Mail Server Setup
lists at kittypee.com
Wed Jun 4 09:11:46 MDT 2014
On Tue, Jun 3, 2014 at 8:49 PM, Andy Bradford
<amb-sendok-1404442185.cmljeidbjlbnmeklbpkn at bradfords.org> wrote:
> While that might sound secure, shouldn't one ask just what this is
> protecting against and what are the risks? Are their any SMTP MTAs
> (client side) that require you to verify the fingerprint of the SMTP
> server to which it relays email? Do they refuse to deliver email if it
> changes and notify you that the fingerprint is not what was expected?
> How many SMTP servers use untrusted certificate chains vs self-signed
> Given the current poor state of SMTP+SSL security, what prevents those
> in the middle from successfully executing MITM against your SMTP
> server/client software? (I am not talking about MUAs). Is it perhaps
> ``good will'' or ``good faith?''
> I will concede that if the attacker is passive then SSL will at least
> protect against passive sniffing, but if they have the ability to get a
> passive session, then they are one step removed from having an active
> The best way to ensure end-to-end security in email is still PGP.
> Anything else is just security theatre.
Not quite. End-to-end encryption via PGP or S/MIME is still the best,
but that doesn't mean any other protections are worthless. SMTP+SSL
does defend against many attack vectors. It is certainly not useless.
Passive sniffing is way more common than you think. Example, the
AT&T closet sniffer the NSA uses (1). Also, there is the theoretic
future when all SMTP providers will have verifiable certificates and
we can force strict SSL. It will never happen using your attitude.
If you want statistics on the usage of STARTTLS you can read the blog
from Facebook (2). It is quite large and growing.
Refusing security because it isn't perfect is silly. Security has
many layers and attack vectors. Why not work against as many as you
More information about the PLUG