What would be the advantage of using a certificate from a publicly trusted CA on a receiving mail server? Note that sending mail servers usually do not care for reasons.
- en.internet.nl/mail/bund.de/4
- rfc-editor.org/rfc/rfc7672.ht
- rfc-editor.org/rfc/rfc7672.ht
Conversation
There are pros and cons to ensuring a valid a cert from a public CA. The positives are:
* A few brain-dead MTAs do opportunistic TLS wrong, they send in cleartext when TLS auth fails, instead of continuing anyway w/ STARTTLS. Given a valid cert they use TLS.
...
2
3
* You can, if you wish, publish an MTA-STS policy, and maintain associated DNS TXT records to enable some senders to use MTA-STS.
The negatives are:
* You have to rotate the certificate in time to keep it valid.
* This can increase the odds of a mismatch with any DANE TLSA RRs.
2
2
It's easy to use certbot for this:
certbot certonly --standalone --key-type rsa --rsa-key-size 3072 --reuse-key -d domain.com
This will reuse the same key each time and when you want to rotate the key you can request a second certificate with --cert-name to rotate.
3
1
The same private key? Well, the whole point for a shortened certificate life time to me was to renew also the private key.
2
Email server security depends on pinning the private key via a TLSA record. That means the regular certificate renewal process needs to reuse the same private key. Please read the next tweet in the thread. You're responding to this tweet out of context.
Quote Tweet
Replying to @DanielMicay @VDukhovni and 2 others
You add a TLSA record for the new certificate, then once enough time has passed switch over to it and tell certbot to delete the old certificate.
MUAs usually expect a CA issued certificate for the submission ports and don't understand TLSA records so it's useful beyond MTA-STS.
1
If you want to automate key rotation, you can do that. If you want to rotate the private key every week, that's entirely possible. You need to obtain a new certificate with the new private key, add a new TLSA record, wait and then rotate over to using the new certificate.
1
Email servers can't validate each other's certificates based on certificate authorities unless they opt into that via MTA-STS which is a Trust-On-First-Use system like HSTS without support for preloading. It also still depends on DNS security, as do certificates from CAs.
2
Don't need to rotate the key based on the Let's Encrypt schedule where you renew every 60 days and certificates expire after 90 days. Once you remove the previous TLSA record after rotation, prior certificates won't pass DANE verification. You could do it way more frequently.
1
If you automate handling key rotation, which requires rotating the pins, then you can determine the rate that it happens. The Let's Encrypt rate limit is quite high although you would want to leave yourself leeway rather than using all of it as part of regular usage.
1
If you don't use --reuse-key, then it's going to immediately start using the new key immediately and your TLSA pin will be broken. DNS records are cached based on their TTL and there will be a window of breakage based on TTL even if you add a certbot hook to update the record.
Does certbot or friends have a hook for e.g. nsupdate?
2
certbot supports arbitrary hooks which I personally use for github.com/tomwassenberg/ to have reliable OCSP Must-Staple with nginx.
Could make a little script to generate a TLSA record and set it for the DNS server. I haven't implemented automation for key rotation myself.
1
1
Show replies