Carl S. Gutekunst <csg(_at_)alameth(_dot_)org> wrote:
RFC 3207 punts on the issue of certificate verification. Is there any interest
in a rigorous specification for certificate verification in SMTP/STARTTLS ? Is
this the appropriate WG for such a discussion?
I am interested.
STARTTLS as it is currently used is fine for message submission, but it
could do with a more precise specification.
For inter-domain SMTP, STARTTLS is hopeless because the majority of MX
server certificates cannot be verified, as Carl has previously described
on this list http://www.imc.org/ietf-smtp/mail-archive/msg05366.html
So we need something that allows MXs to say explicitly, "please strictly
verify my certificate". For this to be any use it needs downgrade
prevention, which probably requires a declaration in the DNS protected
There is also the problem of which identity is to be verified. There is no
point verifying the MX target host name unless the recipient's DNS zone is
signed and the sender's MTAs are doing DNSSEC validation.
If you prefer to avoid requiring DNSSEC, you must verify the recipient
mail domain. In this case you have a much greater need for some kind of
support for server certificate selection (either SNI in TLS or perhaps a
new ESMTP TLS service extension), and you have to decide how to deal with
messages that have recipients at multiple different domains on the same MX
target server. This is all rather complicated and messy.
f.anthony.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
Lundy, Fastnet, Irish Sea: East or southeast 5 to 7, decreasing 4 at times.
Moderate or rough, occasionally very rough in Fastnet. Fair. Moderate or good,
occasionally poor later.