Re: proposed text for crypto-policies in Packaging Guidelines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- Original Message -----
> From: "Eric H. Christensen" <sparks@xxxxxxxxxxxxxxxxx>
> To: "Reindl Harald" <h.reindl@xxxxxxxxxxxxx>
> Cc: security@xxxxxxxxxxxxxxxxxxxxxxx
> Sent: Friday, 8 August, 2014 3:44:40 PM
> Subject: Re: proposed text for crypto-policies in Packaging Guidelines
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
> 
> On Fri, Aug 08, 2014 at 03:36:51PM +0200, Reindl Harald wrote:
> > 
> > Am 08.08.2014 um 15:21 schrieb Nikos Mavrogiannopoulos:
> > > Postfix is a different kind of beast though. It does not typically use
> > > TLS, but uses some kind of opportunistic security that allows anonymous
> > > ciphersuites. So it's a bit hard to enforce anything there, as
> > > man-in-the-middle attacks are possible by design
> > 
> > and keep in mind in case of opportunistic TLS if you restrict
> > ciphers and the SMTP client don't support what you offer it
> > falls back to completly plaintext which defeats the intention
> 
> Falling back to an insecure cipher only provides a false sense of security
> which isn't any better than plaintext.

the alternative is no encryption at all, so it is more secure than plain
text

and until most SMTP servers won't have properly configured TLS with
certificates, it will have to remain like this

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
Email: hkario@xxxxxxxxxx
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux