Yes, STARTTLS is broken in precisely the way I pointed out. BUUUUT!
Now imagine that we have a mechanism that allows the mail server to state 'TLS is always offered'. The problem can be solved. On Wed, Feb 8, 2012 at 1:12 AM, Martin Rex <[email protected]> wrote: > Phillip Hallam-Baker wrote: >> >> In practice most email that is sent encrypted is encrypted using TLS. >> If we had an infrastructure that allowed mail servers to know that >> their corresponding servers required use of TLS, the man in the middle >> downgrade attack could be defeated. > > > I'm sorry Phillip, but MTA<->MTA delivery with STARTTLS is thoroughly > broken and effectively unfixable at the moment. > > Not only is there no secure algorithm to determine which domains use > a TLS-enabled mail relay and which do not, but PKIX path validation > can not be done because plenty of mail relays are using certs that > do not validate under the (questionable) TLS X.509 PKI used by browsers, > and server endpoint validation can not be done because exactly noone > is carrying the Email domains in their SMTP Server certs for which > these servers are authorized to receive mail, and several SMTP fanciers > seem to be strongly attached to the idea that matching to the > *result* of an MX lookup rather than to the EMail target domain > would make sense security-wise (it doesn't). > > And then there are SMTP servers out there (e.g. @gmail.com), that, > while being issued by a CA that is recognized under TLS X.509 PKI > of browsers, neither matches the EMail target domain, nor does > it match the insecure target of the MX record. > > > In theory, DNSSEC could be used to solve several problems (indicating > that a domain offers STARTTLS *plus* secure identification of acceptable > MTA servers. But in the near term I expect a wide adoption of DNSSEC > not more likely or faster than the wide adoption of IPv6 to solve > the IPv4 address depletion... > > > -Martin -- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
