[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ietf
Subject:    Re: E-Mail Protocol Security Measurements
From:       John C Klensin <john-ietf () jck ! com>
Date:       2015-11-10 17:24:48
Message-ID: 51290828AD0E1832D184EE04 () JcK-HP8200 ! jck ! com
[Download RAW message or body]



--On Tuesday, November 10, 2015 16:41 +0100 Simon Josefsson
<simon@josefsson.org> wrote:

> John C Klensin <john-ietf@jck.com> writes:
> 
>> You may reasonably
>> claim that those criteria are almost never satisfied today and
>> that almost all TLS connections between SMTP sender and SMTP
>> receiver are made in the same casual way that almost all HTTPS
>> ones are.
> 
> That is far from true -- all significant web browsers out
> there validate HTTPS certs against a pre-distributed CA
> bundle, and reject connections when that fails.  SMTP servers
> in general never reject connections when cert checking fails.
> You may argue that CAs perform casual checking, but it is
> distinctly better than permitting any certificates as in the
> SMTP world.

Simon,

This is, IMO, less a matter of true or falsity but a question of
who one trusts and why.    I understand that the general pattern
of SMTP servers is to not reject connections unless they can
verify the cert.  However, in the web browser case, it appears
to be fairly easy (especially if money changes hands) to get a
CA into that bundle.  Many CAs, including some those who
typically appear in those bundles, are willing to issue a cert
on the basis that someone appears to "own" a domain name and can
receive mail at an address in that domain.  And many domain name
registrars do no identity verification at all beyond ability to
pay (and are happy to obscure much of the information).   

One way to summarize our disagreement is that your last sentence
says "...distinctly better" where I would have said "...really
not much better".

A different way to look at the problem is to ask the question of
what sort of threat one is trying to protect against.  If the
answer is "casual eavesdropping", then probably any cert, even a
self-signed one, will do.   If the answer is "protection against
a determined attacker who has resources and is willing to invest
them", then I don't think much of certificates that involve only
casual or indifferent checking by the issuer.

YMMD and probably does.

    john

[prev in list] [next in list] [prev in thread] [next in thread]