[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-18 09:40:24
On 18/09/2013 15:11, keld(_at_)keldix(_dot_)com wrote:
The problems to solve are known for a long time, snooping on lines. We can rebuild a part of the internet in a safer version. To have a chance to make some impact, I believe it is necesary to build safer defaults into major MTAs like postfix and sendmail.
My concern is that while something like TLS will have an effect on criminals snooping on wireless networks etc, I can't see how it would definitely help against governments.

The issue is - how do I know that the mail server I am sending the message to is the one I should be sending the message to? If I don't know that with a good degree of certainty, then using TLS won't achieve security, because I could simply be dumping my messages on a compromised server.

DNS, IP addresses and certificates could all be subverted by a government at a 'choke point' such as an international link. Even if I knew for certain that '' was the IP address I should be talking to (which is unlikely), it would be trivial for a router at a choke point to redirect that IP address to another machine instead of the one it was supposed to go to. If I am allowed to validate certificates (which is currently doubtful), then I'd have a bit more certainty, but, to be honest, can I trust that a CA won't issue fake certificates to a government?

Yes, use TLS where you can - it won't do any harm, and is better than not using TLS - but don't expect it to do anything significant to stop a government from snooping if it wants to, except with pre-known certificate fingerprints. I'd be reluctant to risk breaking interoperability to force TLS usage, because of the dubious benefit.


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>