[Cryptography] Dark Mail Alliance specs?

Viktor Dukhovni cryptography at dukhovni.org
Tue Mar 25 19:22:51 EDT 2014

On Tue, Mar 25, 2014 at 11:48:12PM +0100, tpb-crypto at laposte.net wrote:

> > 1) to eventually get a majority of all email sent end-to-end encrypted 
> > to a minimum security standard, such that active measures are needed to 
> > intercept and read it.
> > 
> Postfix and Exim4 support TLS 1.3 for server-to-server mail
> delivery through SMTP port 25.

There is no TLS 1.3 specification yet, let alone running code.  As
for opportunistic TLS for SMTP, this is supported by a lot more
MTAs than Postfix and Exim, but as yet a majority of MTAs have not
enabled TLS.  The fraction of SMTP traffic that is TLS encrypted
is somewhere between 10% and 50%.

> You can just generated the key and activate that feature. If
> available, both daemons will communicate through it and nobody will
> easily snoop it.

Indeed, but getting users to turn on TLS (even though with SMTP
nobody cares if your certificate is self-signed) is not so easy.

Even ietf.org have not yet enabled STARTTLS on their Postfix server.
Of course with ietf.org (and also the server for this list) the
vast majority of the traffic is publicly archived, so enabling
TLS would be more a matter of making a statement, rather than
protecting content confidentiality.

> Even better, they support 16k bit RSA keys, which will resist
> common computer decryption techniques (except shor) for decades to
> come.

I must protest!  This is an absurd waste of CPU cycles.  Without
DNSSEC and DANE, essentially nobody can or is checking TLS certificates
with SMTP.  So your 16k-bit certificate is a useless source of
false confidence.

> Test it and you will see how good it is. We just have to enable
> it in our servers and the first step towards completely encrypted
> e-mail transport is done.

The good part of nobody checking SMTP certificates is that deployment
is easy.  On the server just spin-up a self-signed cert and off
you go.  On the client no root CAs to worry about, just enable
opportunistic TLS and harden the traffic against passive eavesdropping.

If you want security in the face of active attacks on SMTP, you
need DNSSEC and DANE.  At the moment this requires a Postfix 2.11.0
client with a local validating resolver and a remote server with
MX records, MX host addresses and MX host TLSA records in a DNSSEC
signed zone.


More information about the cryptography mailing list