Andrew Newton <andy(_at_)hxr(_dot_)us> wrote:
From section B.4.1 of draft-marid-csv-intro:
B.4.1 StartTLS
A common certificate method as used with StartTLS [RFC3207] can
authenticate an unknown server after an investment in signed periodic
digital certificates, encryption capabilities, and services of a
Certificate Authority. This investment creates a barrier for
large-scale use over the open Internet. Reliance on the certificate
signature also adds a need to vet Certificate Authorities in addition
to the confirmed domains.
This (IMHO) intends to say that StartTLS can offer strong authentication,
but it comes at the expense of a lot of certificate-related baggage.
Spontaneous communications are at the core of Internet design and
operation. So omission of a Certificate Authority is typically
allowed of clients. When this is allowed, StartTLS loses any ability
to authenticate the relationship of the client to its claimed domain
name
This intends to say that, in order to allow communication between
MTAs lacking any prior relationship, StartTLS is implemented with a
critical piece of that baggage removed. It goes on to warn that, with
this critical piece of baggage removed, StartTLS is no longer able to
authenticate the relationship claimed to the EHLO name.
Does this imply that the strong authentication provided by certificate
validation of TLS is to be subjugated by CSV, which is most likely to
be weaker authentication?
That certainly was not intended. StartTLS, even in its weakend form,
is still useful for its intended purpose: it's just not useful as a
means of authenticating the EHLO name.
Also, I think many security-minded folks may disagree with the
characterization in the first paragraph. Opportunistic encryption with
peer authentication using TLS happens every day on the Internet.
You've lost me, Andy. I can only guess that you interpreted "creates
a barrier" to mean that the expense of the investment "creates" an
"insurmountable barrier", which strikes me as an unlikely parsing, even
with the following paragraph amputated. Given the paragraph which follows,
it seems clear to me that "omission of a Certificate Authority" is a
common method of surmounting the barrier.
Or did you mean something else?
--
John Leslie <john(_at_)jlc(_dot_)net>