From: Eric Rescorla <ekr@rtfm.com> Date: 11 Mar 2003 11:21:51 -0800 ietf1@ietf.org writes: > It did teach me the importance of protecting against the > man-in-the-middle attack. This is not often done, at least not by > default, in many STARTTLS implementations. Indeed. The problem is that it's pretty hard to determine a priori what certificate the peer server ought to be offering, due to mail relaying and MX records. This is a bigger problem than just SMTP. Any protocol that uses SRV records has this indirection and this problem. One (poor) solution to this is codified in draft-ietf-ldapext-locate-08: [when using TLS,] if the DN "cn=John Doe,ou=accounting,dc=example,dc=net" is converted to the DNS name "example.net", the server's name MUST match "example.net". which means that if an equivalent sort of mapping is done for instant messaging, an organization is going to have many many different servers all with the same certificate name of "example.net". This is especially poor when different servers are under different administrative control. Larry