Hi,

In the IETF there is currently some discussion to get new standards on
its way called MTA STS [1] (previously SMTP STS) and MUA STS[2]
(previously DEEP). Their intent is to get authenticated transport
encrypted TLS working for the email ecosystem. I find the MUA part less
interesting, because one can already resolve this manually by enforcing
TLS connections and verifying certificates, but the MTA part could fix
an important loophole of email insecurity.

Right now as you probably all know especially connections between two
mail servers can use encryption via STARTTLS, but the certificates are
often self-signed, don't match the hostname etc. and also the
encryption commands can just be stripped away by an active attacker.

The rough way it works is that a policy URL is published via DNS and
can then be fetched over HTTPS. The details are of course a bit
complicated, as it's a nontrivial problem.


I wanted to bring this up because obviously courier might be a project
interested in implementing this. Also right now would be the right time
if people want to influence the standards process and discuss whether
they have any concerns or ideas about this. The discussions happen in
the TLS UTA working [3].


[1] https://tools.ietf.org/html/draft-brotman-mta-sts-00
[2] https://tools.ietf.org/html/draft-ietf-uta-email-deep-05
[3] https://www.ietf.org/mailman/listinfo/uta

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: ha...@hboeck.de
GPG: BBB51E42

Attachment: pgp4mviWvZ1GO.pgp
Description: OpenPGP digital signature

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Reply via email to