ietf
[Top] [All Lists]

Re: IAB policy on anti-spam mechanisms?

2003-03-11 15:11:09
   From: Eric Rescorla <ekr(_at_)rtfm(_dot_)com>
   Date: 11 Mar 2003 11:21:51 -0800

   ietf1(_at_)ietf(_dot_)org writes:
   > It did teach me the importance of protecting against the
   > man-in-the-middle attack. This is not often done, at least not by
   > default, in many STARTTLS implementations.

   Indeed. The problem is that it's pretty hard to determine
   a priori what certificate the peer server ought to be offering,
   due to mail relaying and MX records.

This is a bigger problem than just SMTP. Any protocol that uses SRV
records has this indirection and this problem.

One (poor) solution to this is codified in
draft-ietf-ldapext-locate-08:

   [when using TLS,] if the DN "cn=John
   Doe,ou=accounting,dc=example,dc=net" is converted to the DNS name
   "example.net", the server's name MUST match "example.net".

which means that if an equivalent sort of mapping is done for instant
messaging, an organization is going to have many many different
servers all with the same certificate name of "example.net". This is
especially poor when different servers are under different
administrative control.

Larry