . . . 12 | 6. Reporting Failures . . . . . . . . . . . . . . . . . . . . . 11 | |||
| 6.1. SNI Support . . . . . . . . . . . . . . . . . . . . . . . 12 | 7. Interoperability Considerations . . . . . . . . . . . . . . . 12 | |||
| 6.2. Minimum TLS Version Support . . . . . . . . . . . . . . . 12 | 7.1. SNI Support . . . . . . . . . . . . . . . . . . . . . . . 12 | |||
| 7. Operational Considerations . . . . . . . . . . . . . . . . . 12 | 7.2. Minimum TLS Version Support . . . . . . . . . . . . . . . 12 | |||
| 7.1. Policy Updates . . . . . . . . . . . . . . . . . . . . . 13 | 8. Operational Considerations . . . . . . . . . . . . . . . . . 13 | |||
| 7.2. Policy Delegation . . . . . . . . . . . . . . . . . . . . 13 | 8.1. Policy Updates . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 7.3. Removing MTA-STS . . . . . . . . . . . . . . . . . . . . 14 | 8.2. Policy Delegation . . . . . . . . . . . . . . . . . . . . 13 | |||
| 8. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | 8.3. Removing MTA-STS . . . . . . . . . . . . . . . . . . . . 14 | |||
| 8.1. Well-Known URIs Registry . . . . . . . . . . . . . . . . 14 | 9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14 | |||
| 8.2. MTA-STS TXT Record Fields . . . . . . . . . . . . . . . . 15 | 9.1. Well-Known URIs Registry . . . . . . . . . . . . . . . . 14 | |||
| 8.3. MTA-STS Policy Fields . . . . . . . . . . . . . . . . . . 15 | 9.2. MTA-STS TXT Record Fields . . . . . . . . . . . . . . . . 15 | |||
| 9. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | 9.3. MTA-STS Policy Fields . . . . . . . . . . . . . . . . . . 15 | |||
| 9.1. Obtaining a Signed Certificate . . . . . . . . . . . . . 16 | 10. Security Considerations . . . . . . . . . . . . . . . . . . . 15 | |||
| 9.2. Preventing Policy Discovery . . . . . . . . . . . . . . . 16 | 10.1. Obtaining a Signed Certificate . . . . . . . . . . . . . 16 | |||
| 9.3. Denial of Service . . . . . . . . . . . . . . . . . . . . 17 | 10.2. Preventing Policy Discovery . . . . . . . . . . . . . . 16 | |||
| 9.4. Weak Policy Constraints . . . . . . . . . . . . . . . . . 18 | 10.3. Denial of Service . . . . . . . . . . . . . . . . . . . 17 | |||
| 9.5. Compromise of the Web PKI System . . . . . . . . . . . . 18 | 10.4. Weak Policy Constraints . . . . . . . . . . . . . . . . 18 | |||
| 10. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 | 10.5. Compromise of the Web PKI System . . . . . . . . . . . . 18 | |||
| 11. Appendix 1: MTA-STS example record & policy . . . . . . . . . 19 | 11. Contributors . . . . . . . . . . . . . . . . . . . . . . . . 18 | |||
| 12. Appendix 2: Message delivery pseudocode . . . . . . . . . . . 19 | 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 19 | |||
| 13. References . . . . . . . . . . . . . . . . . . . . . . . . . 22 | 12.1. Normative References . . . . . . . . . . . . . . . . . . 19 | |||
| 13.1. Normative References . . . . . . . . . . . . . . . . . . 22 | 12.2. Informative References . . . . . . . . . . . . . . . . . 20 | |||
| 13.2. Informative References . . . . . . . . . . . . . . . . . 23 | Appendix A. MTA-STS example record & policy . . . . . . . . . . 21 | |||
| 13.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 24 | Appendix B. Message delivery pseudocode . . . . . . . . . . . . 21 | |||
| Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 24 | |||
| 1. Introduction | 1. Introduction | |||
| The STARTTLS extension to SMTP [RFC3207] allows SMTP clients and | The STARTTLS extension to SMTP [RFC3207] allows SMTP clients and | |||
| hosts to negotiate the use of a TLS channel for encrypted mail | hosts to negotiate the use of a TLS channel for encrypted mail | |||
| transmission. | transmission. | |||
| While this opportunistic encryption protocol by itself provides a | While this opportunistic encryption protocol by itself provides a | |||
| high barrier against passive man-in-the-middle traffic interception, | high barrier against passive man-in-the-middle traffic interception, | |||
| skipping to change at page 4, line 5 ¶ | skipping to change at page 4, line 5 ¶ | |||
| 2. Related Technologies | 2. Related Technologies | |||
| The DANE TLSA record [RFC7672] is similar, in that DANE is also | The DANE TLSA record [RFC7672] is similar, in that DANE is also | |||
| designed to upgrade unauthenticated encryption or plaintext | designed to upgrade unauthenticated encryption or plaintext | |||
| transmission into authenticated, downgrade-resistant encrypted | transmission into authenticated, downgrade-resistant encrypted | |||
| transmission. DANE requires DNSSEC [RFC4033] for authentication; the | transmission. DANE requires DNSSEC [RFC4033] for authentication; the | |||
| mechanism described here instead relies on certificate authorities | mechanism described here instead relies on certificate authorities | |||
| (CAs) and does not require DNSSEC, at a cost of risking malicious | (CAs) and does not require DNSSEC, at a cost of risking malicious | |||
| downgrades. For a thorough discussion of this trade-off, see | downgrades. For a thorough discussion of this trade-off, see | |||
| Section 9, "Security Considerations". | Section 10, "Security Considerations". | |||
| In addition, MTA-STS provides an optional report-only mode, enabling | In addition, MTA-STS provides an optional report-only mode, enabling | |||
| soft deployments to detect policy failures; partial deployments can | soft deployments to detect policy failures; partial deployments can | |||
| be achieved in DANE by deploying TLSA records only for some of a | be achieved in DANE by deploying TLSA records only for some of a | |||
| domain's MXs, but such a mechanism is not possible for the per-domain | domain's MXs, but such a mechanism is not possible for the per-domain | |||
| policies used by MTA-STS. | policies used by MTA-STS. | |||
| The primary motivation of MTA-STS is to provide a mechanism for | The primary motivation of MTA-STS is to provide a mechanism for | |||
| domains to upgrade their transport security even when deploying | domains to ensure transport security even when deploying DNSSEC is | |||
| DNSSEC is undesirable or impractical. However, MTA-STS is designed | undesirable or impractical. However, MTA-STS is designed not to | |||
| not to interfere with DANE deployments when the two overlap; in | interfere with DANE deployments when the two overlap; in particular, | |||
| particular, senders who implement MTA-STS validation MUST NOT allow a | senders who implement MTA-STS validation MUST NOT allow a "valid" or | |||
| "valid" or "report-only" MTA-STS validation to override a failing | "report-only" MTA-STS validation to override a failing DANE | |||
| DANE validation. | validation. | |||
| 3. Policy Discovery | 3. Policy Discovery | |||
| MTA-STS policies are distributed via HTTPS from a "well-known" | MTA-STS policies are distributed via HTTPS from a "well-known" | |||
| [RFC5785] path served within the Policy Domain, and their presence | [RFC5785] path served within the Policy Domain, and their presence | |||
| and current version are indicated by a TXT record at the Policy | and current version are indicated by a TXT record at the Policy | |||
| Domain. These TXT records additionally contain a policy "id" field, | Domain. These TXT records additionally contain a policy "id" field, | |||
| allowing sending MTAs to check the currency of a cached policy | allowing sending MTAs to check the currency of a cached policy | |||
| without performing an HTTPS request. | without performing an HTTPS request. | |||
| skipping to change at page 5, line 10 ¶ | skipping to change at page 5, line 10 ¶ | |||
| updated by comparing to the "id" of a previously seen policy. | updated by comparing to the "id" of a previously seen policy. | |||
| There is no implied ordering of "id" fields between revisions. | There is no implied ordering of "id" fields between revisions. | |||
| An example TXT record is as below: | An example TXT record is as below: | |||
| "_mta-sts.example.com. IN TXT "v=STSv1; id=20160831085700Z;"" | "_mta-sts.example.com. IN TXT "v=STSv1; id=20160831085700Z;"" | |||
| The formal definition of the "_mta-sts" TXT record, defined using | The formal definition of the "_mta-sts" TXT record, defined using | |||
| [RFC7405], is as follows: | [RFC7405], is as follows: | |||
| sts-text-record = sts-version 1*(field-delim sts-field) [field-delim] | sts-text-record = sts-version 1*(field-delim sts-field) [field-delim] | |||
| sts-field = sts-id / ; Note that sts-id record | sts-field = sts-id / ; Note that sts-id record | |||
| sts-extension ; is required. | sts-extension ; is required. | |||
| field-delim = *WSP ";" *WSP | field-delim = *WSP ";" *WSP | |||
| sts-version = %s"v=STSv1" | sts-version = %s"v=STSv1" | |||
| sts-id = %s"id=" 1*32(ALPHA / DIGIT) ; id=... | sts-id = %s"id=" 1*32(ALPHA / DIGIT) ; id=... | |||
| sts-extension = sts-ext-name "=" sts-ext-value ; name=value | sts-extension = sts-ext-name "=" sts-ext-value ; name=value | |||
| sts-ext-name = (ALPHA / DIGIT) *31(ALPHA / DIGIT / "_" / "-" / ".") | sts-ext-name = (ALPHA / DIGIT) | |||
| *31(ALPHA / DIGIT / "_" / "-" / ".") | ||||
| sts-ext-value = 1*(%x21-3A / %x3C / %x3E-7E) ; chars excluding "=", | sts-ext-value = 1*(%x21-3A / %x3C / %x3E-7E) | |||
| ; ";", SP, and control | ; chars excluding "=", ";", SP, and control chars | |||
| ; chars | ||||
| If multiple TXT records for "_mta-sts" are returned by the resolver, | If multiple TXT records for "_mta-sts" are returned by the resolver, | |||
| records which do not begin with "v=STSv1;" are discarded. If the | records which do not begin with "v=STSv1;" are discarded. If the | |||
| number of resulting records is not one, senders MUST assume the | number of resulting records is not one, senders MUST assume the | |||
