Hi Viktor, * Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> [31/10/2015 06:06:38] wrote: > Thanks for the paper, it contains a substantial quantity of useful > information. > > I am however rather disappointed by how some of the results are > interpreted, at least by non-experts: > > http://arstechnica.com/security/2015/10/dont-count-on-starttls-to-automatically-encrypt-your-sensitive-e-mails/ > > Offsetting that progress was a finding that about 770,000 SMTP > servers associated with the Alexa top million list still failed > to properly secure their systems. Only 82 percent of them > supported TLS, and of those, only 35 percent were properly > configured to allow one server to cryptographically authenticate > itself to another. That article is referencing another paper, presented at IMC15 by UMichigan, UCI and Google researchers, publicly available over here: http://conferences2.sigcomm.org/imc/2015/papers/p27.pdf ..there're also problems with some of the details in the article. (Yeah, we haven't yet got any media exposure :)) > What's missing here is that having trusted SSL certificates offers > zero protection for MTA-to-MTA SMTP. Any time/money spend on such > certificates is essentially wasted. Barring DANE or similar > out-of-band policy, certificates *cannot* protect MTA-to-MTA SMTP > from MITM attacks. > > I cringe every time someone bemoans the lack of "valid" certificates > in SMTP, such certificates are largely a worthless fashion statement. > (Some domains have bilateral arrangements with business partners > to verify email traffic certificates, but these arrangements are > exceedingly rare). Yes. But even for mail there're valid points to use official certificates (i.e. nodes clients talk to). For MTA to MTA communication various solutions have been suggested, to the best of my knowledge none is widely deployed so far. > STARTTLS is designed to thwart exactly one attack: *passive* wiretap. > It works as designed for just that attack. It is not surprising > that active attacks can and do defeat STARTTLS, What their paper does highlight is how vendor appliances actively *break* STARTTLS while performing their duties (i.e. some feature a customer might have actually payed for). It's an essential problem on the internet that middleboxes break legit internet-traffic. I've seen it in ISP-, educational and corporate environments. They also highlight that this technique is being used on a large scale by some states to essentially wiretap e-mail communication. > Hence, DANE for SMTP and related efforts. No mass-scale use of > end-to-end encryption is looming to save the day, so transport > security is finally getting the attention it deserves. My DANE > survey is at 9000 domains and counting, with adoption picking up > the pace a bit lately. Some domain hosting providers have implemented > tens of thousands of additional DANE domains that do not show up > in my surveys. It is still very early in the process, but I am > cautiously optimistic. Is data on your DANE survey publicly available anywhere or are there more details on that? I'd be very interested in the results. Thanks, Aaron
Attachment:
signature.asc
Description: Digital signature