On 19 Sep 2013, at 21:05, keld(_at_)keldix(_dot_)com wrote:
On Thu, Sep 19, 2013 at 06:42:05PM +0100, Sabahattin Gucukoglu wrote:
On 19 Sep 2013, at 17:33, keld(_at_)keldix(_dot_)com wrote:
On Thu, Sep 19, 2013 at 09:37:18AM +0200, Rolf E. Sonneveld wrote:
So first things first, let's start with a proper threat analysis.
I don't know how to write such an analysis, and it seems like red tape to
me.
I am just advocating that we migrate SMTP to TLS, and then I want a plan
that could evolve into an succesful migration, without hurting
interoperablity.
I've already explained in one way how interoperability is guaranteed to be
hurt, even if your threat model only includes passive attackers. And I'm
really not sure I'm happy about weakening TLS by making verification
optional without making it very clear to implementers that their choice to
use a CA-signed certificate is completely undermined for the sake of those
who don't, regardless of how pointless verification may be.
And I already outlined a way to accomodate your concerns.
You would strengthen SMTP security overall by employing TLS.
I understand that it is only a few SMTP implementations that have the problems
you described. And those implementations are most likely contaminated anyway.
CA-signen certifications are most likely also contaminated, and self-signed
certificates
are most likely having more chances of not being contaminated.
So interoperability isn't *that* important. I'm happy with people choosing
that option, as long as they realise that it's a precondition for your scheme.
I also need to point out that you've made many assumptions about
implementations and CAs. Do we really need to go there? If nothing else,
you're proposing nothing less than to undermine the entire CA industry--a sweet
thought, to be sure, but not likely to go down too well with said industry. :)
But look, what *is* your threat model? Who are you up against? What
capabilities do they have? Is this about Prism, or something much worse
involving active network attackers or server takeover? Without this we really
don't know how we can best solve the problem, and even if we did, we'd
probably disagree on the means, or the utility, or the interoperability
problems.
What are the requirements for the specs for a threat analysis?
Who made such a requirement?
Can you provide a link to the requirements?
And a good example of one?
Here's a general description of a threat analysis:
http://www.sans.org/reading_room/whitepapers/auditing/overview-threat-risk-assessment_76
I'm not a security person, but I think the idea is pretty straightforward:
figure out what it is we're worried about.
FWIW, I think Prism is what we should be worried about, but it's a baby step in
the scheme of things to simply turn on TLS everywhere with self-signed certs.
I'd much rather we pushed DNSSEC+DANE as that's the only thing which will cater
to stronger security requirements while also being interoperable with CA certs.
But perhaps you feel differently.
Cheers,
Sabahattin
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp