Re: [mailop] ECC Certificate for SMTP TLS

Mon, 18 Nov 2024 05:53:21 -0800 

On Mon, Nov 18, 2024 at 01:08:19PM +0000, Gellner, Oliver via mailop wrote:

> On 18.11.2024 at 13:33 Fehlauer, Norbert via mailop wrote:
> > is using ECC certificates for SMTP TLS (sending/receiving) something
> > thats a common thing nowadays or does that involes the risk of not
> > being reached via SMTP TLS at all from the majority of senders?

Yes, ECC certs are generally interoperable, but there is a small
elevated risk of problems in comparison with RSA.

> This is a certificate currently used by one of Gmails MX:
> https://crt.sh/?id=15026159353 ECC should be supported in all
> libraries since a couple of years, so it depends how often your MTA
> receives wanted messages from very old software stacks. If you need
> maximum compatibility, you should stay with RSA.

+1.  Saving a few bytes transmitting certs is not that compelling with
SMTP, so there's a reasonable case for sticking with RSA.

That said, many MX hosts do use ECC certs, especially with IIRC Let's
Encrypt under some conditions choosing to issue EC certs when there's no
explicit preference from the user.

Top 10 TLS protocol/cipher/cert choices among DANE MX hosts seen by the
survey (https://stats.dnssec-tools.org):

      30421     TLS 1.3 with TLS_AES_256_GCM_SHA384,X25519,PubKeyALG_RSA
 -->   3738     TLS 1.3 with TLS_AES_256_GCM_SHA384,X25519,PubKeyALG_EC
       1291     TLS 1.3 with TLS_AES_256_GCM_SHA384,P256,PubKeyALG_RSA
       1021     TLS 1.2 with TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,P256
        919     TLS 1.3 with TLS_AES_256_GCM_SHA384,P384,PubKeyALG_RSA
        793     TLS 1.2 with TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,X25519
 -->    714     TLS 1.2 with TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,X25519
        364     TLS 1.2 with TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,P384
 -->    305     TLS 1.3 with TLS_AES_256_GCM_SHA384,P256,PubKeyALG_EC
        180     TLS 1.2 with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,X25519

As you can see EC is used at just around 10% of these MX hosts.  So
certainly widely enough that one can expect most senders to support EC,
but at the margins RSA is still "safer".

-- 
    Viktor.
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

Reply via email to