32
DANE/DNSSEC/TLS Testing in the Go6lab Jan Žorž, Internet Society [email protected] [email protected]

DANE/DNSSEC/TLS Testing in the Go6lab

Embed Size (px)

Citation preview

Page 1: DANE/DNSSEC/TLS Testing in the Go6lab

DANE/DNSSEC/TLSTestingintheGo6lab

JanŽorž,[email protected]

[email protected]

Page 2: DANE/DNSSEC/TLS Testing in the Go6lab

Acknowledgement

IwouldliketothankInternetSocietytoletmespendsomeofmyISOCworkingtimeingo6labandtestallthisnewandexcitingprotocolsandmechanismsthatmakesInternetabitbetterandmoresecureplace…

Page 3: DANE/DNSSEC/TLS Testing in the Go6lab

DNSSECimplementationingo6lab

IninterestoftimeI’llskipalltheDNSSECimplementationslidesasweareintheNetherlandsandyoumostprobablyknowallthisstuffalreadyJ

Let’sjustassumethatDNSSECingo6labworks,domainsaresignedandDSkeyspublished.

Page 4: DANE/DNSSEC/TLS Testing in the Go6lab

DANEexperiment

• WhenDNSSECwassetupandfunctioningwestartedtoexperimentwithDANE(DNSAuthenticatedNameEntities).

• Requirements:– DNSSECsigneddomains– PostfixserverwithTLSsupport>2.11

• WedecidedonPostfix3.0.1

Page 5: DANE/DNSSEC/TLS Testing in the Go6lab

DANE• TLSArecordformx.go6lab.si

_25._tcp.mx.go6lab.si.INTLSA311B4B7A46F9F0DFEA0151C2E07A5AD7908F4C8B0050E7CC25908DA05E2A84748ED

It’s basically apublic key fingerprint oftheTLSself-signedcertificate onmx.go6lab.siserver.

More about DANE:http://www.internetsociety.org/deploy360/resources/dane/

Page 6: DANE/DNSSEC/TLS Testing in the Go6lab

WhatisDANEandhowdoesitwork

Page 7: DANE/DNSSEC/TLS Testing in the Go6lab
Page 8: DANE/DNSSEC/TLS Testing in the Go6lab
Page 9: DANE/DNSSEC/TLS Testing in the Go6lab

DANEverification

• Mx.go6lab.siwasabletoverifyTLScerttoT-2mailserverandnlnet-labsandsomeothers…

mx postfix/smtp[31332]: Verified TLS connection established to smtp-good-in-2.t-2.si[2a01:260:1:4::24]:25: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)

dicht postfix/smtp[29540]: Verified TLS connection established to mx.go6lab.si[2001:67c:27e4::23]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Page 10: DANE/DNSSEC/TLS Testing in the Go6lab

Postfixconfigsmtpd_use_tls =yessmtpd_tls_security_level =maysmtpd_tls_key_file =/etc/postfix/ssl/server.pemsmtpd_tls_cert_file =/etc/postfix/ssl/server.pemsmtpd_tls_auth_only =nosmtpd_tls_loglevel =1smtpd_tls_received_header =yessmtpd_tls_session_cache_timeout =3600ssmtp_tls_security_level =danesmtp_use_tls =yessmtp_tls_note_starttls_offer =yessmtp_tls_loglevel =1tls_random_exchange_name =/var/run/prng_exchtls_random_source =dev:/dev/urandomtls_smtp_use_tls =yes

Page 11: DANE/DNSSEC/TLS Testing in the Go6lab

1MtopAlexadomainsandDANE

• Wefetchedtop1millionAlexa domainsandcreatedascriptthatsentanemailtoeachofthem(test-dnssec-dane@[domain])

• Aftersometweakingofthescriptwegotsomegoodresults

• Thenwebuiltascriptthatparsedmaillogfileandherearetheresults:

Page 12: DANE/DNSSEC/TLS Testing in the Go6lab

Results

• Outof1milliondomains,992,232ofthemhadMXrecordandmailserver.

