[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-14 17:42:09

In message <410D7885-53F8-47E2-9B21-2D9B802D00F3(_at_)me(_dot_)com>, Sabahattin 
On 14 Sep 2013, at 16:40, keld(_at_)keldix(_dot_)com wrote:
There are not that many MTA implementations out there so if we can persuade
implementers to provide STARTTLS per default, I see this as a path
with good chances to succeed. We could even advise implementers to generate
 an auto-signed 
certificate. This guidance could be done in an RFC.

How do you propose that receivers verify self-signed certificates?

Truly, to stop sniffing you don't have to verify you just have to encrypt.

As for verifying, DNSSEC and TLSA will provide a framework to do just that.
If there is a TLSA record and you have securely verified it then you close
the connection on TLS failure to verify.  If you can securely verify that
there isn't a TLSA record or securely verify the TLSA response is insecure
then you just accept the offered CERT unless you have other knowledge the
CERT is invalid.
Note that many MTAs (Exchange, notably) will fail delivery if STARTTLS is off
ered, but verification does not succeed.  This is stupid because Exchange wil
l happily deliver to hosts if STARTTLS is not advertised, so it's an inconsis
tent policy.  (The solution for postmasters is then to either maintain a tabl
e of known stupid hosts, or [as in my case] just turn off server TLS.)


ietf-smtp mailing list
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka(_at_)isc(_dot_)org
ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>