> > From: Jeffrey Hutzelman [mailto:jhutz@xxxxxxx] > > > > On Thursday, September 07, 2006 08:12:44 PM -0700 > > "Hallam-Baker, Phillip" > > <pbaker@xxxxxxxxxxxx> wrote: > > > > > The solution to this particular problem is to use SSL as the transport. > > > IMAP and POP both support this use. It is a trivial matter > > to discover > > > that IMAPS is supported using an SRV record. > > > > Of course, if you depend on this technique to determine > > whether TLS should be used, you are subject to a downgrade > > attack which not only exposes your password to a dictionary > > attack, but also makes it fairly simple for an attacker to > > gain access to the server as you _without_ carrying out such > > an attack. > How so? > The attacker cannot downgrade the server security, particularly if the server > does not support unencrypted IMAP or POP. I don't think the lack of support for unencrypted IMAP or POP is quite sufficient. What's to stop an attacker acting as a MITM (by publishing a bogus SRV record or whatever) getting an unencypted connection and turning around and connecting to the server using encryption? Either a client key check on the server or the client requiring encyption and checking the server cert will address this, I believe. > If you deploy DNSSEC the downgrade attack can be eliminated. That prevents one MITM attack vector, but there may be others. However, just because this and other attacks are real doesn't mean that there's no security gain from a setup that's subject to downgrade attacks. Often as not it is far more difficult to mount a MITM attack than it is to mount to perform passive eavesdropping. Ned _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf