Den 23.04.2014 16:35, skrev Viktor Dukhovni: > On Wed, Apr 23, 2014 at 04:21:14PM +0200, Per Thorsheim wrote: > It seems to me as if mailadmins prefer supporting "everything", > since anything is better than plaintext. > Correct. This is called "opportunistic TLS". For an explanation > of why that's the best possible for SMTP at Internet scale without > DNSSEC see (version may change from 08 at some point): > > > http://vdukhovni.github.io/ietf/draft-ietf-dane-smtp-with-dane-08.html#channelsecurity Very helpful, thank you! Still reading, but I see there's more to it than I thought.
>> I would really like to hear honest and justified opinions on what >> to consider "good" and "best" practices on this matter. > There's an air of superiority in that question, avoid the temptation > to demand explanations. Working for "big five" long time ago, learned to never offer "best practice", as it couldn't be proven, thus risk of getting sued. Use "good practice" instead, which was "reasonable", but hard to sue somebody over. My worries here, as with HTTPS, is users (mailadmins?) putting way too much trust into it, as soon as they see a mailheader saying SSLv2 ciphers were used. Moving from plaintext to anything better suddenly requires an active act to mitm, instead of just passive eavesdropping. Somehow I do prefer "if you are going to use crypto, at least use strong crypto" as an argument for disabling 40/56bit, SSLv2, AnonDH and using a TTP cert, although lots of attacks still works, and it still cannot be "trusted". It just feels "better". Catch-22. > Better than opportunistic TLS for SMTP requires DNSSEC + DANE. > Have you implemented DNSSEC for your domain? Published TLSA records? > > Planning to go to Patrick Koetter's talk at Linuxtag Berlin on May > 10th? > > http://www.linuxtag.org/2014/de/programm/vortragsdetails/?eventid=3111 > Didn't know about that one, and no chance of attending this time. Thank you for an honest reply and the very useful link to your explanations and recommendations. Regards, Per Thorsheim
