View Single Post
Old 17 Oct 2016, 01:52 PM   #306
brong
The "e" in e-mail
 
Join Date: Jul 2004
Location: Melbourne, Australia
Posts: 2,658

Representative of:
Fastmail.fm
Quote:
Originally Posted by dgcom View Post
The only thing active proxy should be able to do is to remove STARTTLS... If MX _client_ is verifying certificate properly, someone has to steal signed certificate to impersonate _server_ endpoint. Server won't know for sure who is talking to it, unfortunately reverse DNS is not an authentication mechanism...
It's actually worse than that. Forward DNS isn't an authentication mechanism either.

If I type 'https://www.fastmail.com' then the endpoint I connect to via DNS needs to response with a signed certificate for www.fastmail.com or *.fastmail.com which is signed by a trusted CA. So far so good. Someone can poison the DNS, but they still have to proxy the packets to a real server that is has the correct certificates on it.

If I type 'mailto:bob@fastmail.com' into my mail client, the active DNS intercept can return:

fastmail.com. IN MX 5 evilhost.evilsite.com

and present a perfectly validly signed certificate for evilsite.com signed by any trusted CA, and the message will be sent to them. SMTP really isn't safe against an active man-in-the-middle attack which can poison DNS. But I'm sure you already know all that.

On the plus side, most places log which MX they actually connected to, so it's possible to know that you were attacked after the fact:

2016-10-17T00:45:43.226981-04:00 gateway1 postfix-out/smtp[1246889]: Trusted TLS connection established to gmail-smtp-in.l.google.com[173.194.204.26]:25: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
2016-10-17T00:45:43.624653-04:00 gateway1 postfix-out/smtp[1246889]: 189D020762: to=<..myaddress..>, relay=gmail-smtp-in.l.google.com[173.194.204.26]:25, delay=0.53, delays=0.05/0/0.15/0.33, dsn=2.0.0, status=sent (250 2.0.0 OK 1476679543 r12si16909167qke.70 - gsmtp)


Anyway, what I'm saying is that security is a chain, and offering SSLv3 is nowhere near the weakest link in the SMTP transaction, which is why I'm a bit meh about upgrading that particular link with a titanium plated version while there are other, weaker, links involved in all the plausible threat models.
brong is offline   Reply With Quote