What email encryption is actually in use?

Adam Shostack adam at homeport.org
Wed Oct 2 15:27:50 EDT 2002 

On Wed, Oct 02, 2002 at 02:56:39PM -0400, Steven M. Bellovin wrote:
| >While I generally am on board with this, I can see a situation where the
| >encryption overhead [and complexity] may be excessive [underpowered mail
| >servers administered by beginners] compared to the gains. 
|
| The primary use of STARTLS for SMTP is for mail *submission*, not 
| relaying.  That is, when clients (like Eudora) generate mail, they 
| submit it to an ISP or organizational SMTP server.  If this server is 
| accessible from the Internet, it should require some sort of 
| authentication, to avoid becoming an open spam relay.  This is 
| sometimes done by a password over a TLS-protected session.
| 
| In other words, this isn't opportunistic encryption, and doesn't run 
| into the problem of "random smtp server has a self-signed cert".  The 
| client should be configured to know what cert to expect.

Its seemingly easy to configure postfix to opportunisticly encrypt
email.  That may not be its primary use, and many of the pages
describing how to set things up miss this, but

In main.cf:
smtp_use_tls = yes
smtp_tls_note_starttls_offer = yes

results in this is my mail headers saying:

Received: from thetis.deor.org (thetis.deor.org [207.106.86.210])
(using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits))
(No client certificate requested) by H203.C220.tor.velocet.net
(Postfix) with ESMTP id CC7593008F for <adam

Opportunisticly.  The other guy accepts my cert at random.  We're
totally vulnerable to MITM.

(Lucky points out in another thread that it would be great to have
cert persistance, which can maybe be emulated by putting a really big
number in the timeout:

smtpd_tls_session_cache_timeout = 3600s

He's right.  But I'm not letting the best be the enemy of the good.)

Adam


-- 
"It is seldom that liberty of any kind is lost all at once."
					               -Hume



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list