On 12/16/2015 09:06 AM, Michael Storz wrote:
Am 2015-12-16 16:26, schrieb Alice Wonder:
But with port 25, certificate authorities do not matter, so an admin
running the same smtp server on multiple hostnames can generate a new
self-signed cert at no cost every time they add a domain that resolves
to that IP address.
Thus even with multiple domains resolving to the same IP address, I
don't see a need for port 25 to have more than one cert.
Am I missing something?
The goal ist to prevent an active man-in-the-middle (MITM) attack. To
reach this goal you need an authenticated TLS connection from the SMTP
client to the SMTP server. At the moment you have two possibilities to
authenticate a TLS connection:
- using DNSSEC/DANE which is finally standardized in RFC 7672
- using the traditional PKIX method, which is not standardized and
therefore not really used at the moment
The process of authentication uses two steps
- checking if the public key belongs to the domain
- checking if the domain you use as a reference identifier is related to
the domain from step one (this is the part about SNI and checking the
reference identifier)
For the PKIX method this means you have to verify the certificate (which
includes several steps) and to check if you trust the signer of the
certificte (CA). Only then you can trust that the key really belongs to
the owner of the domain in the certificate (this is only a very
simplified description of the whole process, read the relevant
literature about the problems with this approach). If the certificate is
self-signed or signed by a private CA the certifiacte could as well be
issued by a man-in-the-middle. Using an unauthenticated TLS connection
prevents passive attacks (eavesdropping) but not active attacks.
Therefore certificate authorities do matter for every protocol which
uses TLS and the traditional PKIX method of authentication.
Michael
The problem is there is no agreed upon list of certificate authorities
that must be used.
So my signed certificate may be signed by a certificate authority your
server doesn't trust.
As there is no opportunity for user interaction when the CA isn't
trusted by a particular server, that's a problem, so they don't require
CA validation.
Hence why DANE is needed to avoid MITM and guarantee encrypted transmission.
