Re: STARTTLS & EHLO: Errata text?

Tony Finch <dot@dotat.at> Sat, 31 January 2009 20:38 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0VKcgvH057008 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sat, 31 Jan 2009 13:38:42 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n0VKcgYi057007; Sat, 31 Jan 2009 13:38:42 -0700 (MST) (envelope-from owner-ietf-smtp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-smtp@mail.imc.org using -f
Received: from ppsw-0.csi.cam.ac.uk (ppsw-0.csi.cam.ac.uk [131.111.8.130]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n0VKcSei056994 for <ietf-smtp@imc.org>; Sat, 31 Jan 2009 13:38:39 -0700 (MST) (envelope-from fanf2@hermes.cam.ac.uk)
X-Cam-AntiVirus: no malware found
X-Cam-SpamDetails: not scanned
X-Cam-ScannerInfo: http://www.cam.ac.uk/cs/email/scanner/
Received: from hermes-2.csi.cam.ac.uk ([131.111.8.54]:53081) by ppsw-0.csi.cam.ac.uk (smtp.hermes.cam.ac.uk [131.111.8.150]:25) with esmtpa (EXTERNAL:fanf2) id 1LTMbj-0005e7-1R (Exim 4.70) (return-path <fanf2@hermes.cam.ac.uk>); Sat, 31 Jan 2009 20:38:27 +0000
Received: from fanf2 (helo=localhost) by hermes-2.csi.cam.ac.uk (hermes.cam.ac.uk) with local-esmtp id 1LTMbj-0006Ik-Dy (Exim 4.67) (return-path <fanf2@hermes.cam.ac.uk>); Sat, 31 Jan 2009 20:38:27 +0000
Date: Sat, 31 Jan 2009 20:38:27 +0000
From: Tony Finch <dot@dotat.at>
X-X-Sender: fanf2@hermes-2.csi.cam.ac.uk
To: Hector Santos <hsantos@santronics.com>
cc: ietf-smtp@imc.org
Subject: Re: STARTTLS & EHLO: Errata text?
In-Reply-To: <49835DE2.3030403@santronics.com>
Message-ID: <alpine.LSU.2.00.0901312021190.14750@hermes-2.csi.cam.ac.uk>
References: <497DE492.4080506@pscs.co.uk> <497DED29.70402@att.com> <497ED420.30708@pscs.co.uk> <alpine.LSU.2.00.0901271403220.4546@hermes-2.csi.cam.ac.uk> <497F86CB.60904@att.com> <alpine.LSU.2.00.0901281434440.4546@hermes-2.csi.cam.ac.uk> <498088B8.9040404@pscs.co.uk> <alpine.LSU.2.00.0901291310080.4546@hermes-2.csi.cam.ac.uk> <4981C0D5.1010401@pscs.co.uk> <4981C6BD.2040900@att.com> <37F39FF37390694B69567838@PST.JCK.COM> <4981E1AB.9000002@att.com> <alpine.LSU.2.00.0901301832470.4795@hermes-2.csi.cam.ac.uk> <49835DE2.3030403@santronics.com>
User-Agent: Alpine 2.00 (LSU 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset="US-ASCII"
Sender: owner-ietf-smtp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-smtp/mail-archive/>
List-ID: <ietf-smtp.imc.org>
List-Unsubscribe: <mailto:ietf-smtp-request@imc.org?body=unsubscribe>

On Fri, 30 Jan 2009, Hector Santos wrote:
>
> But I still to get the  "Client MUST NOT trust" statement.  It has to trust,
> blind or otherwise, what the server presented up to this point before it can
> go to the next step.

The client can verify when it receives the server certificate that the
connection up to that point was with the correct server. Before TLS is up
and running, anything the client gets from the server must be treated as
provisional, to be verified using data from trustworthy sources.

Many TLS clients are too trusting - they rely on the server capability
list to decide whether to use TLS or not, which opens them to downgrade
attacks. If a client has reason to expect that the server supports TLS
then it should treat the absence of TLS support as an attack. (i.e. the
common MUA configuration option of "TLS when available" does not comply
with this requirement.) This is obviously problematic for inter-domain TLS
to an MX, but TLS to MX is fundamentally broken and needs rethinking.

> In my view, I think it should say:
>
>    The client MUST NOT presume the server extensions apply
>    in the secure state as it may have changed.

It already says that in the paragraph that follows my proposed text.

> To me, that is enough to give the client the incentive and understanding
> that it needs to re-issue EHLO.

Remember this thread was started by someone who wrote code that did not.

Tony.
-- 
f.anthony.n.finch  <dot@dotat.at>  http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS.
MODERATE OR GOOD.