ã€ãŸããMTA-STS ã¯ãã¡ãŒã« ãµãŒããŒéã§éä¿¡ãããé»åã¡ãŒã«ãåå (ã€ãŸããäžéè
æ»æãå¥å MitM) ããããã«ä¿è·ããæ¹æ³ã§ãã ããã¯ãé»åã¡ãŒã« ãããã³ã«ã®åŸæ¥ã®ã¢ãŒããã¯ãã£äžã®åé¡ãéšåçã«è§£æ±ºããæ¯èŒçæè¿ã®æšæº RFC 8461 ã§èª¬æãããŠããŸããMail.ru ã¯ããã®æšæºãå®è£
ãã RuNet äžã®æåã®äž»èŠãªã¡ãŒã« ãµãŒãã¹ã§ãã ãããŠããã¯ã«ããã®äžã§ãã詳现ã«èª¬æãããŠããŸãã
MTA-STS ã¯ã©ã®ãããªåé¡ã解決ããŸãã?
æŽå²çã«ãé»åã¡ãŒã« ãããã³ã« (SMTPãPOP3ãIMAP) ã¯æ å ±ãã¯ãªã¢ ããã¹ãã§éä¿¡ãããããéä¿¡ãã£ãã«ã«ã¢ã¯ã»ã¹ããå Žåãªã©ã«æ å ±ãååããããšãå¯èœã§ããã
ãããŠãŒã¶ãŒããå¥ã®ãŠãŒã¶ãŒã«ã¬ã¿ãŒãå±ããã¡ã«ããºã ã¯æ¬¡ã®ããã«ãªããŸãã
æŽå²çã«ãMitM æ»æã¯ã¡ãŒã«ãæµéããããããå Žæã§å¯èœã§ããã
RFC 8314 ã§ã¯ãã¡ãŒã« ãŠãŒã¶ãŒ ã¢ããªã±ãŒã·ã§ã³ (MUA) ãšã¡ãŒã« ãµãŒããŒã®é㧠TLS ã䜿çšããããšãèŠæ±ãããŠããŸãã 䜿çšãããµãŒããŒãšã¡ãŒã« ã¢ããªã±ãŒã·ã§ã³ã RFC 8314 ã«æºæ ããŠããã°ããŠãŒã¶ãŒãšã¡ãŒã« ãµãŒããŒéã®äžéè æ»æã®å¯èœæ§ã (ã»ãŒ) æé€ãããŸãã
äžè¬ã«åãå ¥ããããŠããæ £è¡ (RFC 8314 ã§æšæºå) ã«åŸããšããŠãŒã¶ãŒã®è¿ãã§ã®æ»æãæé€ãããŸãã
Mail.ru ã¡ãŒã« ãµãŒããŒã¯ãæšæºãæ¡çšãããåãã RFC 8314 ã«æºæ ããŠããŸãããå®éãRFC XNUMX ã¯æ¢ã«åãå
¥ããããŠããæ
£è¡ãåã«åã蟌ãã§ããã ãã§ãããè¿œå ã®èšå®ã¯äœãå¿
èŠãããŸããã§ããã ãã ããã¡ãŒã« ãµãŒããŒãäŸç¶ãšããŠå®å
šã§ãªããããã³ã«ã®äœ¿çšããŠãŒã¶ãŒã«èš±å¯ããŠããå Žåã¯ãå¿
ããã®æšæºã®æšå¥šäºé
ãå®è£
ããŠãã ããã ãããããããšãæå·åããµããŒãããŠããŠããå°ãªããšãäžéšã®ãŠãŒã¶ãŒã¯æå·åãªãã§ã¡ãŒã«ãæ±ã£ãŠããã§ãããã
