On Thu, Sep 19, 2013 at 09:37:18AM +0200, Rolf E. Sonneveld wrote:
I have yet to see the threat analysis. IMHO it makes little sense
discussing all sorts of possible scenario's and solutions without first
determining what data/information to protect and what the threat is in
case data/information is disclosed to third parties. In that respect,
mail from a marketeer to his customer base is different from mail that
is sent by a whistle-blower.
Likewise, integrity of data, confidentiality of data and authenticity of
server/client are all different things and each of them need to be
addressed in:
a) the threat analysis
b) the solution to address these threats
So first things first, let's start with a proper threat analysis.
I don't know how to write such an analysis, and it seems like red tape to me.
I am just advocating that we migrate SMTP to TLS, and then I want a plan
that could evolve into an succesful migration, without hurting
interoperablity.
But elements of a risk analysis could be:
Snooping og transmission is becoming more widespread, and thus a greater risk.
Encryption is probably one of the few mechanisms that still provides
some protection against snooping. SMTP has a mechanism for using encryption
in the form of TLS, with the STARTTLS command.
This BCP outlines best practices that can retain good interoperability and then
provide for a migration to have all SMTP traffic encrypted.
The specification does not alter integrity of datar.s
For confidentiality of sender and receiver, using STARTTLS will encrypt these
data,
while MTA to MTA TCP/IP connections will still be visible in the clear.
Autentifications of sender and receiver is not intended to be improved,
although externally signed certificates for the TLS can improve it.
IGiven the sate of trust that can currently be given to some certificate
vendors,
self-signed certificates are an integrated part of the best practices, and
self-signed
certificates should not be penalized in the recommendations.
I would appreciate if somebody could help enhancing the text, if this is deemed
necessary.
best regards
keld
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp