[Cryptography] Facebook on the state of STARTTLS

tpb-crypto at laposte.net tpb-crypto at laposte.net
Tue May 20 14:06:41 EDT 2014


> Message du 20/05/14 19:37
> De : "Eric Mill" 
> On Mon, May 19, 2014 at 2:49 PM, Viktor Dukhovni
> wrote:
> >
> > > > I am pleased they posted the report, and would like to see more
> > > > reports like this going forward. I am somewhat disappointed it
> > > > appears to support the fallacy that somehow PKIX authentication is
> > > > applicable to SMTP and thus aplauds the fact that some SMTP servers
> > > > throw away money on public CA signed certificates, when opportunistic
> > > > TLS, or no TLS is required in their absense, and even their presence
> > > > cannot usefully preclude active attacks.
> > >
> > > Cost of a CA issued certificate = $50 /year [Comodo cheap SSL]
> >
> > My point is not that the CA certs are expensive in this case, they
> > could well in have been priced quite reasonably, rather the issue
> > is that even at $0.01 they are entirely futile for SMTP. So whether
> > you spend $0.01 or $1,000.00 you still get nothing.
> >
> 
> Could you explain why CA certs are futile for SMTP? It's not immediately
> obvious to me. (I'm new to STARTTLS, have never configured it.)
> 

That's simple, according to how the protocol is implemented it doesn't matter which CA signed your certificate, if it is signed, then it is valid.

It only takes one NSL from US agents (or hacking the CA) to force a CA authority to give away its private key, thus allowing to create an infinite number of trusted, signed, fake keys.

There are two solutions for this:
- Monitor your own servers through remote connections trying an OpenSSL handshake and see which signature is shown, if it is fake you send a command through another channel to close the port or shutdown your system;
- Use plugins like Certificate Patrol that will alert you of any certificate changes;


More information about the cryptography mailing list