Network Working Group E. Osterweil
Internet-Draft Verisign Labs
Intended status: Informational S. Rose
Expires: May 29, 2015 D. Montgomery
NIST
November 25, 2014
Enterprise Requirements for Secure Email Key Management
draft-osterweil-dane-ent-email-reqs-01
Abstract
Individuals and organizations have expressed a wish to have the
ability to send encrypted and/or digitally signed email end-to-end.
One key obstacle to end-to-end email security is the difficulty in
discovering, obtaining, and validating email credentials across
administrative domains. This document addresses foreseeable adoption
obstacles for encrypted and digitally signed email in enterprises,
and outlines requirements. Some of the requirements below are not
DANE specific, and all may not be solvable with a DANE solution, but
are included for completeness and as an attempt to give a holistic
view of enterprise email security requirements.
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 29, 2015.
Copyright Notice
Copyright (c) 2014 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
Osterweil, et al. Expires May 29, 2015 [Page 1]
Internet-Draft Ent Reqs for Secure Email Key Management November 2014
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
1.1. Requirements Language . . . . . . . . . . . . . . . . . . 3
2. Requirements for Both . . . . . . . . . . . . . . . . . . . . 3
3. Requirements for Authorities . . . . . . . . . . . . . . . . 3
4. Requirements for Relying Parties . . . . . . . . . . . . . . 5
5. Other Requirements . . . . . . . . . . . . . . . . . . . . . 6
6. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
8. Security Considerations . . . . . . . . . . . . . . . . . . . 7
9. Normative References . . . . . . . . . . . . . . . . . . . . 7
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 7
1. Introduction
The management of security protections for email constituencies can
vary by organization and by type of organization. Some organizations
can have large sets of users with prescribed controls and policies,
some may have a lot of churn in their users, and there are many other
ways in which deployments may differ.
As a result of the variability of deployments, aligning key
management semantics with the behaviors of email users (and their
organizations) can be an important differentiator when administrators
choose a solution in which to invest. Designs and cryptographic
protocols that do not fit the requirements of users run the risk that
deployments may falter and/or may not gain traction.
This document addresses foreseeable requirements for email in
enterprises, and attempts to outline them. This document generally
categorizes requirements as being relevant to the domain authorities,
the Relying Parties (RPs), or both. In the following text, "domain
authorities" refers to the owners of a given domain, which may not
necessarily be the operators of the authoritative DNS servers for the
zone(s) that make up the domain.
Osterweil, et al. Expires May 29, 2015 [Page 2]
Internet-Draft Ent Reqs for Secure Email Key Management November 2014
1.1. Requirements Language
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in RFC 2119 [RFC2119].
2. Requirements for Both
REQ-1 Credentials stored can be either entire credential (i.e. the
key/certificate) or one-way hash of the credential.
Intuition and Use Case: This can reduce the size of DNS
responses. Some enterprises make use of large certificates or
large cryptograpic keys.
Use Case: Some enterprises make use of large certificates or
large cryptograpic keys.
REQ-2 The Protocol MUST be able to handle the use of DNS redirection
via CNAME/DNAME and wildcards.
Intuition: Managing user domain names may be a different
cardinality than number of S/MIME certificates. For example,
if the domain's users employ the same certificate for both
digital signature and encryption, a DNAME record enables a
single Resource Record (RR) for each user.
3. Requirements for Authorities
REQ-3 The protocol MUST support incremental rollout of DANE-centric
cryptographic protections, whereby not all users in an enterprise
may be cut over to a DANE solution at the same time and MUST be
backwards compatible
Intuition: Enterprise operations may wish be able to enroll
subsets of all of their users in a DANE architecture without
disrupting existing email cryptographic services for all
users.
Use Case: This requirement is necessary for when two
enterprises merge and there will be a migration period as one
unit transitions its users' credentials to a DANE based
system. Another example is in the inital deployment of a DANE
solution for email, which will likely happen over an extended
period of time in large enterprises.
Osterweil, et al. Expires May 29, 2015 [Page 3]
Internet-Draft Ent Reqs for Secure Email Key Management November 2014
REQ-4 The protocol MUST have the ability to either scope a
Certification Authority (CA) or local Trust Anchor (TA) in use
for a given domain.
Intuition: Enterprises may issue certificates from a local TA
or global CA and prefer to authorize that certificate in DNS
(instead of End Entity certificates for every user).
REQ-5 The protocol SHOULD have the ability to signal that a
particular security artifact (key or certificate) MUST NOT be
accepted for a particular function (e.g. encryption or validating
digital signatures). The credential is still considered valid
for some uses, but MUST be rejected for the given function. Note
that this requirement would likely rely on the use of the next
requirement below.
Intuition: Allows an enterprise to associate key material with
specific functionality.
