On Tue, Feb 02, 2016 at 09:00:02PM -0500, Derek Atkins wrote:
Have you disabled non-TLS SMTP transport, too?
That would clearly be premature.
If not, isn't there a chance that disabling SSLv3 will cause *SOME*
email to fallback to non-encrypted?
A very small chance, but given the rapidly diminishing and already
negligible fraction of systems that are only capable of SSLv3, this
is an acceptable cost of reducing the attack surface and opportunities
for downgrade and other attacks against the vast majority of
remaining systems.
I'm glad to see active support for the positions expressed in
RFC7435, and indeed one generally gets more security by raising
the ceiling (making stronger crypto available) than by raising the
floor (requiring stronger crypto than was previously acceptable).
However, after making stronger crypto available for long enough,
and reaching sufficient deployment levels that obsolete crypto is
legitimately almost never needed, it is eventually time to move on
and raise the floor too.
I am quite comfortable at this time with a requirement of better
than SSLv3 for SMTP on the public Internet.
--
Viktor.