ietf-smtp
[Top] [All Lists]

Re: request discussion of two documents on SMTP relaying

2005-06-16 06:25:28

However, even one-time keys cannot prevent the sort of attack involving
attacker substitution of SMTP session commands.  TLS won't protect
against impersonation of a server (the attacker can easily choose to
accept the client certificates and supply session keys, using TLS as if
it were the server it is impersonating; it can then collect client
authentication transactions and/or forward certificates and session
packets to the "real" server, passing responses back to the client and/or
substituting SMTP commands and data of the attacker's choice).

If I'm not mistaken, TLS does protect against impersonation of a server, because part of what is used to derive the encryption key is signed with the server's private key, and the client checks the server certificate using the CAs' keys that the client already knows about. Granted this is of little value if the user gets a popup message that says "we can't validate the server's key, should we trust it anyway?" and says yes without stopping to think about whether a MitM attack might be possible.

Much of the above is not SMTP-specific.  However SMTP AUTH is asymmetric;
it provides for the client to authenticate itself to a server but provides
no mechanism for a client to determine the authenticity of the server.

I believe this statement applies to particular SASL authentication methods, not to SASL in general.

Keith



<Prev in Thread] Current Thread [Next in Thread>