SlideShare une entreprise Scribd logo

REQUIRETLS: Sender Control of TLS Requirements

Télécharger en tant que PPTX, PDF
Jim Fenton
Jim Fenton

Recent policy mechanisms (notably MTA-STS and DANE) allow email recipient domains to advertise their support for TLS email transport. REQUIRETLS (RFC 8689) complements those mechanisms by giving message senders the ability to send messages with the requirement that they be transported over TLS -- or not at all. This talk describes the REQUIRETLS protocol extensions as well as potential mechanisms to allow users to control the selection of the REQUIRETLS mechanisms for relevant messages.

Internet
1  sur  14
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 REQUIRETLS: Sender Control of TLS Requirements Jim Fenton 18 February 2020 San Francisco, CA
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 What is REQUIRETLS? • An option to require TLS transport of a given mail message • Applied by (or close to) the sender • RFC 8689, issued in November 2019 • Little implementation to date – Prototypes developed for Exim and MDaemon
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Why REQUIRETLS? • Email transport encryption is opportunistic – If STARTTLS can’t be negotiated, messages sent in the clear – If certificates don’t verify, that’s usually ignored – This is done silently, without awareness of sender • End-to-end content encryption isn’t enough – Message headers aren’t included – Headers contain important metadata • Addresses of correspondents • Message subject line • Links to previous messages
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Why REQUIRETLS? • Some middleboxes actively interfere with STARTTLS negotiation – Enterprises and ISPs [1] wanting to monitor outgoing traffic – Some countries [2] [3] that want to monitor email traffic on a national basis [1] Hoffman-Andrews, Jacob. 2014. “ISPs Removing Their Customers’ Email Encryption.” Electronic Frontier Foundation. November 11, 2014. https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks. [2] Durumeric, Zakir, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, and J. Alex Halderman. 2015. “Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security.” In Proceedings of the 2015 Internet Measurement Conference, 27–39. IMC ’15. Tokyo, Japan: Association for Computing Machinery. https://doi.org/10.1145/2815675.2815695. [3] “Who’s That Knocking At My Door? Understanding Surveillance In Thailand.” n.d. Privacy International. Accessed February 10, 2020. http://privacyinternational.org/report/61/whos-knocking-my-door-understanding-surveillance- thailand.
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 REQUIRETLS use cases • Journalists, dissidents, and other NGOs in semi-hostile regimes • Messages where metadata (e.g., correspondent addresses) should be protected from disclosure • Analogous to “Encrypt for Transmission Only” used by DoD – Sensitive but unclassified • Objective: make monitoring transparent and consensual – Not to defeat monitoring required for compliance purposes
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 REQUIRETLS operation • Messages tagged REQUIRETLS can only be sent when: – Server MTA has been authenticated (DNSSEC or MTA-STS) – STARTTLS has been negotiated with valid certificate • DANE or trust chain – Server advertises REQUIRETLS support • Messages are bounced otherwise
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 How to use REQUIRETLS • Senders requiring TLS transport tag their messages in the SMTP transaction – Look up and authenticate server MTA name (MX) – Negotiate STARTTLS – Verify server certificate matches MTA name – In second EHLO, ensure that server advertises REQUIRETLS – Include REQUIRETLS option in MAIL FROM: MAIL FROM <roger@example.org> REQUIRETLS – Bounce message if any of these fail
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Deciding to use REQUIRETLS • REQUIRETLS trades off deliverability for security – Not suitable for all messages – Probably should be decided by the sender • REQUIRETLS could be selected for individual messages by: – Explicit user action (e.g., button on UI) – Ruleset on MUA (by domain, address, subject…) – Ruleset on submission MTA (by user or global)
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 REQUIRETLS and “bounce” messages • Bounce messages are generated when REQUIRETLS can’t relay • But bounce messages: – Contain a lot of interesting metadata – May not have REQUIRETLS support • Handling: – Include REQUIRETLS on bounce – Force inclusion of only headers in bounce (RET=HDRS) – But if MAIL FROM is empty, do not discard bounce because of REQUIRETLS – Warn users about possible leakage
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Threats to opportunistic TLS Threat • Interference with negotiation • Invalid server certificate • Bogus/spoofed MX record • MTA trust Mitigation • Refuse to send message unless TLS negotiated • Refuse to send message • Require DNSSEC or MTA-STS for recipient domain • Assumed trustworthy
The TLS-Required header field And now for something completely different…
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Allowing message transmission with policy failure • DANE and MTA-STS advertise recipient domain support of STARTTLS – “Don’t send a message to me without STARTTLS” • What if sender really doesn’t care if the message goes in the clear? – Telling a domain that their certificates have expired • RFC 8689 has a second mechanism to handle this – Header field TLS-Required: No – Explicitly prioritizes delivery over domain policy
M3AAWG 48th General Meeting | San Francisco, CA | February 2020 TLS-Required caveats • Doesn’t help if receiving MTA refuses to accept messages without STARTTLS • No way to determine if relaying MTAs support this feature – Insisting on MTA support would be counter-productive to delivery • Best-effort feature
Questions?

