On 2022-04-28 at 07:36:45 UTC-0400 (Thu, 28 Apr 2022 14:36:45 +0300)
Henrik K <[email protected]>
is rumored to have said:
On Thu, Apr 28, 2022 at 07:26:41AM -0400, Kevin A. McGrail wrote:
We discussed this a year or two ago. The data on there is not
sensitive and
is cryptographically verified by spamassassin before being used. Can
you
name a single reason the data needs to be encrypted in transit?
Targeted host impersonation attacks. Even if an attacker couldn't inject
a signed package using the right key this way, they could prevent
updates by injecting an old package with a new name or arbitrary signed
packages using an impersonating key.
I think it is only prudent to treat SA rules and config as code, and
assume that a malicious actor who can inject arbitrary rules and config
can take over a machine, particularly on machines using spamd (often
running as root so that it can support per-user rules.) We've closed the
obvious paths for that, but I don't think we can or should assume that
the worst thing bad rules can do is make SA mislabel mail (bad enough in
itself.)
It's only verified if the user chooses to do so, is not downloading
stuff
manually or whatever. Regardless, can YOU name a single reason why
transmitted data should not be encrypted in the year 2022, as it's
trivial
to do so? Strange debate from a security expert.
We've already seen one described in this thread by a mirror admin. It is
apparently non-trivial to set up and maintain a working certificate
configuration. Host authentication is the one compelling reason for
using HTTPS with public data, so being lenient in certificate validation
is not a solution.
--
Bill Cole
[email protected] or [email protected]
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
