On Mon, Feb 24, 2014 at 06:35:43PM +0100, Dirk St?cker wrote:
> >The absence of observed variation does not mean nothing of relevance
> >has changed, and the presence of benign observed changes drowns out
> >the malicious ones, assuming that the malicious party is stupid
> >enough to reveal itself.
>
> Well, if the only output of the software is what it is now, the bad
> guys don't actually need to do anything to hide.
Postfix already offers protection against passive eavesdropping
in the form of opportunistic TLS.
Protection against MITM requires the ability to distinguish between
connections to the right server from connections to the wrong
server. For pre-DANE SMTP, over insecure DNS this is not generally
possible.
Pretending that we've plausibly verified absense of MITM when we've
in fact done nothing of the sort is not something the maintainers
of Postfix are in the habit of doing.
We will likely continue to adopt sensible security features as they
mature, but we'll do our best to not misrepresent reality.
This is the last comment in this thread.
--
Viktor.
