--On Tuesday, November 10, 2015 16:41 +0100 Simon Josefsson
<simon(_at_)josefsson(_dot_)org> wrote:
John C Klensin <john-ietf(_at_)jck(_dot_)com> writes:
You may reasonably
claim that those criteria are almost never satisfied today and
that almost all TLS connections between SMTP sender and SMTP
receiver are made in the same casual way that almost all HTTPS
ones are.
That is far from true -- all significant web browsers out
there validate HTTPS certs against a pre-distributed CA
bundle, and reject connections when that fails. SMTP servers
in general never reject connections when cert checking fails.
You may argue that CAs perform casual checking, but it is
distinctly better than permitting any certificates as in the
SMTP world.
Simon,
This is, IMO, less a matter of true or falsity but a question of
who one trusts and why. I understand that the general pattern
of SMTP servers is to not reject connections unless they can
verify the cert. However, in the web browser case, it appears
to be fairly easy (especially if money changes hands) to get a
CA into that bundle. Many CAs, including some those who
typically appear in those bundles, are willing to issue a cert
on the basis that someone appears to "own" a domain name and can
receive mail at an address in that domain. And many domain name
registrars do no identity verification at all beyond ability to
pay (and are happy to obscure much of the information).
One way to summarize our disagreement is that your last sentence
says "...distinctly better" where I would have said "...really
not much better".
A different way to look at the problem is to ask the question of
what sort of threat one is trying to protect against. If the
answer is "casual eavesdropping", then probably any cert, even a
self-signed one, will do. If the answer is "protection against
a determined attacker who has resources and is willing to invest
them", then I don't think much of certificates that involve only
casual or indifferent checking by the issuer.
YMMD and probably does.
john