[Top] [All Lists]

Re: Any interest in rigorous definition for SSL certificate verification in SMTP?

2011-11-14 16:29:06

On 11/15/2011 4:10 AM, Carl S. Gutekunst wrote:
Dave CROCKER wrote:
On 11/14/2011 3:57 PM, Carl S. Gutekunst wrote:

RFC 3207 punts on the issue of certificate verification. Is there any interest
in a rigorous specification for certificate verification in SMTP/STARTTLS ? Is
this the appropriate WG for such a discussion?

what's the purpose? what problem is this intended to solve? how prevalent is
that problem now?

The purpose is to define a standard way for an SMTP sender (client) to determine
that the SMTP receiver that it's talking to is the one it thinks it's talking
to. The mechanism would detect man-in-the-middle attacks and connection
hijacking at either the routing or DNS level.

Isn't that exactly the problem that the DANE working group attacking.

If not, how is it different?  Can this issue be extended from their work?


  Dave Crocker
  Brandenburg InternetWorking

<Prev in Thread] Current Thread [Next in Thread>