ã¡ãŒã« ã¯ã©ã€ã¢ã³ãã¯åžžã«åãçµç¹ã®åãã¡ãŒã« ãµãŒããŒãšé£æºããŸãã ãŸãããã¹ãŠã®ãŠãŒã¶ãŒã«å®å šãªæ¹æ³ã§ã®æ¥ç¶ã匷å¶ããå®å šã§ãªããŠãŒã¶ãŒã®æ¥ç¶ãæè¡çã«äžå¯èœã«ããããšãã§ããŸã (ããã¯ãŸãã« RFC 8314 ãèŠæ±ããŠããããšã§ã)ã ããã¯é£ããå ŽåããããŸãããå®è¡å¯èœã§ãã ã¡ãŒã«ãµãŒããŒéã®ãã©ãã£ãã¯ã¯ããã«è€éã§ãã ãµãŒããŒã¯ããŸããŸãªçµç¹ã«å±ããŠããããèšå®ãããå¿ãããã¢ãŒãã§äœ¿çšãããããšãå€ããããæ¥ç¶ãåæããã«å®å šãªãããã³ã«ã«ããã«åãæ¿ããããšãã§ããŸããã SMTP ã¯é·ãéãæå·åããµããŒããããµãŒããŒã TLS ã«åãæ¿ããããšãå¯èœã«ãã STARTTLS æ¡åŒµæ©èœãæäŸããŠããŸããã ãããããã©ãã£ãã¯ã«åœ±é¿ãäžããèœåãæã€æ»æè ã¯ããã®ã³ãã³ãã®ãµããŒãã«é¢ããæ å ±ããåãåºããããµãŒããŒã«ãã¬ãŒã³ ããã¹ã ãããã³ã«ã䜿çšããéä¿¡ã匷å¶ããããšãã§ããŸã (ããããããŠã³ã°ã¬ãŒãæ»æ)ã åãçç±ã§ãSTARTTLS ã¯éåžžã蚌ææžã®æå¹æ§ããã§ãã¯ããŸãã (ä¿¡é Œã§ããªã蚌ææžã¯ååçãªæ»æããä¿è·ã§ããŸããããã¯ãã¡ãã»ãŒãžãã¯ãªã¢ ããã¹ãã§éä¿¡ããããšãšåãã§ã)ã ãããã£ãŠãSTARTTLS ã¯ååçãªçèŽããã®ã¿ä¿è·ããŸãã
MTA-STS ã¯ãæ»æè ããã©ãã£ãã¯ã«ç©æ¥µçã«åœ±é¿ãäžããèœåãæã£ãŠããå Žåã«ãã¡ãŒã« ãµãŒããŒéã§æåãååããåé¡ãéšåçã«æé€ããŸãã åä¿¡è ã®ãã¡ã€ã³ã MTA-STS ããªã·ãŒãå ¬éããéä¿¡è ã®ãµãŒããŒã MTA-STS ããµããŒãããŠããå Žåãé»åã¡ãŒã«ã¯ TLS æ¥ç¶çµç±ã§ã®ã¿ãããªã·ãŒã§å®çŸ©ããããµãŒããŒã«ã®ã¿ããµãŒããŒã®èšŒææžã®æ€èšŒãšãšãã«ã®ã¿éä¿¡ãããŸãã
ãªãéšåçã«ïŒ MTA-STS ã¯ãåæ¹ããã®æšæºã®å®è£ ã«æ³šæãæã£ãå Žåã«ã®ã¿æ©èœããŸããMTA-STS ã¯ãæ»æè ããããªã㯠CA ã® XNUMX ã€ããæå¹ãªãã¡ã€ã³èšŒææžãååŸã§ããã·ããªãªã«å¯ŸããŠã¯ä¿è·ããŸããã
MTA-STS ã®ä»çµã¿
ÐПлÑÑаÑелÑ
- ã¡ãŒã« ãµãŒããŒäžã®æå¹ãªèšŒææžã䜿çšã㊠STARTTLS ãµããŒããæ§æããŸãã
- HTTPS çµç±ã§ MTA-STS ããªã·ãŒãå
¬éããŸããå
¬éã«ã¯ãç¹å¥ãª mta-sts ãã¡ã€ã³ãšç¹å¥ãªæ¢ç¥ã®ãã¹ã䜿çšãããŸããããšãã°ã
https://mta-sts.mail.ru/.well-known/mta-sts.txt
ã ããªã·ãŒã«ã¯ããã®ãã¡ã€ã³ã®ã¡ãŒã«ãåä¿¡ããæš©å©ãæã€ã¡ãŒã« ãµãŒã㌠(mx) ã®ãªã¹ããå«ãŸããŠããŸãã - ç¹å¥ãª TXT ã¬ã³ãŒã _mta-sts ãããªã·ãŒ ããŒãžã§ã³ãšãšãã« DNS ã«å
¬éããŸãã ããªã·ãŒãå€æŽãããå Žåããã®ãšã³ããªãæŽæ°ããå¿
èŠããããŸã (ããã«ãããéä¿¡è
ã«ããªã·ãŒãåã¯ãšãªããããéç¥ãããŸã)ã äŸãã°ã
_mta-sts.mail.ru. TXT "v=STSv1; id=20200303T120000;"
éä¿¡è
éä¿¡è 㯠_mta-sts DNS ã¬ã³ãŒããèŠæ±ããããã䜿çšå¯èœãªå Žåã¯ãHTTPS çµç±ã§ããªã·ãŒèŠæ±ãäœæããŸã (蚌ææžã確èªããŸã)ã çµæã®ããªã·ãŒã¯ãã£ãã·ã¥ãããŸã (æ»æè ãããªã·ãŒãžã®ã¢ã¯ã»ã¹ããããã¯ããããDNS ã¬ã³ãŒããåœè£ ããå Žåã«åããŠ)ã
ã¡ãŒã«ãéä¿¡ããéã«ã¯ã次ã®ããšããã§ãã¯ãããŸãã
- ã¡ãŒã«ã®é ä¿¡å ãµãŒããŒã¯ããªã·ãŒå ã«ãããŸãã
- ãµãŒããŒã¯ TLS (STARTTLS) ã䜿çšããŠã¡ãŒã«ãåãå ¥ããæå¹ãªèšŒææžãæã£ãŠããŸãã
MTA-STS ã®å©ç¹
MTA-STS ã¯ãã»ãšãã©ã®çµç¹ã§ãã§ã«å®è£ ãããŠãããã¯ãããžãŒ (SMTP+STARTTLSãHTTPSãDNS) ã䜿çšããŸãã åä¿¡åŽã§ã®å®è£ ã«ã¯ãæšæºã«å¯Ÿããç¹å¥ãªãœãããŠã§ã¢ã®ãµããŒãã¯å¿ èŠãããŸããã
MTA-STS ã®æ¬ ç¹
Web ãµãŒããŒãã¡ãŒã«ãµãŒããŒã®èšŒææžã®æå¹æ§ãååã®å¯Ÿå¿ç¶æ³ãé©ææŽæ°ãç£èŠããå¿ èŠããããŸãã 蚌ææžã«åé¡ããããšã¡ãŒã«ãé ä¿¡ã§ããªããªããŸãã
éä¿¡è åŽã§ã¯ãMTA-STS ããªã·ãŒããµããŒããã MTA ãå¿ èŠã§ããçŸåšãMTA-STS 㯠MTA ã§ãã®ãŸãŸã§ã¯ãµããŒããããŠããŸããã
MTA-STS ã¯ãä¿¡é Œãããã«ãŒã CA ã®ãªã¹ãã䜿çšããŸãã
MTA-STS ã¯ãæ»æè ãæå¹ãªèšŒææžã䜿çšããæ»æã«å¯ŸããŠã¯ä¿è·ããŸããã ã»ãšãã©ã®å ŽåããµãŒããŒã®è¿ãã«ãã MitM ã¯ã蚌ææžãçºè¡ã§ããããšãæå³ããŸãã ãã®ãããªæ»æã¯ã蚌ææžã®éææ§ã䜿çšããŠæ€åºã§ããŸãã ãããã£ãŠãäžè¬ã«ãMTA-STS ã¯ãã©ãã£ãã¯ååã®å¯èœæ§ã軜æžããŸãããå®å šã«æé€ããããã§ã¯ãããŸããã
