Q: opportunistic email encryption
Question: if you control the traffic layer you can easily disrupt opportunistic encryption (STARTTLS Co) by killing public key exchange, or even do a MITM. Is there any infrastructure in MTAs for public key caching, and admin notification if things look fishy? (Fishy: a host which used to do PKI with you suddenly says it can't, or its key differs from key you cached). (Okay, it's unlikely, but maybe people have been anticipating this).
Re: Q: opportunistic email encryption
On Fri, Nov 22, 2002 at 09:23:57PM +0100, Eugen Leitl wrote: | Question: if you control the traffic layer you can easily disrupt | opportunistic encryption (STARTTLS Co) by killing public key exchange, | or even do a MITM. | | Is there any infrastructure in MTAs for public key caching, and admin | notification if things look fishy? (Fishy: a host which used to do PKI | with you suddenly says it can't, or its key differs from key you cached). | | (Okay, it's unlikely, but maybe people have been anticipating this). Not that we've found. I did a little experimenting with huge SSL session timeouts and high log levels, but saw nothing logged that indicated that someone who should have had a key didn't. While what you propose is useful enough that I spent time looking for it, lets not let the best become the enemey of the good. Needing to disrupt a network connection is a huge cost for an Eve who prefers to avoid detection. Not an unpayable one, but not to be ignored. Adam -- It is seldom that liberty of any kind is lost all at once. -Hume
Re: Q: opportunistic email encryption
On Fri, Nov 22, 2002 at 09:23:57PM +0100, Eugen Leitl wrote: Question: if you control the traffic layer you can easily disrupt opportunistic encryption (STARTTLS Co) by killing public key exchange, or even do a MITM. An attacker can prevent opportunistic STARTTLS by modifying the STARTTLS tag in SMTP. Is there any infrastructure in MTAs for public key caching, and admin notification if things look fishy? (Fishy: a host which used to do PKI with you suddenly says it can't, or its key differs from key you cached). ssh does this. Eric
Q: opportunistic email encryption
Question: if you control the traffic layer you can easily disrupt opportunistic encryption (STARTTLS Co) by killing public key exchange, or even do a MITM. Is there any infrastructure in MTAs for public key caching, and admin notification if things look fishy? (Fishy: a host which used to do PKI with you suddenly says it can't, or its key differs from key you cached). (Okay, it's unlikely, but maybe people have been anticipating this).