Use Case: An enterprise may have a general office "inbox" that
has an associated certificate so customers can send encrypted
email. However, the same inbox address would never send
email, so the enterprise would want to signal that the same
certificate will never be used to send digitally signed email
and to reject any digital signature associated with the
certificate.
REQ-6 The protocol MUST allow for separate management, publication,
and learning of keys that are used for signing versus encryption.
Intuition: Separating, scaling, delegating, and general
management for different keys in different ways and in
different branches of the DNS allows administrators to manage
different material in different systems if needed. This also
allows for an enterprise to associate credentials/key material
with specific email functions.
Use Case: An enterprise may issue separate encrypting and
signature certificates to each member, and wish to denote
their usage in the DNS so external email clients can obtain
and use the correct certificate for a given usage.
REQ-7 The protocol MUST have the ability to delegate authority for
user names.
Intuition: Some enterprises may wish to use a service
provider.
Osterweil, et al. Expires May 29, 2015 [Page 4]
Internet-Draft Ent Reqs for Secure Email Key Management November 2014
REQ-8 The protocol MUST have the ability to manage keys in different
ways for different user names.
Intuition: Not all members of a medium/large enterprise may be
migrated onto a DANE system overnight, and must operate
alongside current email key management. This could include
users that use a different email security protocol.
Use Case: This is useful when one enterprise acquires a new
subsidiary or two enterprises merge. Until the two email
systems can be reconciled, both systems must be able to co-
exist and managed by the same (newly joined) enterprise.
4. Requirements for Relying Parties
REQ-9 Key material for DANE-enabled email users MUST be verifiably
discoverable and learnable using just an email address.
Intuition: Email addresses are all the RP has, but may point
to external management systems.
REQ-10 The protocol SHOULD have the ability to provide opportunistic
encryption at the user's discretion.
Intuition: Compliance controls (for example) may mandate the
encryption of all messages under certain circumstances.
REQ-11 The protocol MUST support default verification configurations
(such as enterprise TA or stapling) with user-specific overrides.
Overrides MUST include specifying specific cryptographic
information for specific users and disallowing users (either
specific cryptographic or entirely).
REQ-12 The protocol MUST be resistant to downgrade attacks targeting
the DNS response.
Intuition: If DNSSEC is stripped, the protocol MUST alert the
user or refuse to send an unencrypted email message.
REQ-13 The protocol MUST provide separate semantics to discover
certificates that are used for specific purposes. For example,
encryption keys MUST be discoverable separately from signature
keys. Possible means includes (but not limited to) naming
conventions, sub-typing or unique RR types for each use
Intuition: Not all certificates for a user may be needed (or
considered valid by policy) for all circumstances. Fetching
Osterweil, et al. Expires May 29, 2015 [Page 5]
Internet-Draft Ent Reqs for Secure Email Key Management November 2014
them separately can be a management, a scaling, or even a
security concern.
5. Other Requirements
The requirements below are enterprise level email requirements that
may not fit a specific role, or fit multiple roles. Some of these
requirements may not be solvable via a DANE solution and may be
better suited using another method. They are included here merely to
document them.
REQ-14 There MUST be the ability to signal domain wide policies with
respect to secure email functions.
Intuition: An enterprise may wish to publish its email
security policy so clients can determine the security status
of an email message.
Use Case: An enterprise has a policy that all email messages
must be digitally signed. The enterpise states its policy in
the DNS so that external recipients can determine if unsigned
messages represent a security risk or potential phishing
attempt.
REQ-15 The protocol SHOULD have the ability to signal that a
particular email address is not (or no longer) a valid sender for
the given domain.
Intuition: Allows for authenticated denial of existence of a
network identity.
6. Acknowledgements
The authors of this draft would like to acknowledge the input,
discussions and contributions from the members of the IETF DANE
Working Group mailing list.
7. IANA Considerations
This document only discusses requirements for publishing and querying
for security credentials used in email. No new IANA actions are
required in this document, but specifications addressing these
requirements may have IANA required actions.
This section should be removed in final publication.
Osterweil, et al. Expires May 29, 2015 [Page 6]
Internet-Draft Ent Reqs for Secure Email Key Management November 2014
8. Security Considerations
The motivation for this document is to outline requirements needed to
facilitate the secure publication and learning of cryptographic keys
for email, using DANE semantics. There are numerous documents that
more generally address security considerations for email. By
contrast, this document is not proposing a protocol or any facilities
that need to be secured. Instead, these requirements are intended to
inform security considerations in follow-on works.
9. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997.
Authors' Addresses
Eric Osterweil
Verisign Labs
Reston, VA
US
Scott Rose
NIST
100 Bureau Dr.
Gaithersburg, MD 20899
US
Email: scottr@nist.gov
Doug Montgomery
NIST
100 Bureau Dr.
Gaithersburg, MD 20899
US
Email: dougm@nist.gov
Osterweil, et al. Expires May 29, 2015 [Page 7]