[Top] [All Lists]

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-19 01:50:31
On 19/09/2013 02:32, Mark Andrews wrote:

Well one could start by looking at the reponse to the HELO/EHLO and
comparing the offered server name to the expected server name.
Not really. It would be trivial to set up SMTP servers which respond with different server names (even different capability responses etc) depending on the IP address which the connection comes in on.

Lots of MITM attacks would be prevented by doing just such a check.

DANE can also be used secure TLS against fake CERTs.  Even governments
don't have the ability to fake the entire DNS.
Really? Given that over half the DNS in the world is probably run on servers operated by a handful of companies, I find it difficult to believe that a determined government couldn't 'mirror' that with their own servers with different data - if it wanted to.

(BTW, I am not usually a conspiracy theorist, but if you are discussing finding a way to defend against government snooping, you have to think as one).

They may be able
to inject false data for the CC they control by getting access to
the private keys for the CC but they don't have the ability for
other CCs.
They could subvert any DNS data crossing their international data links, TLD doesn't matter, where the DNS servers are hosted matters.

"All" they have to do is intercept DNS data (relatively easy to detect) as it goes through choke points and alter it as they wish. If they have the resources to capture all SMTP data passing through choke points, they certainly have the resources to modify DNS data at those same places.

(Again, I'm not saying they have done any of this, but for the scenarios we're trying to defend against, we have to consider it).


Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>