On Thu, 23 Oct 2008, John C Klensin wrote: > > Any chance that someone could get motivated to generate an I-D, with > these documentation weaknesses fixed, and move it toward Draft Standard? > Certainly there are a sufficient number of interoperable implementations > to meet that particular requirement.
RFC 3207 is extremely weak from the security point of view. For example, it says "The additional option of using TLS when possible SHOULD also be provided." This option makes most MUAs vulnerable to man-in-the-middle attacks in common configurations. The RFC suggests a mechanism to mitigate this weakness - "An implementation MAY provide the ability to record that TLS was used in communicating with a given peer and generating a warning if it is not used in a later session" - but it's only a MAY and no-one actually implements it. There is no firm specification of how an SMTP implementation should use the results of TLS authentication, so in practice MTAs just ignore the results. (MUAs are better.) As a consequence many TLS certificates offered by MX hosts match neither the MX's mail domain nor its host name. A postmaster can only avoid this vulnerability by setting up a special bilateral agreement to require TLS certificate authentication between two MTAs, but this is impossible for general inter-domain email so TLS as deployed provides no protection against active atacks. There is no discussion of the mismatch between MX records and TLS certificate authentication. Even if the problems in the previous paragraph are fixed, an attacker can still eliminate any benefit of authentication by attacking the DNS. Since TLS authenticates the host name not the mail domain, it cannot detect that an MX has been redirected. There are other problems with the specification but I think those are the worst. Tony. -- f.anthony.n.finch <[EMAIL PROTECTED]> http://dotat.at/ NORTH UTSIRE SOUTH UTSIRE FORTIES CROMARTY FORTH: SOUTHWESTERLY 7 TO SEVERE GALE 9, PERHAPS STORM 10 LATER. VERY ROUGH OR HIGH, OCCASIONALLY ROUGH IN FORTH. RAIN OR SQUALLY SHOWERS. MODERATE OR POOR, OCCASIONALLY GOOD IN CROMARTY AND FORTH.
