[Top] [All Lists]

Re: [ietf-smtp] certificate pinning

2014-06-13 18:16:10
On Sun, Jun 8, 2014 at 1:34 AM, Evert Mouw <post(_at_)evert(_dot_)net> wrote:

On 06/08/2014 05:35 AM, Peter Bowen wrote:

What about bringing HSTS to SMTP as well?

S: 250-STSEC MAX-AGE=31536000

This would indicate that connections must use STARTTLS for future
connections.  Ideally, this would allow a client to directly issue
STARTTLS on connect, rather than EHLO (a protocol violation today),
reducing the amount of unencrypted data on the connection and speeding
up the connection sequence.

Would be nice to have. However, I could repeat my doubts about breaking
connectivity with all those mailservers out there that use self-signed
certificates (wat HSTS does). I advocate the use of DANE. If support for
DANE would be mandatory for a "HSTS for SMTP", then it would be a great

I don't want to prevent self-signed certificates.  Presumably, at the
least, they would still work without pining, they would just be open to
MITM (ie, no better than now).

Depending on the spec, there's nothing preventing us from allowing a pin
without root validation, but I'm not a security expert enough to know if
that leaves other holes.

ietf-smtp mailing list