--On Wednesday, September 22, 2010 12:34:50 PM -0400 Barry Leiba
<barryleiba.mailing.lists@xxxxxxxxx> wrote:
There's a distinction, here, between a protocol and a user interface
for configuration. My mother doesn't know whom to trust, except that
she knows that she (at least kinda-sorta) trusts the mail program
she's decided to use, and an entity she calls "gmail" (not
"google.com", not "gmail.com", but just "gmail"). She's relying to
the mail program's "easy configuration feature" to sort this out.
The text I reviewed appeared to be saying normative things about what
client software MUST and MUST NOT do with regard to this sort of
configuration situation, which goes well beyond what the client
software is doing on the wire. Unless I'm mis-reading it, it's
explicitly saying that my client software is not allowed to do
something like this, for example:
1. Ask the user, "What email service do you use?"
2. Receive the answer "gmail" from the user.
3. Auto-configure itself for the known gmail servers based only on
that user input.
I think that's reasonable behavior _if_ the mail client knows that "gmail"
is "mail.google.com". What's _not_ reasonable is for it to arbitrarily
transform "gmail" into a domain by adding ".com", then look up "gmail.com"
and see that it is an alias for "mail.google.com" and not only follow the
(insecure) alias to mail.google.com but also use it to decide that
"mail.google.com" is an appropriate name to find in a certificate.
If your mother's mail client does that, then all I have to do to steal her
password is convince said client that "gmail.com" is actually an alias for
"stealgmailpassword.attacker.org".
_______________________________________________
Ietf mailing list
Ietf@xxxxxxxx
https://www.ietf.org/mailman/listinfo/ietf