Hi Viktor,
* Viktor Dukhovni <ietf-dane(_at_)dukhovni(_dot_)org> [31/10/2015 06:06:38]
wrote:
Thanks for the paper, it contains a substantial quantity of useful
information.
I am however rather disappointed by how some of the results are
interpreted, at least by non-experts:
http://arstechnica.com/security/2015/10/dont-count-on-starttls-to-automatically-encrypt-your-sensitive-e-mails/
Offsetting that progress was a finding that about 770,000 SMTP
servers associated with the Alexa top million list still failed
to properly secure their systems. Only 82 percent of them
supported TLS, and of those, only 35 percent were properly
configured to allow one server to cryptographically authenticate
itself to another.
That article is referencing another paper, presented at IMC15 by
UMichigan, UCI and Google researchers, publicly available over here:
http://conferences2.sigcomm.org/imc/2015/papers/p27.pdf
..there're also problems with some of the details in the article.
(Yeah, we haven't yet got any media exposure :))
What's missing here is that having trusted SSL certificates offers
zero protection for MTA-to-MTA SMTP. Any time/money spend on such
certificates is essentially wasted. Barring DANE or similar
out-of-band policy, certificates *cannot* protect MTA-to-MTA SMTP
from MITM attacks.
I cringe every time someone bemoans the lack of "valid" certificates
in SMTP, such certificates are largely a worthless fashion statement.
(Some domains have bilateral arrangements with business partners
to verify email traffic certificates, but these arrangements are
exceedingly rare).
Yes. But even for mail there're valid points to use official
certificates (i.e. nodes clients talk to). For MTA to MTA
communication various solutions have been suggested, to the best of
my knowledge none is widely deployed so far.
STARTTLS is designed to thwart exactly one attack: *passive* wiretap.
It works as designed for just that attack. It is not surprising
that active attacks can and do defeat STARTTLS,
What their paper does highlight is how vendor appliances actively
*break* STARTTLS while performing their duties (i.e. some feature a
customer might have actually payed for). It's an essential problem
on the internet that middleboxes break legit internet-traffic. I've
seen it in ISP-, educational and corporate environments. They also
highlight that this technique is being used on a large scale by some
states to essentially wiretap e-mail communication.
Hence, DANE for SMTP and related efforts. No mass-scale use of
end-to-end encryption is looming to save the day, so transport
security is finally getting the attention it deserves. My DANE
survey is at 9000 domains and counting, with adoption picking up
the pace a bit lately. Some domain hosting providers have implemented
tens of thousands of additional DANE domains that do not show up
in my surveys. It is still very early in the process, but I am
cautiously optimistic.
Is data on your DANE survey publicly available anywhere or are there
more details on that? I'd be very interested in the results.
Thanks,
Aaron
signature.asc
Description: Digital signature