IETF Logo Mail Archive

Re: [TLS] The risk of misconfiguration

Viktor Dukhovni <viktor1dane@dukhovni.org> Wed, 07 May 2014 18:16 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D2D031A0280 for <tls@ietfa.amsl.com>; Wed, 7 May 2014 11:16:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Yd56KZXI1L_B for <tls@ietfa.amsl.com>; Wed, 7 May 2014 11:16:57 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id 2E25D1A0268 for <tls@ietf.org>; Wed, 7 May 2014 11:16:57 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 65AEE2AA9FF; Wed, 7 May 2014 18:16:51 +0000 (UTC)
Date: Wed, 07 May 2014 18:16:51 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20140507181651.GX27883@mournblade.imrryr.org>
References: <CACsn0cnvV9c5aH5p8cD1fJEzF4dmNXBaEaHCfkX82AZqKOUYaQ@mail.gmail.com> <CAK3OfOgYr7d88iuxhXZcos55ymg0i_Q_GHNcXB+w7GRUaEj0bw@mail.gmail.com> <536A67D9.2070302@pobox.com> <CAK3OfOjTehkbKMg40_ZXGXOVjyHHY7UrxLmpyr7Mz00rRo+RLQ@mail.gmail.com> <536A6F8C.7020702@akr.io>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <536A6F8C.7020702@akr.io>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/tls/5flv36H7dtq95CTpGnxB8O_TiOc
Subject: Re: [TLS] The risk of misconfiguration
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tls@ietf.org
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 May 2014 18:16:59 -0000

On Wed, May 07, 2014 at 06:38:20PM +0100, Alyssa Rowan wrote:

> With the greatest respect, I'm simply not clear on why those uses are
> best addressed that way.
> 
> For opportunistic encryption, at least with self-signed cert usage we
> can then softly migrate from opportunistic to DANE-EE pinning - and
> indeed that is the route SMTP has already taken, as Viktor's helpfully
> highlighted.
>
> Meanwhile aDH denies us that option, and broadcasts our MITM
> susceptibility to Mallory.

A Postfix SMTP server, whether it has TLSA RRs or not, almost always
has a certificate (for interoperability reasons), often self-signed.

Even though the server has a certificate, it still enables ADH and
AECDH cipher-suites.  Clients that don't authenticate the server
negotiate ADH or AECDH cipher-suites.  If the server happens to
publish TLSA RRs, some *clients* will omit ADH and AECDH from their
cipherlist because they are going to authenticate the server's
certificate.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email