Phillip Hallam-Baker wrote: > > In practice most email that is sent encrypted is encrypted using TLS. > If we had an infrastructure that allowed mail servers to know that > their corresponding servers required use of TLS, the man in the middle > downgrade attack could be defeated.
I'm sorry Phillip, but MTA<->MTA delivery with STARTTLS is thoroughly broken and effectively unfixable at the moment. Not only is there no secure algorithm to determine which domains use a TLS-enabled mail relay and which do not, but PKIX path validation can not be done because plenty of mail relays are using certs that do not validate under the (questionable) TLS X.509 PKI used by browsers, and server endpoint validation can not be done because exactly noone is carrying the Email domains in their SMTP Server certs for which these servers are authorized to receive mail, and several SMTP fanciers seem to be strongly attached to the idea that matching to the *result* of an MX lookup rather than to the EMail target domain would make sense security-wise (it doesn't). And then there are SMTP servers out there (e.g. @gmail.com), that, while being issued by a CA that is recognized under TLS X.509 PKI of browsers, neither matches the EMail target domain, nor does it match the insecure target of the MX record. In theory, DNSSEC could be used to solve several problems (indicating that a domain offers STARTTLS *plus* secure identification of acceptable MTA servers. But in the near term I expect a wide adoption of DNSSEC not more likely or faster than the wide adoption of IPv6 to solve the IPv4 address depletion... -Martin _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