• Nearly70%(687,897)ofallattemptedSMTPsessionstoAlexa top1milliondomainsMXrecordswereencryptedwithTLS

• MajorityofTLSconnections(60%)wereestablishedwithtrustedcertificate

• 1,382connectionswhereremotemailserverannouncedTLScapabilityfailedwith"CannotstartTLS:handshakefailure"

Page 13: DANE/DNSSEC/TLS Testing in the Go6lab

MoreresultsTLSestablishedconnectionsratiosare:

Anonymous:109.753Untrusted:167.063Trusted:410.953Verified:128

Quickguide:Anonymous(opportunisticTLSwithnosignature),Untrusted(peercertificatenotsignedbytrustedCA),Trusted(peercertificatesignedbytrustedCA)andVerified(verifiedwithTLSAbyDANE).

Page 14: DANE/DNSSEC/TLS Testing in the Go6lab

DANEVerified

Verified:128!!!

Page 15: DANE/DNSSEC/TLS Testing in the Go6lab

Maildistribution

Mail Servers #DomainsHandled TLSState

google.com 125,422 Trusted

secureserver.net 35,759 SomeTrusted,somenoTLSatall

qq.com 11,254 NoTLS

Yandex.ru 9,268 Trusted

Ovh.net 8.531 MostTrusted, withredirectservershavingnoTLSatall

Page 16: DANE/DNSSEC/TLS Testing in the Go6lab

Maildistribution

Mail Servers #DomainsHandled TLSState

Emailsrvr.com 8,262 Trusted

Zohomail.com 2.981 Trusted

Lolipop.jp 1.685 NoTLS

Kundenserver.de 2,834 Trusted

Gandi.net 2,200 Anonymous

Page 17: DANE/DNSSEC/TLS Testing in the Go6lab

DNSSEC?DANE?

Noneofthese“big”mailservers(andtheirdomains)areDNSSECsigned(thatmeantnoDANEatallfortheircustomerspossible- uptoJanuary

2016).

Page 18: DANE/DNSSEC/TLS Testing in the Go6lab

MalformedTLSArecord• WecreatedaTLSArecordwithabadhash(onecharacterchanged)

• Postfixfailedtoverifyitandrefusedtosendamessage

mx postfix/smtp[1765]: Untrusted TLS connection established to mail-bad.go6lab.si[2001:67c:27e4::beee]:25: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)mx postfix/smtp[1765]: 3A4BE8EE5C: Server certificate not trusted

Page 19: DANE/DNSSEC/TLS Testing in the Go6lab

• Ofcourse,withwrongcertificatehashinTLSArecord(refusestosendmail)

• IfdomainwhereMXrecordresidesisnotDNSSECsigned(can’ttrustthedatainMX,sonoverification)

• IfTLSArecordpublishedinnon-DNSSECzone(can’ttrustthedatainTLSA,sonoverification)

WhendoDANEthingsfail?

Page 20: DANE/DNSSEC/TLS Testing in the Go6lab

• go6lab.sizoneissigned,soismx.go6lab.si• thereisTLSAformx.go6lab.si,alsosigned• Domainsigned.si issignedandMXpointstomx.go6lab.si

• Domainnot-signed.si isnotsignedandMXpointstomx.go6lab.si

[email protected] [email protected] (signed.si andnot-signed.si areusedjustasexamples)

Whendothingsfail?(example)

Page 21: DANE/DNSSEC/TLS Testing in the Go6lab

[email protected] (signeddomain):

Verified TLSconnectionestablishedtomx.go6lab.si[2001:67c:27e4::23]:25:

[email protected] (notsigneddomain):

Anonymous TLSconnectionestablishedtomx.go6lab.si[2001:67c:27e4::23]:25:

Whendothingsfail?(example)

Page 22: DANE/DNSSEC/TLS Testing in the Go6lab

• Let’strytopointMXrecordfromsigneddomaintoA/AAAArecordinnot-signeddomainwithTLSAthatisalsonotsigned(obviously)– mail.not-signed.si

[email protected] whenMXforsigned.sipointstomail.not-signed.si – DANEverificationisnotevenstartedaschainoftrustisbroken

WhendoDANEverificationalsofail?