| recipient domain does not implement MTA-STS and skip the remaining | recipient domain does not implement MTA-STS and skip the remaining | |||
| steps of policy discovery. If the resulting TXT record contains | steps of policy discovery. If the resulting TXT record contains | |||
| multiple strings, then the record MUST be treated as if those strings | multiple strings, then the record MUST be treated as if those strings | |||
| are concatenated together without adding spaces. | are concatenated together without adding spaces. | |||
| 3.2. MTA-STS Policies | 3.2. MTA-STS Policies | |||
| skipping to change at page 5, line 52 ¶ | skipping to change at page 6, line 5 ¶ | |||
| the "mta-sts" host at the Policy Domain. Thus for "example.com" the | the "mta-sts" host at the Policy Domain. Thus for "example.com" the | |||
| path is "https://mta-sts.example.com/.well-known/mta-sts.txt". | path is "https://mta-sts.example.com/.well-known/mta-sts.txt". | |||
| The [RFC7231] "Content-Type" media type for this resource MUST be | The [RFC7231] "Content-Type" media type for this resource MUST be | |||
| "text/plain". When fetching a policy, senders SHOULD validate that | "text/plain". When fetching a policy, senders SHOULD validate that | |||
| the media type is "text/plain" to guard against cases where | the media type is "text/plain" to guard against cases where | |||
| webservers allow untrusted users to host non-text content (typically, | webservers allow untrusted users to host non-text content (typically, | |||
| HTML or images) at a user-defined path. Additional "Content-Type" | HTML or images) at a user-defined path. Additional "Content-Type" | |||
| parameters are ignored. | parameters are ignored. | |||
| This resource contains the following line-separated key/value pairs: | This resource contains the following newline-separated key/value | |||
| pairs: | ||||
| o "version": (plain-text). Currently only "STSv1" is supported. | o "version": (plain-text). Currently only "STSv1" is supported. | |||
| o "mode": (plain-text). One of "enforce", "report", or "none", | o "mode": (plain-text). One of "enforce", "testing", or "none", | |||
| indicating the expected behavior of a sending MTA in the case of a | indicating the expected behavior of a sending MTA in the case of a | |||
| policy validation failure. | policy validation failure. | |||
| o "max_age": Max lifetime of the policy (plain-text non-negative | o "max_age": Max lifetime of the policy (plain-text non-negative | |||
| integer seconds, maximum value of 31557600). Well-behaved clients | integer seconds, maximum value of 31557600). Well-behaved clients | |||
| SHOULD cache a policy for up to this value from last policy fetch | SHOULD cache a policy for up to this value from last policy fetch | |||
| time. To mitigate the risks of attacks at policy refresh time, it | time. To mitigate the risks of attacks at policy refresh time, it | |||
| is expected that this value typically be in the range of weeks or | is expected that this value typically be in the range of weeks or | |||
| greater. | greater. | |||
| skipping to change at page 6, line 33 ¶ | skipping to change at page 6, line 36 ¶ | |||
| that mail for this domain might be handled by any MX with a | that mail for this domain might be handled by any MX with a | |||
| certificate valid for a host at "mail.example.com" or | certificate valid for a host at "mail.example.com" or | |||
| "example.net". Valid patterns can be either fully specified names | "example.net". Valid patterns can be either fully specified names | |||
| ("example.com") or suffixes (".example.net") matching the right- | ("example.com") or suffixes (".example.net") matching the right- | |||
| hand parts of a server's identity; the latter case are | hand parts of a server's identity; the latter case are | |||
| distinguished by a leading period. If there are more than one MX | distinguished by a leading period. If there are more than one MX | |||
| specified by the policy, they MUST be on separate lines within the | specified by the policy, they MUST be on separate lines within the | |||
| policy file. In the case of Internationalized Domain Names | policy file. In the case of Internationalized Domain Names | |||
| ([RFC5891]), the MX MUST specify the Punycode-encoded A-label | ([RFC5891]), the MX MUST specify the Punycode-encoded A-label | |||
| [RFC3492] and not the Unicode-encoded U-label. The full semantics | [RFC3492] and not the Unicode-encoded U-label. The full semantics | |||
| of certificate validation are described in Section 3.5, "MX | of certificate validation are described in Section 4.1, "MX | |||
| Certificate Validation." | Certificate Validation." | |||
| An example policy is as below: | An example policy is as below: | |||
| version: STSv1 | version: STSv1 | |||
| mode: enforce | mode: enforce | |||
| mx: mail.example.com | mx: mail.example.com | |||
| mx: .example.net | mx: .example.net | |||
| mx: backupmx.example.com | mx: backupmx.example.com | |||
| max_age: 123456 | max_age: 123456 | |||
| The formal definition of the policy resource, defined using | The formal definition of the policy resource, defined using | |||
| [RFC7405], is as follows: | [RFC7405], is as follows: | |||
| sts-policy-record = *WSP sts-policy-field *WSP | sts-policy-record = *WSP sts-policy-field *WSP | |||
| *(CRLF *WSP sts-policy-field *WSP) | *(CRLF *WSP sts-policy-field *WSP) | |||
| [CRLF] | ||||
| sts-policy-field = sts-policy-version / ; required once | [CRLF] | |||
| sts-policy-mode / ; required once | ||||
| sts-policy-max-age / ; required once | ||||
| 0*(sts-policy-mx *WSP CRLF) / ; required at | ||||
| ; least once | ||||
| ; except when mode | ||||
| ; is "none" | ||||
| sts-policy-extension ; other fields | ||||
| field-delim = ":" *WSP | sts-policy-field = sts-policy-version / ; required once | |||
| sts-policy-mode / ; required once | ||||
| sts-policy-max-age / ; required once | ||||
| sts-policy-version = sts-policy-version-field field-delim | 0*(sts-policy-mx *WSP CRLF) / | |||
| sts-policy-version-value | ; required at least once, except when | |||
| ; mode is "none" | ||||
| sts-policy-version-field = %s"version" | sts-policy-extension ; other fields | |||
| sts-policy-version-value = %s"STSv1" | field-delim = ":" *WSP | |||
| sts-policy-mode = sts-policy-mode-field field-delim | sts-policy-version = sts-policy-version-field field-delim | |||
| sts-policy-mode-value | sts-policy-version-value | |||
| sts-policy-mode-field = %s"mode" | sts-policy-version-field = %s"version" | |||
| sts-policy-model-value = %s"report" / %s"enforce" / %s"none" | sts-policy-version-value = %s"STSv1" | |||
| sts-policy-mx = sts-policy-mx-field field-delim | sts-policy-mode = sts-policy-mode-field field-delim | |||
| sts-policy-mx-value | sts-policy-mode-value | |||
| sts-policy-mx-field = %s"mx" | sts-policy-mode-field = %s"mode" | |||
| sts-policy-mx-value = 1*(ALPHA / DIGIT / "_" / "-" / ".") | sts-policy-model-value = %s"testing" / %s"enforce" / %s"none" | |||
| sts-policy-max-age = sts-policy-max-age-field field-delim | sts-policy-mx = sts-policy-mx-field field-delim | |||
| sts-policy-max-age-value | sts-policy-mx-value | |||
| sts-policy-max-age-field = %s"max_age" | sts-policy-mx-field = %s"mx" | |||
| sts-policy-max-age-value = 1*10(DIGIT) | sts-policy-mx-value = 1*(ALPHA / DIGIT / "_" / "-" / ".") | |||
| sts-policy-extension = sts-policy-ext-name field-delim ; additional | sts-policy-max-age = sts-policy-max-age-field field-delim | |||
| sts-policy-ext-value ; extension | sts-policy-max-age-value | |||
| ; fields | ||||
| sts-policy-ext-name = (ALPHA / DIGIT) | sts-policy-max-age-field = %s"max_age" | |||
| *31(ALPHA / DIGIT / "_" / "-" / ".") | ||||
| sts-policy-ext-value = 1*(%x21-3A / %x3C / %x3E-7E) ; chars excluding | sts-policy-max-age-value = 1*10(DIGIT) | |||
| ; "=", ";", SP, | ||||
| ; and control | sts-policy-extension = sts-policy-ext-name ; additional | |||
| ; chars | field-delim ; extension | |||
| sts-policy-ext-value ; fields | ||||
| sts-policy-ext-name = (ALPHA / DIGIT) | ||||
| *31(ALPHA / DIGIT / "_" / "-" / ".") | ||||
| sts-policy-ext-value = 1*(%x21-3A / %x3C / %x3E-7E) | ||||
| ; chars, excluding "=", ";", SP, and | ||||
| ; control chars | ||||
| Parsers MUST accept TXT records and policy files which are | Parsers MUST accept TXT records and policy files which are | |||
| syntactically valid (i.e. valid key/value pairs separated by semi- | syntactically valid (i.e. valid key/value pairs separated by semi- | |||
| colons for TXT records) and but containing additional key/value pairs | colons for TXT records) and but containing additional key/value pairs | |||
| not specified in this document, in which case unknown fields SHALL be | not specified in this document, in which case unknown fields SHALL be | |||
| ignored. If any non-repeated field--i.e. all fields excepting "mx"-- | ignored. If any non-repeated field--i.e. all fields excepting "mx"-- | |||
| is duplicated, all entries except for the first SHALL be ignored. If | is duplicated, all entries except for the first SHALL be ignored. If | |||
| any field is not specified, the policy SHALL be treated as invalid. | any field is not specified, the policy SHALL be treated as invalid. | |||
| 3.3. HTTPS Policy Fetching | 3.3. HTTPS Policy Fetching | |||
| skipping to change at page 9, line 17 ¶ | skipping to change at page 9, line 21 ¶ | |||
| If a valid TXT record is found but no policy can be fetched via HTTPS | If a valid TXT record is found but no policy can be fetched via HTTPS | |||
| (for any reason), and there is no valid (non-expired) previously- | (for any reason), and there is no valid (non-expired) previously- | |||
| cached policy, senders MUST continue with delivery as though the | cached policy, senders MUST continue with delivery as though the | |||
| domain has not implemented MTA-STS. | domain has not implemented MTA-STS. | |||
| Conversely, if no "live" policy can be discovered via DNS or fetched | Conversely, if no "live" policy can be discovered via DNS or fetched | |||
| via HTTPS, but a valid (non-expired) policy exists in the sender's | via HTTPS, but a valid (non-expired) policy exists in the sender's | |||
| cache, the sender MUST apply that cached policy. | cache, the sender MUST apply that cached policy. | |||
| Finally, to mitigate the risk of persistent interference with policy | ||||
| refresh, as discussed in-depth in Section 10, MTAs SHOULD | ||||
| proactivecly refresh cached policies before they expire; a suggested | ||||
| refresh frequency is once per day. To enable administrators to | ||||
| discover problems with policy refresh, MTAs SHOULD alert | ||||
| administrators (through the use of logs or similar) when such | ||||
| attempts fail, unless the cached policy mode is "none". | ||||
| 3.4. Policy Selection for Smart Hosts and Subdomains | 3.4. Policy Selection for Smart Hosts and Subdomains | |||
| When sending mail via a "smart host"--an intermediate SMTP relay | When sending mail via a "smart host"--an intermediate SMTP relay | |||
| rather than the message recipient's server--compliant senders MUST | rather than the message recipient's server--compliant senders MUST | |||
| treat the smart host domain as the policy domain for the purposes of | treat the smart host domain as the policy domain for the purposes of | |||
| policy discovery and application. | policy discovery and application. | |||
| When sending mail to a mailbox at a subdomain, compliant senders MUST | When sending mail to a mailbox at a subdomain, compliant senders MUST | |||
| NOT attempt to fetch a policy from the parent zone. Thus for mail | NOT attempt to fetch a policy from the parent zone. Thus for mail | |||
| sent to "user@mail.example.com", the policy can be fetched only from | sent to "user@mail.example.com", the policy can be fetched only from | |||
| "mail.example.com", not "example.com". | "mail.example.com", not "example.com". | |||
| #Policy Validation | 4. Policy Validation | |||
| When sending to an MX at a domain for which the sender has a valid | When sending to an MX at a domain for which the sender has a valid | |||
| and non-expired MTA-STS policy, a sending MTA honoring MTA-STS MUST | and non-expired MTA-STS policy, a sending MTA honoring MTA-STS MUST | |||
| validate: | validate: | |||
| 1. That the recipient MX supports STARTTLS and offers a valid PKIX- | 1. That the recipient MX supports STARTTLS and offers a valid PKIX- | |||
| based TLS certificate. | based TLS certificate. | |||
| 2. That at least one of the policy's "mx" patterns matches at least | 2. That at least one of the policy's "mx" patterns matches at least | |||
| one of the identities presented in the MX's X.509 certificate, as | one of the identities presented in the MX's X.509 certificate, as | |||
| described in "MX Certificate Validation". | described in "MX Certificate Validation". | |||
| This section does not dictate the behavior of sending MTAs when | This section does not dictate the behavior of sending MTAs when | |||
| policies fail to validate; in particular, validation failures of | policies fail to validate; see Section 5, "Policy Application" for a | |||
| policies which specify mode values of "report" or "none" MUST NOT be | description of sending MTA behavior when policy validation fails. | |||
| interpreted as delivery failures, as described in Section 4, "Policy | ||||
| Application". | ||||
| 3.5. MX Certificate Validation | 4.1. MX Certificate Validation | |||
| The certificate presented by the receiving MX MUST chain to a root CA | The certificate presented by the receiving MX MUST chain to a root CA | |||
| that is trusted by the sending MTA and be non-expired. The | that is trusted by the sending MTA and be non-expired. The | |||
| certificate MUST have a CN-ID ([RFC6125]) or subject alternative name | certificate MUST have a CN-ID ([RFC6125]) or subject alternative name | |||
| (SAN, [RFC5280]) with a DNS-ID matching the "mx" pattern. The MX's | (SAN, [RFC5280]) with a DNS-ID matching the "mx" pattern. The MX's | |||
| certificate MAY also be checked for revocation via OCSP [RFC6960], | certificate MAY also be checked for revocation via OCSP [RFC6960], | |||
| CRLs [RFC6818], or some other mechanism. | CRLs [RFC6818], or some other mechanism. | |||
| Because the "mx" patterns are not hostnames, however, matching is not | Because the "mx" patterns are not hostnames, however, matching is not | |||
| identical to other common cases of X.509 certificate authentication | identical to other common cases of X.509 certificate authentication | |||
| (as described, for example, in [RFC6125]). Consider the example | (as described, for example, in [RFC6125]). Consider the example | |||
| policy given above, with an "mx" pattern containing ".example.com". | policy given above, with an "mx" pattern containing ".example.com". | |||
| In this case, if the MX server's X.509 certificate contains a SAN | In this case, if the MX server's X.509 certificate contains a SAN | |||
| matching "*.example.com", we are required to implement "wildcard-to- | matching "*.example.com", we are required to implement "wildcard-to- | |||
| wildcard" matching. | wildcard" matching. | |||
| To simplify this case, we impose the following constraints on | To simplify this case, we impose the following constraints on | |||
| wildcard certificates, identical to those in [RFC7672] section 3.2.3 | wildcard certificates, identical to those in [RFC7672] section 3.2.3 | |||
| and [@?RFC6125 section 6.4.3: wildcards are valid in DNS-IDs or CN- | and [RFC6125] section 6.4.3: wildcards are valid in DNS-IDs or CN- | |||
| IDs, but must be the entire first label of the identifier (that is, | IDs, but must be the entire first label of the identifier (that is, | |||
| "*.example.com", not "mail*.example.com"). Senders who are comparing | "*.example.com", not "mail*.example.com"). Senders who are comparing | |||
| a "suffix" MX pattern with a wildcard identifier should thus strip | a "suffix" MX pattern with a wildcard identifier should thus strip | |||
| the wildcard and ensure that the two sides match label-by-label, | the wildcard and ensure that the two sides match label-by-label, | |||
| until all labels of the shorter side (if unequal length) are | until all labels of the shorter side (if unequal length) are | |||
| consumed. | consumed. | |||
| Note that a wildcard _must_ match a label; an "mx" pattern of | Note that a wildcard must match a label; an "mx" pattern of | |||
| ".example.com" thus does not match a SAN of "example.com", nor does a | ".example.com" thus does not match a SAN of "example.com", nor does a | |||
| SAN of "*.example.com" match an "mx" of "example.com". | SAN of "*.example.com" match an "mx" of "example.com". | |||
| A simple pseudocode implementation of this algorithm is presented in | A simple pseudocode implementation of this algorithm is presented in | |||
| the Appendix. | Appendix B. | |||
| 4. Policy Application | 5. Policy Application | |||
| When sending to an MX at a domain for which the sender has a valid, | When sending to an MX at a domain for which the sender has a valid, | |||
| non-expired MTA-STS policy, a sending MTA honoring MTA-STS applies | non-expired MTA-STS policy, a sending MTA honoring MTA-STS applies | |||
| the result of a policy validation failure one of two ways, depending | the result of a policy validation failure one of two ways, depending | |||
| on the value of the policy "mode" field: | on the value of the policy "mode" field: | |||
| 1. "enforce": In this mode, sending MTAs MUST NOT deliver the | 1. "enforce": In this mode, sending MTAs MUST NOT deliver the | |||
| message to hosts which fail MX matching or certificate | message to hosts which fail MX matching or certificate | |||
| validation. | validation. | |||
| 2. "report": In this mode, sending MTAs which also implement the | 2. "report": In this mode, sending MTAs which also implement the | |||
| TLSRPT specification (TODO: add ref) merely send a report | TLSRPT specification [I-D.ietf-uta-smtp-tlsrpt] merely send a | |||
| indicating policy application failures (so long as TLSRPT is also | report indicating policy application failures (so long as TLSRPT | |||
| implemented by the recipient domain). | is also implemented by the recipient domain). | |||
| 3. "none": In this mode, sending MTAs should treat the policy domain | 3. "none": In this mode, sending MTAs should treat the policy domain | |||
| as though it does not have any active policy; see Section 7.3, | as though it does not have any active policy; see Section 8.3, | |||
| "Removing MTA-STS", for use of this mode value. | "Removing MTA-STS", for use of this mode value. | |||
| When a message fails to deliver due to an "enforce" policy, a | When a message fails to deliver due to an "enforce" policy, a | |||
| compliant MTA MUST NOT permanently fail to deliver messages before | compliant MTA MUST NOT permanently fail to deliver messages before | |||
| checking for the presence of an updated policy at the Policy Domain. | checking for the presence of an updated policy at the Policy Domain. | |||
| (In all cases, MTAs SHOULD treat such failures as transient errors | (In all cases, MTAs SHOULD treat such failures as transient errors | |||
| and retry delivery later.) This allows implementing domains to | and retry delivery later.) This allows implementing domains to | |||
| update long-lived policies on the fly. | update long-lived policies on the fly. | |||
| 4.1. Policy Application Control Flow | 5.1. Policy Application Control Flow | |||
| An example control flow for a compliant sender consists of the | An example control flow for a compliant sender consists of the | |||
