On Thu, 13 Nov 2008, Mark Andrews wrote: >In message <491B7C7E.70900@xxxxxxxxxxxx>, Dave CROCKER writes: >>Mark Andrews wrote: >>>In message <alpine.LSU.2.00.0811121752110.14367@xxxxxxxxxxxxxxxxxxxxxx>, Tony Finch writes: >>>> >>>> SMTP over TLS to an MX does NOT protect against man in the middle attacks. >>> >>> It does when you turn on DNSSEC >> >> Perhaps I'm not understanding, but I think you just confirmed that Tony's >> statement was correct. > > No. To protect against man-in-the middle you need to know with whom you > are supposed to be talking. SMTP over TLS will do that provided you have > that knowledge. One way to aquire that knowledge is to use DNSSEC to > prevent spoofed MX records. You also need the server to provide a verifiable TLS certificate. The vast majority of them are not. This problem is perhaps even harder to fix than the lack of DNSSEC. http://www.imc.org/ietf-smtp/mail-archive/msg05366.html > Another way is to use configuration information. Which is useful for a few select senders and recipients, but doesn't scale to all the external destinations a site might use. > You also need to configure you MTA to not use plain SMTP if STARTTLS is > not offered by MTA. This can be done globally or on a MTA by MTA basis. Which would mean you can only send email to a vanishingly small number of destinations. > Having the ability to signal if the MTA is supposed to offer STARTTLS in > the DNS would remove the downgrade attack path, in the general case. Right, there are several improvements of this kind that need to be made to the protocol before it can provide widespread security without explicit per-recipient configuration at every sending site. ESMTP STARTTLS has its place - it works OK for message submission - but I think we need something different for TLS to MXs. Tony. -- f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/ SOUTHEAST ICELAND: SOUTHWESTERLY VEERING NORTHEASTERLY, 5 TO 7, VEERING SOUTHWESTERLY IN FAR SOUTH LATER. ROUGH OR VERY ROUGH. RAIN OR SQUALLY SHOWERS. MODERATE OR GOOD, OCCASIONALLY POOR. _______________________________________________ Ietf@xxxxxxxx https://www.ietf.org/mailman/listinfo/ietf