On Wed, 30 Oct 2024, Martin Thomson wrote:
This isn't some complex or nuanced thing. It's about whether the IETF thinks that STARTTLS is necessary to address the threat model.
.....
It is store-and-forward, with nearly all messages taking more than one hop, so end to end whatever does not apply.
And most importantly, it is sender-push rather than recipient-pull, so you have no control over what you receive.
This triggered a vague memory and led to me taking a quick look at 5321 and the draft. Section E.1 talks about the TURN command which does something that is not exactly sender-push or recipient-pull. The command has been deprecated at least since 2001 - but in a somewhat wishy-washy way:
This command, described in RFC 821, raises important security issues since, in the absence of strong authentication of the host requesting that the client and server switch roles, it can easily be used to divert mail from its correct destination. Its use is deprecated; SMTP systems SHOULD NOT use it unless the server can authenticate the client.
In this new version of the document - perhaps we make this more
directive? E.g. either prohibit it (obsolete it) entirely, or do
a MUST be rejected unless provided inside a client-cert
authenticated TLS session or be more specific about what
"authenticate the client" means?
I'm now kind of curious how many SMTP servers still support TURN.
Later, Mike
ps - I believe at one point the email system at Mc Murdo station
used TURN as its satellite connectivity at the time was very
intermittent. But that would have been pre Iridium.
-- last-call mailing list -- last-call@xxxxxxxx To unsubscribe send an email to last-call-leave@xxxxxxxx