| following steps: | following steps: | |||
| 1. Check for a cached policy whose time-since-fetch has not exceeded | 1. Check for a cached policy whose time-since-fetch has not exceeded | |||
| its "max_age". If none exists, attempt to fetch a new policy | its "max_age". If none exists, attempt to fetch a new policy | |||
| (perhaps asynchronously, so as not to block message delivery). | (perhaps asynchronously, so as not to block message delivery). | |||
| Optionally, sending MTAs may unconditionally check for a new | Optionally, sending MTAs may unconditionally check for a new | |||
| policy at this step. | policy at this step. | |||
| 2. For each candidate MX, in order of MX priority, attempt to | 2. For each candidate MX, in order of MX priority, attempt to | |||
| deliver the message, enforcing STARTTLS and, assuming a policy is | deliver the message, enforcing STARTTLS and, assuming a policy is | |||
| present, PKIX certificate validation as described in Section 3.5, | present, PKIX certificate validation as described in Section 4.1, | |||
| "MX Certificate Validation." | "MX Certificate Validation." | |||
| 3. A message delivery MUST NOT be permanently failed until the | 3. A message delivery MUST NOT be permanently failed until the | |||
| sender has first checked for the presence of a new policy (as | sender has first checked for the presence of a new policy (as | |||
| indicated by the "id" field in the "_mta-sts" TXT record). If a | indicated by the "id" field in the "_mta-sts" TXT record). If a | |||
| new policy is not found, existing rules for the case of temporary | new policy is not found, existing rules for the case of temporary | |||
| message delivery failures apply (as discussed in [RFC5321] | message delivery failures apply (as discussed in [RFC5321] | |||
| section 4.5.4.1). | section 4.5.4.1). | |||
| 5. Reporting Failures | 6. Reporting Failures | |||
| MTA-STS is intended to be used along with TLSRPT (TODO: add ref) in | MTA-STS is intended to be used along with TLSRPT | |||
| order to ensure implementing domains can detect cases of both benign | [I-D.ietf-uta-smtp-tlsrpt] in order to ensure implementing domains | |||
| and malicious failures, and to ensure that failures that indicate an | can detect cases of both benign and malicious failures, and to ensure | |||
| active attack are discoverable. As such, senders who also implement | that failures that indicate an active attack are discoverable. As | |||
| TLSRPT SHOULD treat the following events as reportable failures: | such, senders who also implement TLSRPT SHOULD treat the following | |||
| events as reportable failures: | ||||
| o HTTPS policy fetch failures when a valid TXT record is present. | o HTTPS policy fetch failures when a valid TXT record is present. | |||
| o Policy fetch failures of any kind when a valid policy exists in | o Policy fetch failures of any kind when a valid policy exists in | |||
| the policy cache, except if that policy's mode is "none". | the policy cache, except if that policy's mode is "none". | |||
| o Delivery attempts in which a contacted MX does not support | o Delivery attempts in which a contacted MX does not support | |||
| STARTTLS or does not present a certificate which validates | STARTTLS or does not present a certificate which validates | |||
| according to the applied policy, except if that policy's mode is | according to the applied policy, except if that policy's mode is | |||
| "none". | "none". | |||
| 6. Interoperability Considerations | 7. Interoperability Considerations | |||
| 6.1. SNI Support | 7.1. SNI Support | |||
| To ensure that the server sends the right certificate chain, the SMTP | To ensure that the server sends the right certificate chain, the SMTP | |||
| client MUST have support for the TLS SNI extension [RFC6066]. When | client MUST have support for the TLS SNI extension [RFC6066]. When | |||
| connecting to a HTTP server to retrieve the MTA-STS policy, the SNI | connecting to a HTTP server to retrieve the MTA-STS policy, the SNI | |||
| extension MUST contain the name of the policy host (e.g. "mta- | extension MUST contain the name of the policy host (e.g. "mta- | |||
| sts.example.com"). When connecting to an SMTP server, the SNI | sts.example.com"). When connecting to an SMTP server, the SNI | |||
| extension MUST contain the MX hostname. | extension MUST contain the MX hostname. | |||
| HTTP servers used to deliver MTA-STS policies MUST have support for | HTTP servers used to deliver MTA-STS policies MUST have support for | |||
| the TLS SNI extension and MAY rely on SNI to determine which | the TLS SNI extension and MAY rely on SNI to determine which | |||
| certificate chain to present to the client. In either case, HTTP | certificate chain to present to the client. In either case, HTTP | |||
| servers MUST respond with a certificate chain that matches the policy | servers MUST respond with a certificate chain that matches the policy | |||
| hostname or abort the TLS handshake if unable to do so. | hostname or abort the TLS handshake if unable to do so. | |||
| SMTP servers MUST have support for the TLS SNI extension and MAY rely | SMTP servers MUST have support for the TLS SNI extension and MAY rely | |||
| on SNI to determine which certificate chain to present to the client. | on SNI to determine which certificate chain to present to the client. | |||
| If the client sends no SNI extension or sends an SNI extension for an | If the client sends no SNI extension or sends an SNI extension for an | |||
| unsupported server name, the server MUST simply send a fallback | unsupported server name, the server MUST simply send a fallback | |||
| certificate chain of its choice. The reason for not enforcing strict | certificate chain of its choice. The reason for not enforcing strict | |||
| matching of the requested SNI hostname is that MTA-STS TLS clients | matching of the requested SNI hostname is that MTA-STS TLS clients | |||
| may be typically willing to accept multiple server names but can only | may be typically willing to accept multiple server names but can only | |||
| send one name in the SNI extension. The server's fallback | send one name in the SNI extension. The server's fallback | |||
| certificate may match a different name that is acceptable to the | certificate may match a different name that is acceptable to the | |||
| client, e.g., the original next-hop domain. | client, e.g., the original next-hop domain. | |||
| 6.2. Minimum TLS Version Support | 7.2. Minimum TLS Version Support | |||
| MTAs supporting MTA-STS MUST have support for TLS version 1.2 | MTAs supporting MTA-STS MUST have support for TLS version 1.2 | |||
| [RFC5246] or higher. The general TLS usage guidance in [RFC7525] | [RFC5246] or higher. The general TLS usage guidance in [RFC7525] | |||
| SHOULD be followed. | SHOULD be followed. | |||
| 7. Operational Considerations | 8. Operational Considerations | |||
| 7.1. Policy Updates | ||||
| 8.1. Policy Updates | ||||
| Updating the policy requires that the owner make changes in two | Updating the policy requires that the owner make changes in two | |||
| places: the "_mta-sts" TXT record in the Policy Domain's DNS zone and | places: the "_mta-sts" TXT record in the Policy Domain's DNS zone and | |||
| at the corresponding HTTPS endpoint. As a result, recipients should | at the corresponding HTTPS endpoint. As a result, recipients should | |||
| expect a policy will continue to be used by senders until both the | expect a policy will continue to be used by senders until both the | |||
| HTTPS and TXT endpoints are updated and the TXT record's TTL has | HTTPS and TXT endpoints are updated and the TXT record's TTL has | |||
| passed. | passed. | |||
| In other words, a sender who is unable to successfully deliver a | In other words, a sender who is unable to successfully deliver a | |||
| message while applying a cache of the recipient's now-outdated policy | message while applying a cache of the recipient's now-outdated policy | |||
| may be unable to discover that a new policy exists until the DNS TTL | may be unable to discover that a new policy exists until the DNS TTL | |||
| has passed. Recipients should therefore ensure that old policies | has passed. Recipients should therefore ensure that old policies | |||
| continue to work for message delivery during this period of time, or | continue to work for message delivery during this period of time, or | |||
| risk message delays. | risk message delays. | |||
| Recipients should also prefer to update the HTTPS policy body before | Recipients should also prefer to update the HTTPS policy body before | |||
| updating the TXT record; this ordering avoids the risk that senders, | updating the TXT record; this ordering avoids the risk that senders, | |||
| seeing a new TXT record, mistakenly cache the old policy from HTTPS. | seeing a new TXT record, mistakenly cache the old policy from HTTPS. | |||
| 7.2. Policy Delegation | 8.2. Policy Delegation | |||
| Domain owners commonly delegate SMTP hosting to a different | Domain owners commonly delegate SMTP hosting to a different | |||
| organization, such as an ISP or a Web host. In such a case, they may | organization, such as an ISP or a Web host. In such a case, they may | |||
| wish to also delegate the MTA-STS policy to the same organization | wish to also delegate the MTA-STS policy to the same organization | |||
| which can be accomplished with two changes. | which can be accomplished with two changes. | |||
| First, the Policy Domain must point the "_mta-sts" record, via CNAME, | First, the Policy Domain must point the "_mta-sts" record, via CNAME, | |||
| to the "_mta-sts" record maintained by the hosting organization. | to the "_mta-sts" record maintained by the hosting organization. | |||