æåŸã® 7672 ã€ã®ç¹ã«ãããMTA-STS ã¯ç«¶åãã SMTP ã® DANE æšæº (RFC XNUMX) ãããå®å šæ§ãäœããªããŸãããæè¡çã«ã¯ä¿¡é Œæ§ãé«ããªããŸãã MTA-STS ã®å Žåãæšæºã®å®è£ ã«ãã£ãŠåŒãèµ·ããããæè¡çãªåé¡ã«ããã¬ã¿ãŒãé ä¿¡ãããªãå¯èœæ§ã¯äœãã§ãã
競åèŠæ Œ - DANE
DANE 㯠DNSSEC ã䜿çšããŠèšŒææžæ å ±ãå ¬éããå€éšã®èªèšŒå±ãä¿¡é Œããå¿ èŠããªããããããå®å šã§ãã ããããæ°å¹Žéã®äœ¿çšã«é¢ããçµ±èšã«åºã¥ããšãDNSSEC ã®äœ¿çšã¯æè¡çãªé害ã«ã€ãªããããšãéåžžã«å€ããªã£ãŠããŸã (ãã ããDNSSEC ãšãã®æè¡ãµããŒãã®ä¿¡é Œæ§ã«ã¯äžè¬çã«è¯ãåŸåããããŸã)ã åä¿¡åŽã® SMTP ã« DANE ãå®è£ ããã«ã¯ãDNSSEC ã®ååšãå¿ é ã§ãããDNSSEC ã«ã¯ã·ã¹ãã äžã®åé¡ããã DANE ã«ã¯ NSEC/NSEC3 ã®é©åãªãµããŒããäžå¯æ¬ ã§ãã
DNSSEC ãæ£ããæ§æãããŠããªãå Žåãéä¿¡åŽã DANE ããµããŒãããŠããã°ãåä¿¡åŽã DANE ã«ã€ããŠäœãç¥ããªããŠããã¡ãŒã«é ä¿¡ã倱æããå¯èœæ§ããããŸãã ãããã£ãŠãDANE ã¯ããå€ããããå®å šãªæšæºã§ãããéä¿¡åŽã®äžéšã®ãµãŒã㌠ãœãããŠã§ã¢ã§ãã§ã«ãµããŒããããŠããã«ãããããããå®éã«ã¯ãã®æ®åçã¯ãŸã ãããã§ãããDNSSEC ãå®è£ ããå¿ èŠããããããå€ãã®çµç¹ã DANE ãå®è£ ããæºåãã§ããŠããŸããããã®ãããDANE èŠæ ŒãååšããŠããäœå¹Žãã®éãDANE ã®å®è£ ãå€§å¹ ã«é ããŠããŸããã
DANE ãš MTA-STS ã¯çžäºã«ç«¶åããªãããã䜵çšã§ããŸãã
Mail.ru Mail ã® MTA-STS ãµããŒããšã¯äœã§ãã?
Mail.ru ã¯ãããªãé·ãéããã¹ãŠã®äž»èŠãã¡ã€ã³ã«å¯Ÿãã MTA-STS ããªã·ãŒãå ¬éããŠããŸããã çŸåšãæšæºã®ã¯ã©ã€ã¢ã³ãéšåãå®è£ ããŠããŸãã ãã®èšäºã®å·çæç¹ã§ã¯ãããªã·ãŒã¯ãã³ããããã³ã° ã¢ãŒãã§é©çšãããŠããŸã (é ä¿¡ãããªã·ãŒã«ãã£ãŠãããã¯ãããŠããå Žåãã¬ã¿ãŒã¯ããªã·ãŒãé©çšããã«ãäºåããµãŒããŒçµç±ã§é ä¿¡ãããŸã)ããã®åŸãããäžéšã«å¯ŸããŠããããã³ã° ã¢ãŒãã匷å¶ãããŸããéä¿¡ SMTP ãã©ãã£ãã¯ã®å²åãå¢å ããåŸã ã« 100% ã®ãã©ãã£ãã¯ã«å¯ŸããŠããªã·ãŒã®é©çšããµããŒããããŸãã
ä»ã«ãã®æšæºããµããŒãããŠããã®ã¯èª°ã§ãã?
