On Sun, 23 Feb 2014, Viktor Dukhovni wrote:
smtp_tls_verify_certs=whenpossible
SMTP is not HTTP. Due to MX indirection, peer authentication is
not possible without explicit per-destination configuration. Once
you've gone to all that trouble, you may as well configure a "secure"
channel.
I know that there are many side-effects and things which don't work, but
that does not mean that one can at least try? For a lot of domains there
is a MX entry and only that server is responsible. So when a SMTP
connection is made, can't at least the logfile say that cert and MX match?
And I'm aware that even that wont help, as DNS is insecure.
If you want scalable security for SMTP, become an early adopter of
DANE TLS, available in Postfix 2.11. Today, you'll be able to
opportunistically authenticate the handful of DNSSEC signed domains
that publish TLSA records for SMTP. Over time, I hope that handful
will grow to a decent fraction of SMTP sites.
Oh yes - DNSSEC. When will it come? In hundred years? Does that mean, that
when we can't have that, then we can't even try get the best security
available and always try the minimum?
Busy MTAs send mail to a lot of hosts and domains, and their
certificates change from time to time. Naive client-initiated
pinning is too unreliable.
I know, I know. Using CertPatrol for Web pages showed me, that some
multi-homed sites change the certificate like after a few minutes, because
you move to another server with a different cert.
I only hate this "either we do it 100% secure or not at all" attitude.
What's the result? People still use mostly unencrypted transmission,
because they get told that encryption does not help, because it is SOOO
easy to circumvent. Even the NSA effect is already fading and there is no
real change.
Can't postfix simply try to detect what level of trust is possible and
report that?
1) unencrypted
2) encrypted
3) with a known cert
4) with a trusted cert matching the hostname
5) with a trusted cert matching the hostname + hostname == reverse DNS
6) DNSSEC
whatever else there is...
And step-by-step improve it?
Sorry, probably this is not the right place to complain, but I hear the
same arguments for so many years now and there is no progress. The
algorithms get better and better, but no progress in adopting useful
methods to use them. And seeing the big-money certificate system for SSL
which gives trust away to some uncontrollable companies and governments
also does not help a lot (probably even trying to prevent any wide
adoption of DNS based certs, because they will kill their model to earn
money).
Ciao
--
http://www.dstoecker.eu/ (PGP key available)
