SSL/TLS and port 587

Steven M. Bellovin smb at cs.columbia.edu
Tue Jan 22 23:21:29 EST 2008 

On Tue, 22 Jan 2008 10:38:24 -0800
Ed Gerck <edgerck at nma.com> wrote:

> List,
> 
> I would like to address and request comments on the use of SSL/TLS
> and port 587 for email security.
> 
> The often expressed idea that SSL/TLS and port 587 are somehow able
> to prevent warrantless wiretapping and so on, or protect any private
> communications, is IMO simply not supported by facts.
> 
> Warrantless wiretapping and so on, and private communications
> eavesdropping are done more efficiently and covertly directly at the
> ISPs (hence the name "warrantless wiretapping"), where SSL/TLS
> protection does NOT apply. There is a security gap at every
> negotiated SSL/TLS session.
> 
> It is misleading to claim that port 587 solves the security problem
> of email eavesdropping, and gives people a false sense of security.
> It is worse than using a 56-bit DES key -- the email is in plaintext
> where it is most vulnerable.
> 
This is old news.  But what's your threat model?

Clearly, hop-by-hop encryption, be it port 587 to your ISP's submission
server or pop3s/imaps by the recipient to his/her mail server does
nothing to protect against someone who has hacked the server.  I wrote
about that years ago; see
http://www.cs.columbia.edu/~smb/securemail.html (which archive.org
dates to April 1999, under my old AT&T URL), and I don't claim the
insight was novel even then.  Port 587 was defined in RFC 2476, from
1998; it specifically talks about the need for encryption.  SMTP-AUTH is
defined in RFC 2487 (Jan 1999 -- again, before my page), which
specifically warns that TLS protection of the channel isn't sufficient
against some threats.  (Aside: my page was prompted by someone on a
sensitive internal project who asked if he should encrypt his email.
After poking around a bit, I used xmessage to pop up a message on his
screen saying that there wasn't much point to encryption unless he
cleaned up a lot of other security issues...)  But note that the logic
applies about as well to end-to-end encryption, if your attacker can
hack the machine at either end.  By hack I specifically include "black
bag jobs" to plant a keystroke logger or the like.

So -- is encryption, whether hop-by-hop or end-to-end, useless?  No, of
course not.  Encrypting email submission or retrieval is very useful if
you use, say, wireless hotspots.  (Caveats and cautions here are left
as an exercise for the reader.)  End-to-end encryption guards against
rogue administrators of mail servers.  Neither protects against all
threats -- but both have their uses.

"Amateurs talk about algorithms; pros talk about economics."


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list