| This allows the hosting organization to control update signaling. | This allows the hosting organization to control update signaling. | |||
| Second, the Policy Domain must point the "well-known" policy location | Second, the Policy Domain must point the "well-known" policy location | |||
| to the hosting organization. This can be done either by setting the | to the hosting organization. This can be done either by setting the | |||
| "mta-sts" record to a host or CNAME specified by the hosting | "mta-sts" record to an IP address or CNAME specified by the hosting | |||
| organization and by giving the hosting organization a TLS certificate | organization and by giving the hosting organization a TLS certificate | |||
| which is valid for that host, or by setting up a "reverse proxy" | which is valid for that host, or by setting up a "reverse proxy" | |||
| (also known as a "gateway") server that serves as the Policy Domain's | (also known as a "gateway") server that serves as the Policy Domain's | |||
| policy the policy currently served by the hosting organization. | policy the policy currently served by the hosting organization. | |||
| For example, given a user domain "user.com" hosted by a mail provider | For example, given a user domain "user.example" hosted by a mail | |||
| "provider.com", the following configuration would allow policy | provider "provider.example", the following configuration would allow | |||
| delegation: | policy delegation: | |||
| DNS: | DNS: | |||
| _mta-sts.user.com. IN CNAME _mta-sts.provider.com. | _mta-sts.user.example. IN CNAME _mta-sts.provider.example. | |||
| Policy: | Policy: | |||
| > GET /.well-known/mta-sts.txt | > GET /.well-known/mta-sts.txt | |||
| > Host: mta-sts.user.com | > Host: mta-sts.user.example | |||
| < HTTP/1.1 200 OK # Response proxies content from https://mta-sts.provider.com | < HTTP/1.1 200 OK # Response proxies content from | |||
| # https://mta-sts.provider.example | ||||
| Note that while sending MTAs MUST NOT use HTTP caching when fetching | Note that while sending MTAs MUST NOT use HTTP caching when fetching | |||
| policies via HTTPS, such caching may nonetheless be useful to a | policies via HTTPS, such caching may nonetheless be useful to a | |||
| reverse proxy configured as described in this section. An HTTPS | reverse proxy configured as described in this section. An HTTPS | |||
| policy endpoint expecting to be proxied for multiple hosted domains-- | policy endpoint expecting to be proxied for multiple hosted domains-- | |||
| as with a large mail hosting provider or similar--may wish to | as with a large mail hosting provider or similar--may wish to | |||
| indicate an HTTP Cache-Control "max-age" response directive (as | indicate an HTTP Cache-Control "max-age" response directive (as | |||
| specified in [RFC7234]) of 60 seconds as a reasonable value to save | specified in [RFC7234]) of 60 seconds as a reasonable value to save | |||
| reverse proxies an unnecessarily high-rate of proxied policy | reverse proxies an unnecessarily high-rate of proxied policy | |||
| fetching. | fetching. | |||
| 7.3. Removing MTA-STS | 8.3. Removing MTA-STS | |||
| In order to facilitate clean opt-out of MTA-STS by implementing | In order to facilitate clean opt-out of MTA-STS by implementing | |||
| policy domains, and to distinguish clearly between failures which | policy domains, and to distinguish clearly between failures which | |||
| indicate attacks and those which indicate such opt-outs, MTA-STS | indicate attacks and those which indicate such opt-outs, MTA-STS | |||
| implements the "none" mode, which allows validated policies to | implements the "none" mode, which allows validated policies to | |||
| indicate authoritatively that the policy domain wishes to no longer | indicate authoritatively that the policy domain wishes to no longer | |||
| implement MTA-STS and may, in the future, remove the MTA-STS TXT and | implement MTA-STS and may, in the future, remove the MTA-STS TXT and | |||
| policy endpoints entirely. | policy endpoints entirely. | |||
| A suggested workflow to implement such an opt out is as follows: | A suggested workflow to implement such an opt out is as follows: | |||
| skipping to change at page 14, line 42 ¶ | skipping to change at page 14, line 45 ¶ | |||
| "max_age" (e.g. one day). | "max_age" (e.g. one day). | |||
| 2. Publish a new TXT record to trigger fetching of the new policy. | 2. Publish a new TXT record to trigger fetching of the new policy. | |||
| 3. When all previously served policies have expired--normally this | 3. When all previously served policies have expired--normally this | |||
| is the time the previously published policy was last served plus | is the time the previously published policy was last served plus | |||
| that policy's "max_age", but note that older policies may have | that policy's "max_age", but note that older policies may have | |||
| been served with a greater "max_age", allowing overlapping policy | been served with a greater "max_age", allowing overlapping policy | |||
| caches--safely remove the TXT record and HTTPS endpoint. | caches--safely remove the TXT record and HTTPS endpoint. | |||
| 8. IANA Considerations | 9. IANA Considerations | |||
| 8.1. Well-Known URIs Registry | 9.1. Well-Known URIs Registry | |||
| A new .well-known URI will be registered in the Well-Known URIs | A new "well-known" URI as described in Section 3 will be registered | |||
| registry as described below: | in the Well-Known URIs registry as described below: | |||
| URI Suffix: mta-sts.txt Change Controller: IETF | URI Suffix: mta-sts.txt Change Controller: IETF | |||
| 8.2. MTA-STS TXT Record Fields | 9.2. MTA-STS TXT Record Fields | |||
| IANA is requested to create a new registry titled "MTA-STS TXT Record | IANA is requested to create a new registry titled "MTA-STS TXT Record | |||
| Fields". The initial entries in the registry are: | Fields". The initial entries in the registry are: | |||
| +------------+--------------------+------------------------+ | +------------+--------------------+------------------------+ | |||
| | Field Name | Description | Reference | | | Field Name | Description | Reference | | |||
| +------------+--------------------+------------------------+ | +------------+--------------------+------------------------+ | |||
| | v | Record version | Section 3.1 of RFC XXX | | | v | Record version | Section 3.1 of RFC XXX | | |||
| | id | Policy instance ID | Section 3.1 of RFC XXX | | | id | Policy instance ID | Section 3.1 of RFC XXX | | |||
| +------------+--------------------+------------------------+ | +------------+--------------------+------------------------+ | |||
| New fields are added to this registry using IANA's "Expert Review" | New fields are added to this registry using IANA's "Expert Review" | |||
| policy. | policy. | |||
| 8.3. MTA-STS Policy Fields | 9.3. MTA-STS Policy Fields | |||
| IANA is requested to create a new registry titled "MTA-STS Policy | IANA is requested to create a new registry titled "MTA-STS Policy | |||
| Fields". The initial entries in the registry are: | Fields". The initial entries in the registry are: | |||
| +------------+----------------------+------------------------+ | +------------+----------------------+------------------------+ | |||
| | Field Name | Description | Reference | | | Field Name | Description | Reference | | |||
| +------------+----------------------+------------------------+ | +------------+----------------------+------------------------+ | |||
| | version | Policy version | Section 3.2 of RFC XXX | | | version | Policy version | Section 3.2 of RFC XXX | | |||
| | mode | Enforcement behavior | Section 3.2 of RFC XXX | | | mode | Enforcement behavior | Section 3.2 of RFC XXX | | |||
| | max_age | Policy lifetime | Section 3.2 of RFC XXX | | | max_age | Policy lifetime | Section 3.2 of RFC XXX | | |||
| | mx | MX identities | Section 3.2 of RFC XXX | | | mx | MX identities | Section 3.2 of RFC XXX | | |||
| +------------+----------------------+------------------------+ | +------------+----------------------+------------------------+ | |||
| New fields are added to this registry using IANA's "Expert Review" | New fields are added to this registry using IANA's "Expert Review" | |||
| policy. | policy. | |||
| 9. Security Considerations | 10. Security Considerations | |||
| SMTP MTA Strict Transport Security attempts to protect against an | SMTP MTA Strict Transport Security attempts to protect against an | |||
| active attacker who wishes to intercept or tamper with mail between | active attacker who wishes to intercept or tamper with mail between | |||
| hosts who support STARTTLS. There are two classes of attacks | hosts who support STARTTLS. There are two classes of attacks | |||
| considered: | considered: | |||
| o Foiling TLS negotiation, for example by deleting the "250 | o Foiling TLS negotiation, for example by deleting the "250 | |||
| STARTTLS" response from a server or altering TLS session | STARTTLS" response from a server or altering TLS session | |||
| negotiation. This would result in the SMTP session occurring over | negotiation. This would result in the SMTP session occurring over | |||
| plaintext, despite both parties supporting TLS. | plaintext, despite both parties supporting TLS. | |||
| skipping to change at page 16, line 14 ¶ | skipping to change at page 16, line 14 ¶ | |||
| for the recipient domain, or by redirecting client connections | for the recipient domain, or by redirecting client connections | |||
| intended for the legitimate recipient server (for example, by | intended for the legitimate recipient server (for example, by | |||
| altering BGP routing tables). | altering BGP routing tables). | |||