Recommandé

Rpki with rpki.net tools
Rpki with rpki.net toolsRpki with rpki.net tools
Rpki with rpki.net toolsMuhammad Moinur Rahman
 
DEFCON: Burning the Lookout
DEFCON: Burning the LookoutDEFCON: Burning the Lookout
DEFCON: Burning the LookoutSilas Cutler
 
Vault: Beyond secret storage - Using Vault to harden your infrastructure
Vault: Beyond secret storage - Using Vault to harden your infrastructureVault: Beyond secret storage - Using Vault to harden your infrastructure
Vault: Beyond secret storage - Using Vault to harden your infrastructureOpenCredo
 
HTTPS
HTTPSHTTPS
HTTPSJustin Denton
 
How Encryption for Strong Security Works
How Encryption for Strong Security WorksHow Encryption for Strong Security Works
How Encryption for Strong Security Workss1170087
 
Block chain health record
Block chain health recordBlock chain health record
Block chain health recordCharles Moore
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
 
IOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeIOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeAndy Robinson
 

Recommandé

Rpki with rpki.net tools
Rpki with rpki.net toolsRpki with rpki.net tools
Rpki with rpki.net toolsMuhammad Moinur Rahman
 
DEFCON: Burning the Lookout
DEFCON: Burning the LookoutDEFCON: Burning the Lookout
DEFCON: Burning the LookoutSilas Cutler
 
Vault: Beyond secret storage - Using Vault to harden your infrastructure
Vault: Beyond secret storage - Using Vault to harden your infrastructureVault: Beyond secret storage - Using Vault to harden your infrastructure
Vault: Beyond secret storage - Using Vault to harden your infrastructureOpenCredo
 
HTTPS
HTTPSHTTPS
HTTPSJustin Denton
 
How Encryption for Strong Security Works
How Encryption for Strong Security WorksHow Encryption for Strong Security Works
How Encryption for Strong Security Workss1170087
 
Block chain health record
Block chain health recordBlock chain health record
Block chain health recordCharles Moore
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
 
IOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeIOT and System Platform From Concepts to Code
IOT and System Platform From Concepts to CodeAndy Robinson
 
IDS Evasion Techniques
IDS Evasion TechniquesIDS Evasion Techniques
IDS Evasion TechniquesTudor Damian
 
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetNew Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetCASCouncil
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018James Bromberger
 
Let's Encrypt + DANE
Let's Encrypt + DANELet's Encrypt + DANE
Let's Encrypt + DANEDeploy360 Programme (Internet Society)
 
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)PeterNiblett
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?Ian Craggs
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Packet Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptxPacket Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptxssuserec53e73
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET Journal
 
MQTT – protocol for yours IoT
MQTT – protocol for yours IoTMQTT – protocol for yours IoT
MQTT – protocol for yours IoTMiroslav Resetar
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...DataStax
 
Analysis of TLS in SMTP World
Analysis of TLS in SMTP WorldAnalysis of TLS in SMTP World
Analysis of TLS in SMTP WorldBinu Ramakrishnan
 