ãããŸã§ã®ãšãããMTA-STS ããªã·ãŒã¯ã¢ã¯ãã£ããªãã¡ã€ã³ã®çŽ 0.05% ãå ¬éããŠããŸãããããã§ããã§ã«å€§éã®ã¡ãŒã« ãã©ãã£ãã¯ãä¿è·ããŠããŸãã ãã®æšæºã¯ãGoogleãComcastãããã³äžéšã® Verizon (AOLãYahoo) ãªã©ã®äž»èŠäŒæ¥ã«ãã£ãŠãµããŒããããŠããŸãã ä»ã®å€ãã®éµäŸ¿ãµãŒãã¹ã¯ããã®æšæºã®ãµããŒããè¿ãå°æ¥å®è£ ãããããšãçºè¡šããŠããŸãã
ããã¯ç§ã«ã©ã®ãããªåœ±é¿ãåãŒããŸãã?
ãã¡ã€ã³ã MTA-STS ããªã·ãŒãå ¬éããŠããå Žåãé€ããŸãã ããªã·ãŒãå ¬éãããšãã¡ãŒã« ãµãŒããŒã®ãŠãŒã¶ãŒå®ãŠã®é»åã¡ãŒã«ãååããããé©åã«ä¿è·ãããŸãã
MTA-STS ãå®è£ ããã«ã¯ã©ãããã°ããã§ãã?
åä¿¡åŽã§ã® MTA-STS ãµããŒã
HTTPS çµç±ã§ããªã·ãŒãå ¬éããDNS ã«èšé²ããMTA ã® STARTTLS ã«å¯ŸããŠä¿¡é Œã§ãã CA ã® XNUMX ã€ããæå¹ãªèšŒææžãæ§æããã ãã§ååã§ã (æå·åããŸããã) (STARTTLS ã¯ææ°ã®ãã¹ãŠã® MTA ã§ãµããŒããããŠããŸã)ã MTAã¯å¿ é ã§ãã
段éçã«ã次ã®ããã«ãªããŸãã
- 䜿çšããŠãã MTA (postfixãeximãsendmailãMicrosoft Exchange ãªã©) 㧠STARTTLS ãæ§æããŸãã
- æå¹ãªèšŒææž (ä¿¡é Œã§ãã CA ã«ãã£ãŠçºè¡ãããæå¹æéãåããŠããªãããšã蚌ææžã®ä»¶åããã¡ã€ã³ã«ã¡ãŒã«ãé ä¿¡ãã MX ã¬ã³ãŒããšäžèŽããããš) ã䜿çšããŠããããšã確èªããŠãã ããã
- (TLS ã¬ããŒãã®éä¿¡ããµããŒããããµãŒãã¹ã«ãã£ãŠ) ããªã·ãŒ ã¢ããªã±ãŒã·ã§ã³ ã¬ããŒããé
ä¿¡ããã TLS-RPT ã¬ã³ãŒããæ§æããŸãã ãšã³ããªã®äŸ (example.com ãã¡ã€ã³ã®å Žå):
smtp._tls.example.com. 300 IN TXT «v=TLSRPTv1;rua=mailto:[email protected]»
ãã®ãšã³ããªã¯ãSMTP ã§ã® TLS 䜿çšç¶æ³ã«é¢ããçµ±èšã¬ããŒããã¡ãŒã«éä¿¡è ã«éä¿¡ããããã«æ瀺ããŸãã
[email protected]
.ã¬ããŒããæ°æ¥éç£èŠããŠããšã©ãŒããªãããšã確èªããŸãã
- MTA-STS ããªã·ãŒã HTTPS çµç±ã§å
¬éããŸãã ããªã·ãŒã¯ãå Žæããšã« CRLF è¡çµç«¯æåãå«ãããã¹ã ãã¡ã€ã«ãšããŠå