| MTA-STS can thwart such attacks only if the sender is able to | MTA-STS can thwart such attacks only if the sender is able to | |||
| previously obtain and cache a policy for the recipient domain, and | previously obtain and cache a policy for the recipient domain, and | |||
| only if the attacker is unable to obtain a valid certificate that | only if the attacker is unable to obtain a valid certificate that | |||
| complies with that policy. Below, we consider specific attacks on | complies with that policy. Below, we consider specific attacks on | |||
| this model. | this model. | |||
| 9.1. Obtaining a Signed Certificate | 10.1. Obtaining a Signed Certificate | |||
| SMTP MTA-STS relies on certificate validation via PKIX based TLS | SMTP MTA-STS relies on certificate validation via PKIX based TLS | |||
| identity checking [RFC6125]. Attackers who are able to obtain a | identity checking [RFC6125]. Attackers who are able to obtain a | |||
| valid certificate for the targeted recipient mail service (e.g. by | valid certificate for the targeted recipient mail service (e.g. by | |||
| compromising a certificate authority) are thus able to circumvent STS | compromising a certificate authority) are thus able to circumvent STS | |||
| authentication. | authentication. | |||
| 9.2. Preventing Policy Discovery | 10.2. Preventing Policy Discovery | |||
| Since MTA-STS uses DNS TXT records for policy discovery, an attacker | Since MTA-STS uses DNS TXT records for policy discovery, an attacker | |||
| who is able to block DNS responses can suppress the discovery of an | who is able to block DNS responses can suppress the discovery of an | |||
| MTA-STS Policy, making the Policy Domain appear not to have an MTA- | MTA-STS Policy, making the Policy Domain appear not to have an MTA- | |||
| STS Policy. The sender policy cache is designed to resist this | STS Policy. The sender policy cache is designed to resist this | |||
| attack by decreasing the frequency of policy discovery and thus | attack by decreasing the frequency of policy discovery and thus | |||
| reducing the window of vulnerability; it is nonetheless a risk that | reducing the window of vulnerability; it is nonetheless a risk that | |||
| attackers who can predict or induce policy discovery--for example, by | attackers who can predict or induce policy discovery--for example, by | |||
| inducing a victim sending domain to send mail to a never-before- | inducing a sending domain to send mail to a never-before-contacted | |||
| contacted recipient while carrying out a man-in-the-middle attack-- | recipient while carrying out a man-in-the-middle attack--may be able | |||
| may be able to foil policy discovery and effectively downgrade the | to foil policy discovery and effectively downgrade the security of | |||
| security of the message delivery. | the message delivery. | |||
| Since this attack depends upon intercepting initial policy discovery, | Since this attack depends upon intercepting initial policy discovery, | |||
| we strongly recommend implementers to prefer policy "max_age" values | we strongly recommend implementers to prefer policy "max_age" values | |||
| to be as long as is practical. | to be as long as is practical. | |||
| Because this attack is also possible upon refresh of a cached policy, | Because this attack is also possible upon refresh of a cached policy, | |||
| we suggest implementers do not wait until a cached policy has expired | we suggest implementers do not wait until a cached policy has expired | |||
| before checking for an update; if senders attempt to refresh the | before checking for an update; if senders attempt to refresh the | |||
| cache regularly (for instance, by checking their cached version | cache regularly (for instance, by checking their cached version | |||
| string against the TXT record on each successful send, or in a | string against the TXT record on each successful send, or in a | |||
| background task that runs daily or weekly), an attacker would have to | background task that runs daily or weekly), an attacker would have to | |||
| foil policy discovery consistently over the lifetime of a cached | foil policy discovery consistently over the lifetime of a cached | |||
| policy to prevent a successful refresh. | policy to prevent a successful refresh. | |||
| Additionally, MTAs should alert administrators to repeated policy | Additionally, MTAs should alert administrators to repeated policy | |||
| refresh failures long before cached policies expire (through warning | refresh failures long before cached policies expire (through warning | |||
| logs or similar applicable mechanisms), allowing administrators to | logs or similar applicable mechanisms), allowing administrators to | |||
| detect such a persistent attack on policy refresh. (However, they | detect such a persistent attack on policy refresh. (However, they | |||
| should not implement such alerts if the cached policy has a "none" | should not implement such alerts if the cached policy has a "none" | |||
| mode, to allow clean MTA-STS removal, as described in Section 7.3.) | mode, to allow clean MTA-STS removal, as described in Section 8.3.) | |||
| Resistance to downgrade attacks of this nature--due to the ability to | Resistance to downgrade attacks of this nature--due to the ability to | |||
| authoritatively determine "lack of a record" even for non- | authoritatively determine "lack of a record" even for non- | |||
| participating recipients--is a feature of DANE, due to its use of | participating recipients--is a feature of DANE, due to its use of | |||
| DNSSEC for policy discovery. | DNSSEC for policy discovery. | |||
| 9.3. Denial of Service | 10.3. Denial of Service | |||
| We additionally consider the Denial of Service risk posed by an | We additionally consider the Denial of Service risk posed by an | |||
| attacker who can modify the DNS records for a victim domain. Absent | attacker who can modify the DNS records for a recipient domain. | |||
| MTA-STS, such an attacker can cause a sending MTA to cache invalid MX | Absent MTA-STS, such an attacker can cause a sending MTA to cache | |||
| records, but only for however long the sending resolver caches those | invalid MX records, but only for however long the sending resolver | |||
| records. With MTA-STS, the attacker can additionally advertise a | caches those records. With MTA-STS, the attacker can additionally | |||
| new, long-"max_age" MTA-STS policy with "mx" constraints that | advertise a new, long-"max_age" MTA-STS policy with "mx" constraints | |||
| validate the malicious MX record, causing senders to cache the policy | that validate the malicious MX record, causing senders to cache the | |||
| and refuse to deliver messages once the victim has resecured the MX | policy and refuse to deliver messages once the victim has resecured | |||
| records. | the MX records. | |||
| This attack is mitigated in part by the ability of a victim domain to | This attack is mitigated in part by the ability of a victim domain to | |||
| (at any time) publish a new policy updating the cached, malicious | (at any time) publish a new policy updating the cached, malicious | |||
| policy, though this does require the victim domain to both obtain a | policy, though this does require the victim domain to both obtain a | |||
| valid CA-signed certificate and to understand and properly configure | valid CA-signed certificate and to understand and properly configure | |||
| MTA-STS. | MTA-STS. | |||
| Similarly, we consider the possibility of domains that deliberately | Similarly, we consider the possibility of domains that deliberately | |||
| allow untrusted users to serve untrusted content on user-specified | allow untrusted users to serve untrusted content on user-specified | |||
| subdomains. In some cases (e.g. the service Tumblr.com) this takes | subdomains. In some cases (e.g. the service Tumblr.com) this takes | |||
| skipping to change at page 18, line 5 ¶ | skipping to change at page 18, line 5 ¶ | |||
| In these cases, there is a risk that untrusted users would be able to | In these cases, there is a risk that untrusted users would be able to | |||
| serve custom content at the "mta-sts" host, including serving an | serve custom content at the "mta-sts" host, including serving an | |||
| illegitimate MTA-STS policy. We believe this attack is rendered more | illegitimate MTA-STS policy. We believe this attack is rendered more | |||
| difficult by the need for the attacker to also serve the "_mta-sts" | difficult by the need for the attacker to also serve the "_mta-sts" | |||
| TXT record on the same domain--something not, to our knowledge, | TXT record on the same domain--something not, to our knowledge, | |||
| widely provided to untrusted users. This attack is additionally | widely provided to untrusted users. This attack is additionally | |||
| mitigated by the aforementioned ability for a victim domain to update | mitigated by the aforementioned ability for a victim domain to update | |||
| an invalid policy at any future date. | an invalid policy at any future date. | |||
| 9.4. Weak Policy Constraints | 10.4. Weak Policy Constraints | |||
| Even if an attacker cannot modify a served policy, the potential | Even if an attacker cannot modify a served policy, the potential | |||
| exists for configurations that allow attackers on the same domain to | exists for configurations that allow attackers on the same domain to | |||
| receive mail for that domain. For example, an easy configuration | receive mail for that domain. For example, an easy configuration | |||
| option when authoring an MTA-STS Policy for "example.com" is to set | option when authoring an MTA-STS Policy for "example.com" is to set | |||
| the "mx" equal to ".example.com"; recipient domains must consider in | the "mx" equal to ".example.com"; recipient domains must consider in | |||
