On Wed, Feb 11, 2015 at 10:55 PM, Ángel González <an...@16bits.net> wrote:
> Jeff Potter wrote:
> > (I don’t understand why Apple doesn't use SRV records — when you
> > enter an email address, they make an HTTPS connection to their
> > servers with the domain to see if they can auto-setup the results
> > for the user, but there’s no clear way to get into their system.
> > I suppose SRV records open up some DNS MITM attacks during initial
> > setup? I don’t get it.)
>
>
> You may be interested on the reasons why gnome evolution mail client
> does the same as Apple :
> https://git.gnome.org/browse/evolution/tree/mail/e-mail-autoconfig.c#n18
Barnes's analysis is decent enough, but he seems unfamiliar with his
competition, e.g. Outlook and Thunderbird, which by connecting to a
autoconfig service discovers what the username is, and what the SMTP and
POP/IMAP service settings should be.
This is at least slightly orthogonal to the point of the SRV records, and
Barnes seems to have misunderstood the "Guidance for MUAs" section of RFC
6186.
The main problem with RFC 6186, is that it came into being after Outlook
and Thunderbird started using autoconfiguration systems which have no need
for RFC 6186, so the incentives for supporting RFC 6186 are few.
Combine e.g. Thunderbird's chosen solution (
https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration)
with DNSSEC-secured domainnames, and DNS spoofing becomes far more
difficult than it ever was.
--
Jan
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