NTXISSACSC3 - Metasploit Year in Review by James Lee
NTXISSACSC3 - Metasploit Year in Review by James LeeNTXISSACSC3 - Metasploit Year in Review by James Lee
NTXISSACSC3 - Metasploit Year in Review by James LeeNorth Texas Chapter of the ISSA
 
Solving HTTP Problems with Code and Protocols
Solving HTTP Problems with Code and ProtocolsSolving HTTP Problems with Code and Protocols
Solving HTTP Problems with Code and ProtocolsC4Media
 
Securing MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slidesSecuring MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slidesDominik Obermaier
 
ArtigofinalpublicadoASTESJ_060139.pdf
ArtigofinalpublicadoASTESJ_060139.pdfArtigofinalpublicadoASTESJ_060139.pdf
ArtigofinalpublicadoASTESJ_060139.pdfMeftahMehdawi
 
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)Deploy360 Programme (Internet Society)
 
Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018Jim Fenton
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 

Contenu connexe

Similaire à REQUIRETLS: Sender Control of TLS Requirements

IDS Evasion Techniques
IDS Evasion TechniquesIDS Evasion Techniques
IDS Evasion TechniquesTudor Damian
 
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetNew Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetCASCouncil
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018James Bromberger
 
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)PeterNiblett
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?Ian Craggs
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Packet Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptxPacket Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptxssuserec53e73
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCNizar Ben Neji
 
State of the Web
State of the WebState of the Web
State of the WebCASCouncil
 
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET Journal
 
MQTT – protocol for yours IoT
MQTT – protocol for yours IoTMQTT – protocol for yours IoT
MQTT – protocol for yours IoTMiroslav Resetar
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...DataStax
 
Analysis of TLS in SMTP World
Analysis of TLS in SMTP WorldAnalysis of TLS in SMTP World
Analysis of TLS in SMTP WorldBinu Ramakrishnan
 
Solving HTTP Problems with Code and Protocols
Solving HTTP Problems with Code and ProtocolsSolving HTTP Problems with Code and Protocols
Solving HTTP Problems with Code and ProtocolsC4Media
 
Securing MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slidesSecuring MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slidesDominik Obermaier
 
ArtigofinalpublicadoASTESJ_060139.pdf
ArtigofinalpublicadoASTESJ_060139.pdfArtigofinalpublicadoASTESJ_060139.pdf
ArtigofinalpublicadoASTESJ_060139.pdfMeftahMehdawi
 

Similaire à REQUIRETLS: Sender Control of TLS Requirements (20)

IDS Evasion Techniques
IDS Evasion TechniquesIDS Evasion Techniques
IDS Evasion Techniques
 
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer InternetNew Ideas on CAA, CT and Public Key Pinning for a Safer Internet
New Ideas on CAA, CT and Public Key Pinning for a Safer Internet
 
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018AISA 2018 Perth Conference: State Of Web Wecurity In 2018
AISA 2018 Perth Conference: State Of Web Wecurity In 2018
 
Let's Encrypt + DANE
Let's Encrypt + DANELet's Encrypt + DANE
Let's Encrypt + DANE
 
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
IAB-5039 : MQTT: A Protocol for the Internet of Things (InterConnect 2015)
 
Where next for MQTT?
Where next for MQTT?Where next for MQTT?
Where next for MQTT?
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
Packet Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptxPacket Filter Firewall and Application Level Gateway.pptx
Packet Filter Firewall and Application Level Gateway.pptx
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprises
 
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGCPKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
PKI_in_Depth__TATT__Niza_Ben_Neji__TMGC
 
State of the Web
State of the WebState of the Web
State of the Web
 
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
IRJET- Design of Anonymous Publish-Subscribe Messaging System in a P2P Networ...
 
MQTT – protocol for yours IoT
MQTT – protocol for yours IoTMQTT – protocol for yours IoT
MQTT – protocol for yours IoT
 
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
Don’t Get Caught in a PCI Pickle: Meet Compliance and Protect Payment Card Da...
 
