IETF Logo Mail Archive

Re: IETF mail server and SSLv3

Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 04 February 2016 02:40 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6518A1B319B for <ietf@ietfa.amsl.com>; Wed, 3 Feb 2016 18:40:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Level:
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JoGwT-dp7ZY0 for <ietf@ietfa.amsl.com>; Wed, 3 Feb 2016 18:40:03 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE6351B3170 for <ietf@ietf.org>; Wed, 3 Feb 2016 18:40:02 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 86FA2284D98; Thu, 4 Feb 2016 02:40:01 +0000 (UTC)
Date: Thu, 04 Feb 2016 02:40:01 +0000
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: ietf@ietf.org
Subject: Re: IETF mail server and SSLv3
Message-ID: <20160204024001.GM19242@mournblade.imrryr.org>
References: <F38A9FEF-7DBB-4F40-860E-6CB425E5EEE3@ietf.org> <sjmvb66r1st.fsf@securerf.ihtfp.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <sjmvb66r1st.fsf@securerf.ihtfp.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/ietf/t6wixwljLKWG7RMXg5OqxMenRps>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: ietf@ietf.org
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Feb 2016 02:40:04 -0000

On Tue, Feb 02, 2016 at 09:00:02PM -0500, Derek Atkins wrote:

> Have you disabled non-TLS SMTP transport, too?

That would clearly be premature.

> If not, isn't there a chance that disabling SSLv3 will cause *SOME*
> email to fallback to non-encrypted?

A very small chance, but given the rapidly diminishing and already
negligible fraction of systems that are only capable of SSLv3, this
is an acceptable cost of reducing the attack surface and opportunities
for downgrade and other attacks against the vast majority of
remaining systems.

I'm glad to see active support for the positions expressed in
RFC7435, and indeed one generally gets more security by raising
the ceiling (making stronger crypto available) than by raising the
floor (requiring stronger crypto than was previously acceptable).

However, after making stronger crypto available for long enough,
and reaching sufficient deployment levels that obsolete crypto is
legitimately almost never needed, it is eventually time to move on
and raise the floor too.

I am quite comfortable at this time with a requirement of better
than SSLv3 for SMTP on the public Internet.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email