| this case the risk that any user possessing a valid hostname and CA- | this case the risk that any user possessing a valid hostname and CA- | |||
| signed certificate (for example, "dhcp-123.example.com") will, from | signed certificate (for example, "dhcp-123.example.com") will, from | |||
| the perspective of MTA-STS Policy validation, be a valid MX host for | the perspective of MTA-STS Policy validation, be a valid MX host for | |||
| that domain. | that domain. | |||
| 9.5. Compromise of the Web PKI System | 10.5. Compromise of the Web PKI System | |||
| A host of risks apply to the PKI system used for certificate | A host of risks apply to the PKI system used for certificate | |||
| authentication, both of the "mta-sts" HTTPS host's certificate and | authentication, both of the "mta-sts" HTTPS host's certificate and | |||
| the SMTP servers' certificates. These risks are broadly applicable | the SMTP servers' certificates. These risks are broadly applicable | |||
| within the Web PKI ecosystem and are not specific to MTA-STS; | within the Web PKI ecosystem and are not specific to MTA-STS; | |||
| nonetheless, they deserve some consideration in this context. | nonetheless, they deserve some consideration in this context. | |||
| Broadly speaking, attackers may compromise the system by obtaining | Broadly speaking, attackers may compromise the system by obtaining | |||
| certificates under fraudulent circumstances (i.e. by impersonating | certificates under fraudulent circumstances (i.e. by impersonating | |||
| the legitimate owner of the victim domain), by compromising a | the legitimate owner of the victim domain), by compromising a | |||
| skipping to change at page 18, line 40 ¶ | skipping to change at page 18, line 40 ¶ | |||
| similar. | similar. | |||
| One approach commonly employed by Web browsers to help mitigate | One approach commonly employed by Web browsers to help mitigate | |||
| against some of these attacks is to allow for revocation of | against some of these attacks is to allow for revocation of | |||
| compromised or fraudulent certificates via OCSP [RFC6960] or CRLs | compromised or fraudulent certificates via OCSP [RFC6960] or CRLs | |||
| [RFC6818]. Such mechanisms themselves represent tradeoffs and are | [RFC6818]. Such mechanisms themselves represent tradeoffs and are | |||
| not universally implemented; we nonetheless recommend implementors of | not universally implemented; we nonetheless recommend implementors of | |||
| MTA-STS to implement revocation mechanisms which are most applicable | MTA-STS to implement revocation mechanisms which are most applicable | |||
| to their implementations. | to their implementations. | |||
| 10. Contributors | 11. Contributors | |||
| Nicolas Lidzborski Google, Inc nlidz (at) google (dot com) | Nicolas Lidzborski Google, Inc nlidz (at) google (dot com) | |||
| Wei Chuang Google, Inc weihaw (at) google (dot com) | Wei Chuang Google, Inc weihaw (at) google (dot com) | |||
| Brandon Long Google, Inc blong (at) google (dot com) | Brandon Long Google, Inc blong (at) google (dot com) | |||
| Franck Martin LinkedIn, Inc fmartin (at) linkedin (dot com) | Franck Martin LinkedIn, Inc fmartin (at) linkedin (dot com) | |||
| Klaus Umbach 1&1 Mail & Media Development & Technology GmbH | Klaus Umbach 1&1 Mail & Media Development & Technology GmbH | |||
| klaus.umbach (at) 1und1 (dot de) | klaus.umbach (at) 1und1 (dot de) | |||
| Markus Laber 1&1 Mail & Media Development & Technology GmbH | Markus Laber 1&1 Mail & Media Development & Technology GmbH | |||
| markus.laber (at) 1und1 (dot de) | markus.laber (at) 1und1 (dot de) | |||
| 11. Appendix 1: MTA-STS example record & policy | 12. References | |||
| 12.1. Normative References | ||||
| [I-D.ietf-uta-smtp-tlsrpt] | ||||
| Margolis, D., Brotman, A., Ramakrishnan, B., Jones, J., | ||||
| and M. Risher, "SMTP TLS Reporting", draft-ietf-uta-smtp- | ||||
| tlsrpt-11 (work in progress), November 2017. | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", BCP 14, RFC 2119, | ||||
| DOI 10.17487/RFC2119, March 1997, | ||||
| <https://www.rfc-editor.org/info/rfc2119>. | ||||
| [RFC3492] Costello, A., "Punycode: A Bootstring encoding of Unicode | ||||
| for Internationalized Domain Names in Applications | ||||
| (IDNA)", RFC 3492, DOI 10.17487/RFC3492, March 2003, | ||||
| <https://www.rfc-editor.org/info/rfc3492>. | ||||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | ||||
| (TLS) Protocol Version 1.2", RFC 5246, | ||||
| DOI 10.17487/RFC5246, August 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5246>. | ||||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | ||||
| Housley, R., and W. Polk, "Internet X.509 Public Key | ||||
| Infrastructure Certificate and Certificate Revocation List | ||||
| (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5280>. | ||||
| [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, | ||||
| DOI 10.17487/RFC5321, October 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5321>. | ||||
| [RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known | ||||
| Uniform Resource Identifiers (URIs)", RFC 5785, | ||||
| DOI 10.17487/RFC5785, April 2010, | ||||
| <https://www.rfc-editor.org/info/rfc5785>. | ||||
| [RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) | ||||
| Extensions: Extension Definitions", RFC 6066, | ||||
| DOI 10.17487/RFC6066, January 2011, | ||||
| <https://www.rfc-editor.org/info/rfc6066>. | ||||
| [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | ||||
| Verification of Domain-Based Application Service Identity | ||||
| within Internet Public Key Infrastructure Using X.509 | ||||
| (PKIX) Certificates in the Context of Transport Layer | ||||
| Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March | ||||
| 2011, <https://www.rfc-editor.org/info/rfc6125>. | ||||
| [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | ||||
| Protocol (HTTP/1.1): Semantics and Content", RFC 7231, | ||||
| DOI 10.17487/RFC7231, June 2014, | ||||
| <https://www.rfc-editor.org/info/rfc7231>. | ||||
| [RFC7405] Kyzivat, P., "Case-Sensitive String Support in ABNF", | ||||
| RFC 7405, DOI 10.17487/RFC7405, December 2014, | ||||
| <https://www.rfc-editor.org/info/rfc7405>. | ||||
| [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | ||||
| "Recommendations for Secure Use of Transport Layer | ||||
| Security (TLS) and Datagram Transport Layer Security | ||||
| (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May | ||||
| 2015, <https://www.rfc-editor.org/info/rfc7525>. | ||||
| 12.2. Informative References | ||||
| [RFC3207] Hoffman, P., "SMTP Service Extension for Secure SMTP over | ||||
| Transport Layer Security", RFC 3207, DOI 10.17487/RFC3207, | ||||
| February 2002, <https://www.rfc-editor.org/info/rfc3207>. | ||||
| [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | ||||
| Rose, "DNS Security Introduction and Requirements", | ||||
| RFC 4033, DOI 10.17487/RFC4033, March 2005, | ||||
| <https://www.rfc-editor.org/info/rfc4033>. | ||||
| [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, | ||||
| DOI 10.17487/RFC5322, October 2008, | ||||
| <https://www.rfc-editor.org/info/rfc5322>. | ||||
| [RFC5891] Klensin, J., "Internationalized Domain Names in | ||||
| Applications (IDNA): Protocol", RFC 5891, | ||||
| DOI 10.17487/RFC5891, August 2010, | ||||
| <https://www.rfc-editor.org/info/rfc5891>. | ||||
| [RFC6818] Yee, P., "Updates to the Internet X.509 Public Key | ||||
| Infrastructure Certificate and Certificate Revocation List | ||||
| (CRL) Profile", RFC 6818, DOI 10.17487/RFC6818, January | ||||
| 2013, <https://www.rfc-editor.org/info/rfc6818>. | ||||
| [RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A., | ||||
| Galperin, S., and C. Adams, "X.509 Internet Public Key | ||||
| Infrastructure Online Certificate Status Protocol - OCSP", | ||||
| RFC 6960, DOI 10.17487/RFC6960, June 2013, | ||||
| <https://www.rfc-editor.org/info/rfc6960>. | ||||
| [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | ||||
| Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", | ||||
| RFC 7234, DOI 10.17487/RFC7234, June 2014, | ||||
| <https://www.rfc-editor.org/info/rfc7234>. | ||||
| [RFC7672] Dukhovni, V. and W. Hardaker, "SMTP Security via | ||||
| Opportunistic DNS-Based Authentication of Named Entities | ||||
| (DANE) Transport Layer Security (TLS)", RFC 7672, | ||||
| DOI 10.17487/RFC7672, October 2015, | ||||
| <https://www.rfc-editor.org/info/rfc7672>. | ||||
| Appendix A. MTA-STS example record & policy | ||||
| The owner of "example.com" wishes to begin using MTA-STS with a | The owner of "example.com" wishes to begin using MTA-STS with a | |||
| policy that will solicit reports from senders without affecting how | policy that will solicit reports from senders without affecting how | |||
| the messages are processed, in order to verify the identity of MXs | the messages are processed, in order to verify the identity of MXs | |||
| that handle mail for "example.com", confirm that TLS is correctly | that handle mail for "example.com", confirm that TLS is correctly | |||
| used, and ensure that certificates presented by the recipient MX | used, and ensure that certificates presented by the recipient MX | |||
| validate. | validate. | |||
| MTA-STS policy indicator TXT RR: | MTA-STS policy indicator TXT RR: | |||
| _mta-sts.example.com. IN TXT "v=STSv1; id=20160831085700Z;" | _mta-sts.example.com. IN TXT "v=STSv1; id=20160831085700Z;" | |||
| MTA-STS Policy file served as the response body at [1] | MTA-STS Policy file served as the response body at "https://mta- | |||
| sts.example.com/.well-known/mta-sts.txt": | ||||
| version: STSv1 | version: STSv1 | |||
| mode: report | mode: report | |||
| mx: mx1.example.com | mx: mx1.example.com | |||
| mx: mx2.example.com | mx: mx2.example.com | |||
