Why are there any efforts to remove old TLS versions from every major software application and operating system? Are all of these security experts and corporations just playing a game with TLS versions, or is there perhaps something to this security practice?
Because browsers won't fall back to plaintext, there are even methods to further prevent that (HSTS). Not to mention that web servers will upgrade their offering in order to stay accessible. They have the agility.
If you've got validated certificates and MTA-STS in the play and some megacorporations flipping that switch on MTAs then we could do the same, but that isn't the case. We don't even have MUA-STS, the two ecosystems are just so far apart at this point in terms of cryptography that these comparisons are borderline bad.
Both being insecure, only one of the two involves your server negotiating and reporting to the third party that you are accepting it over a secure connection. Which is basically a lie. Plain isn't a lie, and that's worth something.
You can't consider it a lie if nobody is asking the question in the first place. Gmail /might/ show when an email was delivered in plaintext as *insecure* it does not display transport-encrypted emails as *secure*. What displays transport encryption as "secure"?
Where as if you say "This is a secure line" and it isn't because the other party either doesn't know what they're doing or is the victim of a downgrade attack (through whatever attack vector that came from) then the other party walks away saying "I transmitted secure data" and to them it's over. Playing either role in that situation is bad, but being the intelligent admin who cares none for the other guy is worse than just saying up front: "This isn't secure, plan accordingly."
That's not correct in this case though, without MTA-STS (which is**rare), it will just be transmitted in plaintext. The "plan accordingly" is just gonna be "Ok, I'm gonna tell you anyways".
That aside, it would really take *effort* to configure your MTA to provide TLS as bad as plaintext (e.g. null or export ciphersuites), but at that point those attacks are kinda your fault. That applies against both passive eavesdropping and active attackers. MUAs might be a tad different, but those don't support the worst TLS has to offer anyways. The weak stuff that is still enabled would still take a while to attack or crack.
I mean, it should be fairly obvious that people won't wait until the previous iteration gets utterly demolished before switching to the new one, they still hold to some extent. This "purism", if one can call it that, has kinda made you miss the original goal and lose perspective of future improvements.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
