Re: Any interest in rigorous definition for SSL certificate verification

ietf-smtp

Re: Any interest in rigorous definition for SSL certificate verification in SMTP?

2011-11-14 16:29:06




On 11/15/2011 4:10 AM, Carl S. Gutekunst wrote:

Dave CROCKER wrote:

On 11/14/2011 3:57 PM, Carl S. Gutekunst wrote:


RFC 3207 punts on the issue of certificate verification. Is there any interest
in a rigorous specification for certificate verification in SMTP/STARTTLS ? Is
this the appropriate WG for such a discussion?


what's the purpose? what problem is this intended to solve? how prevalent is
that problem now?


The purpose is to define a standard way for an SMTP sender (client) to determine
that the SMTP receiver that it's talking to is the one it thinks it's talking
to. The mechanism would detect man-in-the-middle attacks and connection
hijacking at either the routing or DNS level.



Isn't that exactly the problem that the DANE working group attacking.

If not, how is it different?  Can this issue be extended from their work?

d/
--

  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Arnt Gulbrandsen Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Dave CROCKER Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, SM Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Dave CROCKER <= Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst SMTP TLS and CN Domain Matching, Hector Santos Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Robert A. Rosenberg Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Tony Finch Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Alexey Melnikov

Previous by Date:	Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst
Next by Date:	Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst
Previous by Thread:	Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst
Next by Thread:	Re: Any interest in rigorous definition for SSL certificate verification in SMTP?, Carl S. Gutekunst
Indexes:	[Date] [Thread] [Top] [All Lists]