ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors

2013-09-19 11:33:31
from [keld] [Permanent Link] 
On Thu, Sep 19, 2013 at 09:37:18AM +0200, Rolf E. Sonneveld wrote:


I have yet to see the threat analysis. IMHO it makes little sense 
discussing all sorts of possible scenario's and solutions without first 
determining what data/information to protect and what the threat is in 
case data/information is disclosed to third parties. In that respect, 
mail from a marketeer to his customer base is different from mail that 
is sent by a whistle-blower.

Likewise, integrity of data, confidentiality of data and authenticity of 
server/client are all different things and each of them need to be 
addressed in:

a) the threat analysis
b) the solution to address these threats

So first things first, let's start with a proper threat analysis.


I don't know how to write such an analysis, and it seems like red tape to me.
I am just advocating that we migrate SMTP to TLS, and then I want a plan
that could evolve into an succesful migration, without hurting
interoperablity.

But elements of a risk analysis could be:

Snooping og transmission is becoming more widespread, and thus a greater risk.
Encryption is probably one of the few mechanisms that still provides
some protection against snooping. SMTP has a mechanism for using encryption
in the form of TLS, with the STARTTLS command.

This BCP outlines best practices that can retain good interoperability and then 
provide for a migration to have all SMTP traffic encrypted.

The specification does not alter integrity of datar.s

For confidentiality of sender and receiver, using STARTTLS will encrypt these 
data,
while MTA to MTA TCP/IP connections will still be visible in the clear.

Autentifications of sender and receiver is not intended to be improved,
although externally signed certificates for the TLS can improve it.
IGiven the sate of trust that can currently be given to some certificate 
vendors,
self-signed certificates are an integrated part of the best practices, and 
self-signed
certificates should not be penalized in the recommendations.

I would appreciate if somebody could help enhancing the text, if this is deemed
necessary.

best regards
keld
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, keld
Next by Date:  Re: [ietf-smtp] threat models, guidance on how to secure against sniffing and paid backdoors, John Levine
Previous by Thread:  Re: [ietf-smtp] guidance on how to secure against sniffing and paid backdoors, Rolf E. Sonneveld
Next by Thread:  Re: [ietf-smtp] threat models, guidance on how to secure against sniffing and paid backdoors, John Levine
Indexes:  [Date] [Thread] [Top] [All Lists]