Analysis of TLS in SMTP World
Analysis of TLS in SMTP WorldAnalysis of TLS in SMTP World
Analysis of TLS in SMTP World
 
NTXISSACSC3 - Metasploit Year in Review by James Lee
NTXISSACSC3 - Metasploit Year in Review by James LeeNTXISSACSC3 - Metasploit Year in Review by James Lee
NTXISSACSC3 - Metasploit Year in Review by James Lee
 
Solving HTTP Problems with Code and Protocols
Solving HTTP Problems with Code and ProtocolsSolving HTTP Problems with Code and Protocols
Solving HTTP Problems with Code and Protocols
 
Securing MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slidesSecuring MQTT - BuildingIoT 2016 slides
Securing MQTT - BuildingIoT 2016 slides
 
ArtigofinalpublicadoASTESJ_060139.pdf
ArtigofinalpublicadoASTESJ_060139.pdfArtigofinalpublicadoASTESJ_060139.pdf
ArtigofinalpublicadoASTESJ_060139.pdf
 
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
ION Cape Town - DANE: The Future of Transport Layer Security (TLS)
 

Plus de Jim Fenton

User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondJim Fenton
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication OverviewJim Fenton
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More UsableJim Fenton
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password RequirementsJim Fenton
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered HarmfulJim Fenton
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalJim Fenton
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 NōtifsJim Fenton
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?Jim Fenton
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage DoorJim Fenton
 
Identity systems
Identity systemsIdentity systems
Identity systemsJim Fenton
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICJim Fenton
 

Plus de Jim Fenton (13)

Notifs 2018
Notifs 2018Notifs 2018
Notifs 2018
 
User Authentication: Passwords and Beyond
User Authentication: Passwords and BeyondUser Authentication: Passwords and Beyond
User Authentication: Passwords and Beyond
 
User Authentication Overview
User Authentication OverviewUser Authentication Overview
User Authentication Overview
 
Making User Authentication More Usable
Making User Authentication More UsableMaking User Authentication More Usable
Making User Authentication More Usable
 
Toward Better Password Requirements
Toward Better Password RequirementsToward Better Password Requirements
Toward Better Password Requirements
 
Security Questions Considered Harmful
Security Questions Considered HarmfulSecurity Questions Considered Harmful
Security Questions Considered Harmful
 
LOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest ProposalLOA Alternatives - A Modest Proposal
LOA Alternatives - A Modest Proposal
 
Notifs update
Notifs updateNotifs update
Notifs update
 
IgnitePII2014 Nōtifs
IgnitePII2014 NōtifsIgnitePII2014 Nōtifs
IgnitePII2014 Nōtifs
 
iBeacons: Security and Privacy?
iBeacons: Security and Privacy?iBeacons: Security and Privacy?
iBeacons: Security and Privacy?
 
OneID Garage Door
OneID Garage DoorOneID Garage Door
OneID Garage Door
 
Identity systems
Identity systemsIdentity systems
Identity systems
 
Adapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTICAdapting Levels of Assurance for NSTIC
Adapting Levels of Assurance for NSTIC
 

Dernier

Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 

Dernier (20)

Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 

REQUIRETLS: Sender Control of TLS Requirements

  • 1. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 REQUIRETLS: Sender Control of TLS Requirements Jim Fenton 18 February 2020 San Francisco, CA
  • 2. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 What is REQUIRETLS? • An option to require TLS transport of a given mail message • Applied by (or close to) the sender • RFC 8689, issued in November 2019 • Little implementation to date – Prototypes developed for Exim and MDaemon
  • 3. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Why REQUIRETLS? • Email transport encryption is opportunistic – If STARTTLS can’t be negotiated, messages sent in the clear – If certificates don’t verify, that’s usually ignored – This is done silently, without awareness of sender • End-to-end content encryption isn’t enough – Message headers aren’t included – Headers contain important metadata • Addresses of correspondents • Message subject line • Links to previous messages
  • 4. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Why REQUIRETLS? • Some middleboxes actively interfere with STARTTLS negotiation – Enterprises and ISPs [1] wanting to monitor outgoing traffic – Some countries [2] [3] that want to monitor email traffic on a national basis [1] Hoffman-Andrews, Jacob. 2014. “ISPs Removing Their Customers’ Email Encryption.” Electronic Frontier Foundation. November 11, 2014. https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks. [2] Durumeric, Zakir, David Adrian, Ariana Mirian, James Kasten, Elie Bursztein, Nicolas Lidzborski, Kurt Thomas, Vijay Eranti, Michael Bailey, and J. Alex Halderman. 2015. “Neither Snow Nor Rain Nor MITM...: An Empirical Analysis of Email Delivery Security.” In Proceedings of the 2015 Internet Measurement Conference, 27–39. IMC ’15. Tokyo, Japan: Association for Computing Machinery. https://doi.org/10.1145/2815675.2815695. [3] “Who’s That Knocking At My Door? Understanding Surveillance In Thailand.” n.d. Privacy International. Accessed February 10, 2020. http://privacyinternational.org/report/61/whos-knocking-my-door-understanding-surveillance- thailand.
  • 5. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 REQUIRETLS use cases • Journalists, dissidents, and other NGOs in semi-hostile regimes • Messages where metadata (e.g., correspondent addresses) should be protected from disclosure • Analogous to “Encrypt for Transmission Only” used by DoD – Sensitive but unclassified • Objective: make monitoring transparent and consensual – Not to defeat monitoring required for compliance purposes
  • 6. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 REQUIRETLS operation • Messages tagged REQUIRETLS can only be sent when: – Server MTA has been authenticated (DNSSEC or MTA-STS) – STARTTLS has been negotiated with valid certificate • DANE or trust chain – Server advertises REQUIRETLS support • Messages are bounced otherwise
  • 7. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 How to use REQUIRETLS • Senders requiring TLS transport tag their messages in the SMTP transaction – Look up and authenticate server MTA name (MX) – Negotiate STARTTLS – Verify server certificate matches MTA name – In second EHLO, ensure that server advertises REQUIRETLS – Include REQUIRETLS option in MAIL FROM: MAIL FROM <roger@example.org> REQUIRETLS – Bounce message if any of these fail
  • 8. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Deciding to use REQUIRETLS • REQUIRETLS trades off deliverability for security – Not suitable for all messages – Probably should be decided by the sender • REQUIRETLS could be selected for individual messages by: – Explicit user action (e.g., button on UI) – Ruleset on MUA (by domain, address, subject…) – Ruleset on submission MTA (by user or global)
  • 9. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 REQUIRETLS and “bounce” messages • Bounce messages are generated when REQUIRETLS can’t relay • But bounce messages: – Contain a lot of interesting metadata – May not have REQUIRETLS support • Handling: – Include REQUIRETLS on bounce – Force inclusion of only headers in bounce (RET=HDRS) – But if MAIL FROM is empty, do not discard bounce because of REQUIRETLS – Warn users about possible leakage
  • 10. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Threats to opportunistic TLS Threat • Interference with negotiation • Invalid server certificate • Bogus/spoofed MX record • MTA trust Mitigation • Refuse to send message unless TLS negotiated • Refuse to send message • Require DNSSEC or MTA-STS for recipient domain • Assumed trustworthy
  • 11. The TLS-Required header field And now for something completely different…
  • 12. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 Allowing message transmission with policy failure • DANE and MTA-STS advertise recipient domain support of STARTTLS – “Don’t send a message to me without STARTTLS” • What if sender really doesn’t care if the message goes in the clear? – Telling a domain that their certificates have expired • RFC 8689 has a second mechanism to handle this – Header field TLS-Required: No – Explicitly prioritizes delivery over domain policy
  • 13. M3AAWG 48th General Meeting | San Francisco, CA | February 2020 TLS-Required caveats • Doesn’t help if receiving MTA refuses to accept messages without STARTTLS • No way to determine if relaying MTAs support this feature – Insisting on MTA support would be counter-productive to delivery • Best-effort feature

Notes de l'éditeur

  1. 96% blockage Tunisia->Google in 2015
  2. We considered further minimization of included header information in bounce message
  3. Bogus MX record is not covered by certificate check because server certificate will match the server name in MX, and not necessarily the recipient domain.