Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)

Paul Hoffman <> Mon, 08 November 2010 09:07 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 6C9AA3A68E8; Mon, 8 Nov 2010 01:07:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -101.21
X-Spam-Status: No, score=-101.21 tagged_above=-999 required=5 tests=[AWL=0.836, BAYES_00=-2.599, HELO_MISMATCH_COM=0.553, USER_IN_WHITELIST=-100]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZeY4rNAKkR12; Mon, 8 Nov 2010 01:07:52 -0800 (PST)
Received: from (Hoffman.Proper.COM []) by (Postfix) with ESMTP id A93793A68E6; Mon, 8 Nov 2010 01:07:52 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.14.4/8.14.3) with ESMTP id oA897k7O064123 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 8 Nov 2010 02:07:57 -0700 (MST) (envelope-from
Mime-Version: 1.0
Message-Id: <p06240843c8fd6c508084@[]>
In-Reply-To: <>
References: <>
Date: Mon, 08 Nov 2010 17:07:42 +0800
To: Peter Gutmann <>,,
From: Paul Hoffman <>
Subject: Re: [TLS] Security concerns around co-locating TLS and non-secure on same port (WGLC: draft-ietf-tsvwg-iana-ports-08)
Content-Type: text/plain; charset="us-ascii"
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Transport Area Working Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 08 Nov 2010 09:07:53 -0000

At 6:46 PM +1300 11/8/10, Peter Gutmann wrote:
>I kinda missed this in the original, but I can't let it go unchallenged:
>> My summary of that comment is that STARTTLS for SMTP (RFC 3207) has
>> shown to have some security issues, be complexer to implement than using
>> two ports and thus less popular.
>What is this claim based on?

"some security issues": See the long Security Considerations section on RFC 3207.

"be complexer to implement than using two ports": See the state machine described in section 4 and its subsections in RFC 3207. That's much more complex than "OK, let's go".

"thus less popular": Developers would like fewer code paths and more failure states.

> About a year after the initial STARTTLS spec was
>published, I and a few other security geeks did some informal surveys of mail
>being processed at a couple of large sites and found that STARTTLS, after a
>year, was securing more mail than all other email encryption protocols
>combined, and that was a decade ago. 

"more than a bunch of slacker protocols" is a pretty low bar.

>(And going back to Paul Hoffman's
>original post, as the author of the world's most successful email encryption
>RFC I don't think he has anything to apologise about).

We disagree. :-)

>So, what research or figures is the above claim, that STARTTLS is less popular
>than using port 465, based on?

I don't think that is what Magnus said, but he can speak for himself. STARTTLS in POP and IMAP is much less popular than POP and IMAP on a second port for TLS.

--Paul Hoffman, Director
--VPN Consortium