Page 23: DANE/DNSSEC/TLS Testing in the Go6lab

postfix-3.1-20160103/HISTORY:20160103

Feature:enableDANEpolicieswhenanMXhosthasasecureTLSADNSrecord,eveniftheMXDNSrecordwasobtainedwithinsecurelookups.TheexistenceofasecureTLSArecordimpliesthatthehostwantstotalkTLSandnotplaintext.Thisbehavioriscontrolledwithsmtp_tls_dane_insecure_mx_policy(default:"dane",othersettings:"encrypt"and"may";thelatterisbackwards-compatiblewithearlierPostfixreleases).ViktorDukhovni.

PostfiximprovementsJ

Page 24: DANE/DNSSEC/TLS Testing in the Go6lab

Let’sEncrypt,DANEandmail• Let’sEncryptrecommendsusing‘211’and‘311’records• ValidityofLEcertis90days• Bydefaulttheunderlyingkeyischangedwhenrenewing• …soalsocerthashischanged• So,lot’sofworkifyouplantopublish311TLSA• usingthe‘211’methodleadstoanotherissue– namelylack

ofanDSTRootCAX3certificateinthefullchain.pem fileprovidedbytheLet’sEncryptclient

• SoweneedtofetchtheDSTRootCAX3certificateandaddittofullchain.pem fileandverifythatitdidnotchangefromprevioustimewerenewed…

Page 25: DANE/DNSSEC/TLS Testing in the Go6lab

ScripttoaddDSTRootCAX3

lynx--sourcehttps://www.identrust.com/certificates/trustid/root-download-x3.html|grep -v"\/textarea"|awk '/textarea/{x=NR+18;next}(NR<=x){print}'|sed -e'1i-----BEGINCERTIFICATE-----\'|sed -e'$a-----ENDCERTIFICATE-----\'>>/etc/letsencrypt/live/mx.go6lab.si/fullchain.pem

Page 26: DANE/DNSSEC/TLS Testing in the Go6lab

Valid311and211TLSArecords

Page 27: DANE/DNSSEC/TLS Testing in the Go6lab

But…• Atnextcertificaterenew,bydefaultunderlyingkeywillchangeand311TLSArecordwillbecomeinvalid…

• Laborwise,weneedtokeeptheunderlyingkeythroughtherenewals

• --csroptioninletsencrypt-autoclient(andalsoatcertbot-auto)

• Indirecotry“examples”thereis“generate-csr.sh”file(letsencrypt branch)

Page 28: DANE/DNSSEC/TLS Testing in the Go6lab

Stableunderlyingkey…

./generate-csr.sh mx.go6lab.siGeneratinga2048bitRSAprivatekey................+++..+++writingnewprivatekeyto'key.pem'-----Youcannowrun:letsencrypt auth --csr csr.der

Page 29: DANE/DNSSEC/TLS Testing in the Go6lab

Renewalsandhashes…• Nowweareusingthesameunderlyingkeyforautomaticrenewalsofcertificate,sohashdoesnotchangeand311TLSArecordworks.

• We’llrotatetheunderlyingkeywhenwedecidetoandbeingdrivenbyhumanintervention(andalsochangetheTLSA).

• ./certbot-autocertonly --debug--renew-by-default-astandalone--csr ./mx.go6lab.si.der–keep

• Ofcourse,weaddDSTRootCAX3certificatetofullchain.pem

Page 30: DANE/DNSSEC/TLS Testing in the Go6lab
Page 31: DANE/DNSSEC/TLS Testing in the Go6lab

Morereading:

http://www.internetsociety.org/deploy360/blog/2016/01/lets-encrypt-certificates-for-mail-servers-and-dane-part-1-of-2/

http://www.internetsociety.org/deploy360/blog/2016/03/lets-encrypt-certificates-for-mail-servers-and-dane-part-2-of-2/

Page 32: DANE/DNSSEC/TLS Testing in the Go6lab

Q&A

Questions?Protests?Suggestions?Complaints?

[email protected]@isoc.org