Thus said Lonnie Olson on Tue, 03 Jun 2014 10:13:07 -0600: > Additionally, I recommend enabling opportunistic SSL on both inbound > and outbound SMTP connections over port 25. This will encrypt even > more SMTP traffic when possible, and is the good neighbor thing to do.
While that might sound secure, shouldn't one ask just what this is protecting against and what are the risks? Are their any SMTP MTAs (client side) that require you to verify the fingerprint of the SMTP server to which it relays email? Do they refuse to deliver email if it changes and notify you that the fingerprint is not what was expected? How many SMTP servers use untrusted certificate chains vs self-signed certificates? Given the current poor state of SMTP+SSL security, what prevents those in the middle from successfully executing MITM against your SMTP server/client software? (I am not talking about MUAs). Is it perhaps ``good will'' or ``good faith?'' I will concede that if the attacker is passive then SSL will at least protect against passive sniffing, but if they have the ability to get a passive session, then they are one step removed from having an active session. The best way to ensure end-to-end security in email is still PGP. Anything else is just security theatre. Andy -- TAI64 timestamp: 40000000538e896b /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