¬éãããŸãã
https://mta-sts.example.com/.well-known/mta-sts.txt
ããªã·ãŒã®äŸ:
version: STSv1 mode: enforce mx: mxs.mail.ru mx: emx.mail.ru mx: mx2.corp.mail.ru max_age: 86400
ããŒãžã§ã³ ãã£ãŒã«ãã«ã¯ãããªã·ãŒã®ããŒãžã§ã³ãå«ãŸããŸã (çŸåšã
STSv1
)ãã¢ãŒãã¯ããªã·ãŒé©çšã¢ãŒãããã¹ã - ãã¹ã ã¢ãŒã (ããªã·ãŒã¯é©çšãããŸãã)ãåŒ·å¶ - ãæŠéãã¢ãŒããèšå®ããŸãã æåã«ã¢ãŒã: testing ã§ããªã·ãŒãå ¬éããŸãããã¹ã ã¢ãŒãã§ããªã·ãŒã«åé¡ããªãå Žåã¯ããã°ããããŠããã¢ãŒã: enforce ã«åãæ¿ããããšãã§ããŸããmx ã§ã¯ããã¡ã€ã³ã®ã¡ãŒã«ãåãå ¥ããããšãã§ãããã¹ãŠã®ã¡ãŒã« ãµãŒããŒã®ãªã¹ããæå®ãããŸã (åãµãŒããŒã«ã¯ãmx ã§æå®ãããååãšäžèŽãã蚌ææžãæ§æãããŠããå¿ èŠããããŸã)ã Max_age ã¯ãããªã·ãŒã®ãã£ãã·ã¥æéãæå®ããŸã (ãã£ãã·ã¥æéäžã«æ»æè ããã®é ä¿¡ããããã¯ããããDNS ã¬ã³ãŒããç ŽæãããããŠããèšæ¶ãããããªã·ãŒãé©çšãããããã«ãªããŸã)ãmta-sts DNS ãå€æŽããããšã§ãããªã·ãŒãå床èŠæ±ããå¿ èŠãããããšãéç¥ã§ããŸããèšé²ïŒã
- TXT ã¬ã³ãŒãã DNS ã«å
¬éããŸãã
_mta-sts.example.com. TXT âv=STS1; id=someid;â
ä»»æã®èå¥å (ã¿ã€ã ã¹ã¿ã³ããªã©) ã id ãã£ãŒã«ãã§äœ¿çšã§ããŸããããªã·ãŒãå€æŽãããå Žåã¯ãå€æŽããå¿ èŠããããŸããããã«ãããéä¿¡è ã¯ããã£ãã·ã¥ãããããªã·ãŒãåèŠæ±ããå¿ èŠãããããšãç解ã§ããŸã (èå¥åãç°ãªãå Žå)ããã£ãã·ã¥ããããã®ïŒã
éä¿¡åŽã§ã® MTA-STS ãµããŒã
ä»ã®ãšãã圌女ãšã¯ããŸããã£ãŠããªãããªããªã... æ°é®®ãªã¹ã¿ã³ããŒãã
- Exim - çµã¿èŸŒã¿ã®ãµããŒãã¯ãããŸããããµãŒãããŒãã£ã®ã¹ã¯ãªããããããŸãã
https://github.com/Bobberty/MTASTS-EXIM-PERL - Postfix - çµã¿èŸŒã¿ã®ãµããŒãã¯ãããŸãããHabré ã§è©³ãã説æãããŠãããµãŒãããŒãã£ã®ã¹ã¯ãªããããããŸãã
https://habr.com/en/post/424961/
ãTLSã®çŸ©ååãã«ã€ããŠããšãããšããŠ
