From: Paul Hoffman / IMC <phoffman(_at_)imc(_dot_)org>
If only to set a good example for the world, could somebody please
arrange to have the IETF mailing lists, starting with this one, create
and publish its own certificate()s and notice and use STARTTLS?
If that happened and it was trumpeted, people would then start to
assume that SMTP over TLS assures that the messages that appear on
the list are securely the ones that were sent by the sender. Nothing
could be further from the truth. SMTP over TLS is a hop-by-hop
protocol, and protecting one hop in a chain does not protect the
chain. Further, it is the job of the SMTP server on each hop to
change the message, at least in the headers, and possibly in the body.
SMTP over TLS has many good features: it lets the two SMTP servers
authenticate each other, it prevents snooping, and it prevents active
attackers from changing messages. It does not prevent SMTP servers on
any hop from changing messages.
Giving folks a false sense of security is a bad example, not a good one.
So don't given false senses or otherwise misrepresent it as as having
anything to do with authenticating that the message is what the author
wrote. We surely don't need to do as bad marketeers and sales people do
and trumpet a good thing for bogus reasons.
The good example for the world I'm thinking of is fighting interception
proxies such as AOL's STMP interception proxy. Unlike S/MIME or whatever,
indications of the successful use of STARTTLS are at most hidden in the
Received headers. It would be hard to trumpet STARTTLS except when it
interferes with nefarious activities by causing SMTP to not work, such as
through interception proxies.
And yes, it's impotent even for that if you don't have a certificate
for the other end of the SMTP connection.
In other words, why are you giving aid and comfort to the bad guys
by arguing against the IESG using STARTTLS?
Vernon Schryver vjs(_at_)rhyolite(_dot_)com