[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-18 20:33:07

In message <20130919010115(_dot_)GB20999(_at_)www5(_dot_)open-std(_dot_)org>, 
keld(_at_)keldix(_dot_)com writes:
On Wed, Sep 18, 2013 at 03:32:17PM +0100, Paul Smith wrote:
On 18/09/2013 15:11, keld(_at_)keldix(_dot_)com wrote:
The problems to solve are known for a long time, snooping on lines. 
We can rebuild a part of the internet in a safer version. To have a 
chance to make some impact, I believe it is necesary to build safer 
defaults into major MTAs like postfix and sendmail.

My concern is that while something like TLS will have an effect on 
criminals snooping on wireless networks etc, I can't see how it would 
definitely help against governments.

The issue is - how do I know that the mail server I am sending the 
message to is the one I should be sending the message to? If I don't 
know that with a good degree of certainty, then using TLS won't achieve 
security, because I could simply be dumping my messages on a compromised 

Yes, and that could even be done with plain SMTP.
Come on, TLS would be safer than plain unencrypted SMTP.

But you are right, we cannot be sure we are talking to the right server.
Governments have lots of ressources, and even for big countries it is 
feasible to set up fake servers for every SMTP server in the country.

Well one could start by looking at the reponse to the HELO/EHLO and
comparing the offered server name to the expected server name.  That
doesn't ever require TLS and is something that you need to fix when
deploying TLS.

Even RFC 821 suggested that one should be checking to ensure that
you are talking to whom you think you should be talking to.


      At the time the transmission channel is opened there is an
      exchange to ensure that the hosts are communicating with the hosts
      they think they are.

Lots of MITM attacks would be prevented by doing just such a check.

DANE can also be used secure TLS against fake CERTs.  Even governments
don't have the ability to fake the entire DNS.  They may be able
to inject false data for the CC they control by getting access to
the private keys for the CC but they don't have the ability for
other CCs.

If your CC doesn't support DNSSEC you need to ask your government

DNS, IP addresses and certificates could all be subverted by a 
government at a 'choke point' such as an international link. Even if I 
knew for certain that '' was the IP address I should be 
talking to (which is unlikely), it would be trivial for a router at a 
choke point to redirect that IP address to another machine instead of 
the one it was supposed to go to. If I am allowed to validate 
certificates (which is currently doubtful), then I'd have a bit more 
certainty, but, to be honest, can I trust that a CA won't issue fake 
certificates to a government?

There are friends out there. Eg CAcert. Good certificates are an orthogonal 
We can migrate SMTP to TLS, and we can at the same time one by one
get bad certificates replaced with good ones.
We can advise how to get good certificates too.

Yes, use TLS where you can - it won't do any harm, and is better than 
not using TLS - but don't expect it to do anything significant to stop a 
government from snooping if it wants to, except with pre-known 
certificate fingerprints. I'd be reluctant to risk breaking 
interoperability to force TLS usage, because of the dubious benefit.

Agreed, We cannot trust a big part of the internet, and we should not
break the interoperability we have now. But TLS would not do any harm, and it 
improve security in some areas of the world.

best regards
ietf-smtp mailing list
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka(_at_)isc(_dot_)org
ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>