In message <410D7885-53F8-47E2-9B21-2D9B802D00F3(_at_)me(_dot_)com>, Sabahattin
Gucukoglu
writes:
On 14 Sep 2013, at 16:40, keld(_at_)keldix(_dot_)com wrote:
There are not that many MTA implementations out there so if we can persuade
implementers to provide STARTTLS per default, I see this as a path
with good chances to succeed. We could even advise implementers to generate
an auto-signed
certificate. This guidance could be done in an RFC.
How do you propose that receivers verify self-signed certificates?
Truly, to stop sniffing you don't have to verify you just have to encrypt.
As for verifying, DNSSEC and TLSA will provide a framework to do just that.
If there is a TLSA record and you have securely verified it then you close
the connection on TLS failure to verify. If you can securely verify that
there isn't a TLSA record or securely verify the TLSA response is insecure
then you just accept the offered CERT unless you have other knowledge the
CERT is invalid.
Note that many MTAs (Exchange, notably) will fail delivery if STARTTLS is off
ered, but verification does not succeed. This is stupid because Exchange wil
l happily deliver to hosts if STARTTLS is not advertised, so it's an inconsis
tent policy. (The solution for postmasters is then to either maintain a tabl
e of known stupid hosts, or [as in my case] just turn off server TLS.)
Cheers,
Sabahattin
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka(_at_)isc(_dot_)org
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp