ietf-smtp
[Top] [All Lists]

Re: [ietf-smtp] Two recent Internet-Drafts about using TLS with email protocols

2013-10-25 13:44:47
I mentioned "conditions that make MitM harder" as this is just to help
understand and debug the delivery chain in general which I thought was the
intent of this subthread. Of course an active MitM could write whatever
they want with the content, and depending on this information for securing
a link isn't a good idea.

-Wei


On Fri, Oct 25, 2013 at 11:30 AM, Brandon Long <blong(_at_)google(_dot_)com> 
wrote:

Given that you can only trust the last Received header, I'm not clear what
is accomplished.

Brandon


On Fri, Oct 25, 2013 at 11:23 AM, Wei Chuang <weihaw(_at_)google(_dot_)com> 
wrote:

Perhaps adding information about whether DNSSEC was used, as well as the
strength of the certificate verification would be useful?  This is to help
detect conditions that make MitM harder for an adversary.  For certificate
info- whether certificate was self signed, or if the signed by CA, and
whether the chain could be verified against DANE TLSA record, or by
certificate transparency.

-Wei

On Fri, Oct 25, 2013 at 6:01 AM, John Levine <johnl(_at_)taugh(_dot_)com> 
wrote:

Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com
 (Postfix) with ESMTPS ciphersuite SSL_RSA_WITH_RC4_128_MD5 id
737EC11E8372;
 Wed, 23 Oct 2013 10:48:15 -0700 (PDT)

or something along those lines.

Having recently added TLS to my mail daemon, I've been looking at various
ESMTPS and ESMTPSA received headers.  Most of them put cipher info in
a comment.  Since we all seem to log that info anyway, it might be worth
inventing a standard syntax for it.

R's,
John
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp



_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp



_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
<Prev in Thread] Current Thread [Next in Thread>