previously on this list Gilles Chehade contributed: > > that connection can be man-in-the-middle'd, which leads to the attacker > > being able to make it appear so that the mailserver doesn't support > > STARTTLS. > > > > I've seen this in practice at my old school for one. > > > > Yes, I know that :-) > > But I don't understand why it is a problem. > > OpenSMTPD does opportunistic-TLS and an attacker doing a MITM will only > be able to skip STARTTLS in a situation where..., well... we would have > falled back to plaintext anyway if the server didn't offer STARTTLS.
RFC 3207 I may well have confused you by the race part as my memory was obviously hazy and I was thinking there were multple TCP sessions involved, sorry about that. I need to re-learn utilising greater consideration before posting. _______________________________________________________________________ A man-in-the-middle attack can be launched by deleting the "250 STARTTLS" response from the server. This would cause the client not to try to start a TLS session. Another man-in-the-middle attack is to allow the server to announce its STARTTLS capability, but to alter the client's request to start TLS and the server's response. In order to defend against such attacks both clients and servers MUST be able to be configured to require successful TLS negotiation of an appropriate cipher suite for selected hosts before messages can be successfully transferred. The additional option of using TLS when possible SHOULD also be provided. An implementation MAY provide the ability to record that TLS was used in communicating with a given peer and generating a warning if it is not used in a later session. _______________________________________________________________________ However with SMTPS using a dedicated port means everything is encrypted from the getgo and bugs causing downgrade attacks have been fixed rather than it being a design problem. I guess what I was wondering was if anything has improved or if the last sentence above could be utilised or optionally rejected rather than warned about whilst taking onboard DOS. In my latter email I see now that I was forgetting that all a client sends is an EHLO and in any case the following could be modified by the attacker in the first place. EHLO mail.example.com STARTTLS-ENABLED -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________ -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org