On 11/05, Gilles Chehade wrote:
Hi,On Mon, May 11, 2015 at 07:25:19AM -0700, Seth wrote:At this point you might think you can make a choice: "I'll require encryption on all my connections and accept the tradeoff of only receiving from and delivering to servers that support STARTTLS". Or, "I'll make a whitelist of known domains for which I require STARTTLS because I know they support it".This is what you can achieve with "require-tls" ...
There is one server which has a feature to automatically save domains to a whitelist to always force TLS on, though I don't remember which one. It seems like it could be nice to implement if it wouldn't be too hard.
Opportunistic encryptionI can't honestly recall if we still do this without checking first, but there was some code in OpenSMTPD to always attempt SMTPS before attempting STARTTLS when trying to do opportunistic crypto. This means that for hosts that would setup both SMTPS and STARTTLS, we would always take SMTPS. In practice, I'm not even sure we still do this because our stats showed that we _never_ exchanged with a host over SMTPS, no hosts ever offers it. We want through several refactors, I can't even promise that this is still the case but I think it was a good strategy, even though it proves useless in practice...
Yeah, that seems like a good thing to offer even if it isn't used much, especially combined with the above suggestion. (I for one support SMTPS, for one due to having personally experienced STARTTLS stripping MITM.)
DNSSECDANE offers good protection about this, I actually have prototype code for DANE support in OpenSMTPD but: 1- it requires libasr to support DNSSEC, otherwise we just moved the MITM issue to the DNS protocol ;-) 2- DNSSEC is still painful to setup, no one does it unfortunately :-/
That's cool, do you have it public somewhere? And do you know how much work it would be to support DNSSEC in libasr?
-- Sincerely, Johannes Löthberg PGP Key ID: 0x50FB9B273A9D0BB5 https://theos.kyriasis.com/~kyrias/
signature.asc
Description: PGP signature
