On Tue, Jun 3, 2014 at 8:49 PM, Andy Bradford <[email protected]> wrote: > While that might sound secure, shouldn't one ask just what this is > protecting against and what are the risks? Are their any SMTP MTAs > (client side) that require you to verify the fingerprint of the SMTP > server to which it relays email? Do they refuse to deliver email if it > changes and notify you that the fingerprint is not what was expected? > How many SMTP servers use untrusted certificate chains vs self-signed > certificates? > > Given the current poor state of SMTP+SSL security, what prevents those > in the middle from successfully executing MITM against your SMTP > server/client software? (I am not talking about MUAs). Is it perhaps > ``good will'' or ``good faith?'' > > I will concede that if the attacker is passive then SSL will at least > protect against passive sniffing, but if they have the ability to get a > passive session, then they are one step removed from having an active > session. > > The best way to ensure end-to-end security in email is still PGP. > Anything else is just security theatre.
Not quite. End-to-end encryption via PGP or S/MIME is still the best, but that doesn't mean any other protections are worthless. SMTP+SSL does defend against many attack vectors. It is certainly not useless. Passive sniffing is way more common than you think. Example, the AT&T closet sniffer the NSA uses (1). Also, there is the theoretic future when all SMTP providers will have verifiable certificates and we can force strict SSL. It will never happen using your attitude. If you want statistics on the usage of STARTTLS you can read the blog from Facebook (2). It is quite large and growing. Refusing security because it isn't perfect is silly. Security has many layers and attack vectors. Why not work against as many as you can simultaneously. 1. http://en.wikipedia.org/wiki/Room_641A 2. https://www.facebook.com/notes/protect-the-graph/the-current-state-of-smtp-starttls-deployment/1453015901605223 /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