| mx: mx.backup-example.com | mx: mx.backup-example.com | |||
| max_age: 12345678 | max_age: 12345678 | |||
| 12. Appendix 2: Message delivery pseudocode | Appendix B. Message delivery pseudocode | |||
| Below is pseudocode demonstrating the logic of a compliant sending | Below is pseudocode demonstrating the logic of a compliant sending | |||
| MTA. | MTA. | |||
| While this pseudocode implementation suggests synchronous policy | While this pseudocode implementation suggests synchronous policy | |||
| retrieval in the delivery path, in a working implementation that may | retrieval in the delivery path, in a working implementation that may | |||
| be undesirable, and we expect some implementers to instead prefer a | be undesirable, and we expect some implementers to instead prefer a | |||
| background fetch that does not block delivery if no cached policy is | background fetch that does not block delivery if no cached policy is | |||
| present. | present. | |||
| skipping to change at page 20, line 24 ¶ | skipping to change at page 22, line 39 ¶ | |||
| return true | return true | |||
| } | } | |||
| } | } | |||
| return false | return false | |||
| } | } | |||
| func certMatches(connection, policy) { | func certMatches(connection, policy) { | |||
| // Assume a handy function to return CN and DNS-ID SANs. | // Assume a handy function to return CN and DNS-ID SANs. | |||
| for san in getDnsIdSansAndCnFromCert(connection) { | for san in getDnsIdSansAndCnFromCert(connection) { | |||
| for mx in policy.mx { | for mx in policy.mx { | |||
| // Return if the server certificate from "connection" matches the "mx" | // Return if the server certificate from "connection" matches the | |||
| // host. | // "mx" host. | |||
| if san[0] == '*' { | if san[0] == '*' { | |||
| // Invalid wildcard! | // Invalid wildcard! | |||
| if san[1] != '.' continue | if san[1] != '.' continue | |||
| san = san[1:] | san = san[1:] | |||
| } | } | |||
| if isWildcardMatch(san, mx) || isWildcardMatch(mx, san) { | if isWildcardMatch(san, mx) || isWildcardMatch(mx, san) { | |||
| return true | return true | |||
| } | } | |||
| } | } | |||
| } | } | |||
| skipping to change at page 21, line 15 ¶ | skipping to change at page 23, line 31 ¶ | |||
| // Return a cached policy for "domain". | // Return a cached policy for "domain". | |||
| } | } | |||
| func reportError(error) { | func reportError(error) { | |||
| // Report an error via TLSRPT. | // Report an error via TLSRPT. | |||
| } | } | |||
| func tryMxAccordingTo(message, mx, policy) { | func tryMxAccordingTo(message, mx, policy) { | |||
| connection := connect(mx) | connection := connect(mx) | |||
| if !connection { | if !connection { | |||
| return false // Can't connect to the MX so it's not an MTA-STS error. | return false // Can't connect to the MX so it's not an MTA-STS | |||
| // error. | ||||
| } | } | |||
| secure := true | secure := true | |||
| if !tryStartTls(connection) { | if !tryStartTls(connection) { | |||
| secure = false | secure = false | |||
| reportError(E_NO_VALID_TLS) | reportError(E_NO_VALID_TLS) | |||
| } else if !certMatches(connection, policy) { | } else if !certMatches(connection, policy) { | |||
| secure = false | secure = false | |||
| reportError(E_CERT_MISMATCH) | reportError(E_CERT_MISMATCH) | |||
| } | } | |||
| if secure || !isEnforce(policy) { | if secure || !isEnforce(policy) { | |||
| skipping to change at page 22, line 7 ¶ | skipping to change at page 24, line 24 ¶ | |||
| cachePolicy(domain, policy) | cachePolicy(domain, policy) | |||
| } else { | } else { | |||
| policy = tryGetCachedPolicy(domain) | policy = tryGetCachedPolicy(domain) | |||
| } | } | |||
| if policy { | if policy { | |||
| return tryWithPolicy(message, domain, policy) | return tryWithPolicy(message, domain, policy) | |||
| } | } | |||
| // Try to deliver the message normally (i.e. without MTA-STS). | // Try to deliver the message normally (i.e. without MTA-STS). | |||
| } | } | |||
| 13. References | ||||
| 13.1. Normative References | ||||
| [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate | ||||
| Requirement Levels", BCP 14, RFC 2119, DOI 10.17487/ | ||||
| RFC2119, March 1997, | ||||
| <http://www.rfc-editor.org/info/rfc2119>. | ||||
| [RFC3492] Costello, A., "Punycode: A Bootstring encoding of Unicode | ||||
| for Internationalized Domain Names in Applications | ||||
| (IDNA)", RFC 3492, DOI 10.17487/RFC3492, March 2003, | ||||
| <http://www.rfc-editor.org/info/rfc3492>. | ||||
| [RFC5246] Dierks, T. and E. Rescorla, "The Transport Layer Security | ||||
| (TLS) Protocol Version 1.2", RFC 5246, DOI 10.17487/ | ||||
| RFC5246, August 2008, <https://www.rfc-editor.org/info/ | ||||
| rfc5246>. | ||||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | ||||
| Housley, R., and W. Polk, "Internet X.509 Public Key | ||||
| Infrastructure Certificate and Certificate Revocation List | ||||
| (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | ||||
| <http://www.rfc-editor.org/info/rfc5280>. | ||||
| [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, | ||||
| DOI 10.17487/RFC5321, October 2008, | ||||
| <http://www.rfc-editor.org/info/rfc5321>. | ||||
| [RFC5785] Nottingham, M. and E. Hammer-Lahav, "Defining Well-Known | ||||
| Uniform Resource Identifiers (URIs)", RFC 5785, DOI 10 | ||||
| .17487/RFC5785, April 2010, | ||||
| <http://www.rfc-editor.org/info/rfc5785>. | ||||
| [RFC6066] Eastlake 3rd, D., "Transport Layer Security (TLS) | ||||
| Extensions: Extension Definitions", RFC 6066, DOI 10 | ||||
| .17487/RFC6066, January 2011, <https://www.rfc-editor.org/ | ||||
| info/rfc6066>. | ||||
| [RFC6125] Saint-Andre, P. and J. Hodges, "Representation and | ||||
| Verification of Domain-Based Application Service Identity | ||||
| within Internet Public Key Infrastructure Using X.509 | ||||
| (PKIX) Certificates in the Context of Transport Layer | ||||
| Security (TLS)", RFC 6125, DOI 10.17487/RFC6125, March | ||||
| 2011, <http://www.rfc-editor.org/info/rfc6125>. | ||||
| [RFC7231] Fielding, R., Ed. and J. Reschke, Ed., "Hypertext Transfer | ||||
| Protocol (HTTP/1.1): Semantics and Content", RFC 7231, DOI | ||||
| 10.17487/RFC7231, June 2014, <https://www.rfc-editor.org/ | ||||
| info/rfc7231>. | ||||
| [RFC7405] Kyzivat, P., "Case-Sensitive String Support in ABNF", RFC | ||||
| 7405, DOI 10.17487/RFC7405, December 2014, | ||||
| <http://www.rfc-editor.org/info/rfc7405>. | ||||
| [RFC7525] Sheffer, Y., Holz, R., and P. Saint-Andre, | ||||
| "Recommendations for Secure Use of Transport Layer | ||||
| Security (TLS) and Datagram Transport Layer Security | ||||
| (DTLS)", BCP 195, RFC 7525, DOI 10.17487/RFC7525, May | ||||
| 2015, <https://www.rfc-editor.org/info/rfc7525>. | ||||
| 13.2. Informative References | ||||
| [RFC3207] Hoffman, P., "SMTP Service Extension for Secure SMTP over | ||||
| Transport Layer Security", RFC 3207, DOI 10.17487/RFC3207, | ||||
| February 2002, <http://www.rfc-editor.org/info/rfc3207>. | ||||
| [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S. | ||||
| Rose, "DNS Security Introduction and Requirements", RFC | ||||
| 4033, DOI 10.17487/RFC4033, March 2005, | ||||
| <http://www.rfc-editor.org/info/rfc4033>. | ||||
| [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI | ||||
| 10.17487/RFC5322, October 2008, | ||||
| <http://www.rfc-editor.org/info/rfc5322>. | ||||
| [RFC5891] Klensin, J., "Internationalized Domain Names in | ||||
| Applications (IDNA): Protocol", RFC 5891, DOI 10.17487/ | ||||
| RFC5891, August 2010, | ||||
| <http://www.rfc-editor.org/info/rfc5891>. | ||||
| [RFC6818] Yee, P., "Updates to the Internet X.509 Public Key | ||||
| Infrastructure Certificate and Certificate Revocation List | ||||
| (CRL) Profile", RFC 6818, DOI 10.17487/RFC6818, January | ||||
| 2013, <https://www.rfc-editor.org/info/rfc6818>. | ||||
| [RFC6960] Santesson, S., Myers, M., Ankney, R., Malpani, A., | ||||
| Galperin, S., and C. Adams, "X.509 Internet Public Key | ||||
| Infrastructure Online Certificate Status Protocol - OCSP", | ||||
| RFC 6960, DOI 10.17487/RFC6960, June 2013, <https://www | ||||
| .rfc-editor.org/info/rfc6960>. | ||||
| [RFC7234] Fielding, R., Ed., Nottingham, M., Ed., and J. Reschke, | ||||
| Ed., "Hypertext Transfer Protocol (HTTP/1.1): Caching", | ||||
| RFC 7234, DOI 10.17487/RFC7234, June 2014, <https://www | ||||
| .rfc-editor.org/info/rfc7234>. | ||||
| [RFC7672] Dukhovni, V. and W. Hardaker, "SMTP Security via | ||||
| Opportunistic DNS-Based Authentication of Named Entities | ||||
| (DANE) Transport Layer Security (TLS)", RFC 7672, DOI 10 | ||||
| .17487/RFC7672, October 2015, | ||||
| <http://www.rfc-editor.org/info/rfc7672>. | ||||
| 13.3. URIs | ||||
| [1] https://mta-sts.example.com/.well-known/mta-sts.txt: | ||||
| Authors' Addresses | Authors' Addresses | |||
| Daniel Margolis | Daniel Margolis | |||
| Google, Inc | Google, Inc | |||
| Email: dmargolis (at) google.com | Email: dmargolis (at) google (dot com) | |||
| Mark Risher | Mark Risher | |||
| Google, Inc | Google, Inc | |||
| Email: risher (at) google (dot com) | Email: risher (at) google (dot com) | |||
| Binu Ramakrishnan | Binu Ramakrishnan | |||
| Yahoo!, Inc | Yahoo!, Inc | |||
| Email: rbinu (at) yahoo-inc (dot com) | Email: rbinu (at) yahoo-inc (dot com) | |||
| Alexander Brotman | Alexander Brotman | |||
| Comcast, Inc | Comcast, Inc | |||
| Email: alex_brotman (at) comcast.com | Email: alex_brotman (at) comcast (dot com) | |||
| Janet Jones | Janet Jones | |||
| Microsoft, Inc | Microsoft, Inc | |||
| Email: janet.jones (at) microsoft (dot com) | Email: janet.jones (at) microsoft (dot com) | |||
| End of changes. 86 change blocks. | ||||
| 271 lines changed or deleted | 285 lines changed or added | |||
This html diff was produced by rfcdiff 1.46. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||