[Top] [All Lists]

Re: SMTP/TLS: Authentication of an SMTP server's identity

2004-05-07 11:17:41

Keith Moore <moore(_at_)cs(_dot_)utk(_dot_)edu> writes:

This is true in general.  Just because you have a cert for a particular
domain does not mean you are authorized to accept mail for that domain.

True.  The normal TLS PKI system is not particularly strong.

Basically the email system, as part of its protocol definition, trusts
the DNS.  If you don't have signed DNS records, there's a security hole.
It's always been there.

I agree with that in general, but it is entirely possible to secure
specific SMTP links, and may even be valuable to do so in circumstances
more limited than exchanging e-mail with the entire Internet.  (On the
other hand, it's not clear to me that any of those circumstances would
entail MX records.)

TLS simply wasn't designed to handle this case.

I believe that TLS with the server_name extension does actually handle
this case correctly and with the maximum possible security that one can
get out of whatever PKI system one is using for certificate validation.

Since we don't have that, what this means is that TLS by itself is of
limited applicability for email relaying.


MX is not the same thing as virtual hosting.

Also agreed.  I'm just saying that at a TLS protocol level, the issues
involved look very similar.

Russ Allbery (rra(_at_)stanford(_dot_)edu)