æè¿ãèŠå¶åœå±ã¯é»åã¡ãŒã«ã®ã»ãã¥ãªãã£ã«æ³šç®ãéããŠããŸã (ããã¯è¯ãããšã§ã)ã ããšãã°ãDMARC ã¯ç±³åœã®ãã¹ãŠã®æ¿åºæ©é¢ã«çŸ©åä»ããããŠãããéèåéã§ããã®å¿ èŠæ§ããŸããŸãé«ãŸã£ãŠãããèŠå¶é åã«ãããæšæºã®æ®åç㯠90% ã«éããŠããŸãã çŸåšãäžéšã®èŠå¶åœå±ã¯åã ã®ãã¡ã€ã³ã«ãå¿ é TLSãã®å®è£ ãèŠæ±ããŠããŸããããå¿ é TLSããä¿èšŒããããã®ã¡ã«ããºã ã¯å®çŸ©ãããŠããããå®éã«ã¯ããã®èšå®ã¯å€ãã®å Žåããã§ã«æ»æãããŠããå®éã®æ»æã«å¯ŸããŠæå°éã®ä¿è·ããã§ããªãæ¹æ³ã§å®è£ ãããŠããŸãã DANE ã MTA-STS ãªã©ã®ã¡ã«ããºã ã§æäŸãããŸãã
èŠå¶åœå±ãåå¥ã®ãã¡ã€ã³ã§ãå¿ é TLSãã®å®è£ ãèŠæ±ããŠããå Žåãæé©ãªã¡ã«ããºã ãšã㊠MTA-STS ãŸãã¯ãã®éšåçãªé¡äŒŒç©ãæ€èšããããšããå§ãããŸããããã«ããããã¡ã€ã³ããšã«å®å šãªèšå®ãåå¥ã«è¡ãå¿ èŠããªããªããŸãã MTA-STS ã®ã¯ã©ã€ã¢ã³ãéšåã®å®è£ ãé£ããå Žå (ãããã³ã«ãåºããµããŒãããããŸã§ã¯ããããããããªãã§ããã)ã次ã®ã¢ãããŒãããå§ãããŸãã
- MTA-STS ããªã·ãŒã DANE ã¬ã³ãŒããå ¬éããŸã (DANE 㯠DNSSEC ããã¡ã€ã³ã§ãã§ã«æå¹ã«ãªã£ãŠããå Žåã«ã®ã¿æå³ããããã©ã®ãããªå Žåã§ã MTA-STS ãæå¹ã§ã)ãããã«ãããèªåã®æ¹åã®ãã©ãã£ãã¯ãä¿è·ãããä»ã®ã¡ãŒã« ãµãŒãã¹ã«åãåãããå¿ èŠããªããªããŸããã¡ãŒã« ãµãŒãã¹ããã§ã« MTA-STS ã DANE ããµããŒãããŠããå Žåããã¡ã€ã³ã«å¿ é ã® TLS ãæ§æããŸãã
- 倧èŠæš¡ãªé»åã¡ãŒã« ãµãŒãã¹ã®å Žåã¯ããã¡ã€ã³ããšã«åå¥ã®ãã©ã³ã¹ããŒãèšå®ãéã㊠MTA-STS ã®ãé¡äŒŒç©ããå®è£ ããŸããããã«ãããã¡ãŒã«äžç¶ã«äœ¿çšããã MX ãä¿®æ£ããããã® TLS 蚌ææžã®æ€èšŒãå¿ é ã«ãªããŸãã ãã¡ã€ã³ããã§ã« MTA-STS ããªã·ãŒãå ¬éããŠããå Žåãããã¯ããããåé¡ãªãå®è¡ã§ããŸãã ãªã¬ãŒãä¿®æ£ããŠèšŒææžãæ€èšŒããã«ãã¡ã€ã³ã®å¿ é TLS ãæå¹ã«ããã ãã§ã¯ãã»ãã¥ãªãã£ã®èŠ³ç¹ããã¯å¹æããªããæ¢åã® STARTTLS ã¡ã«ããºã ã«ã¯äœãè¿œå ãããŸããã
åºæïŒ habr.com