Re: default MTA
On Tue, Jun 11, 2013 at 11:50:01PM +0200, Daniel Pocock wrote:
> Something that doesn't have these limitations:
>
> http://tools.ietf.org/html/rfc2487#section-7
>
> This is also relevant (not just for Postfix):
>
> http://www.postfix.org/TLS_README.html#client_tls_encrypt
>
> "Despite the potential for eliminating passive eavesdropping attacks,
> mandatory TLS encryption is not viable as a default security level for
> mail delivery to the public Internet. Most MX hosts do not support TLS
> at all, and some of those that do have broken implementations. On a host
> that delivers mail to the Internet, you should not configure mandatory
> TLS encryption as the default security level. "
So you want DANE. That's the only reasonable way for mandatory TLS
encryption; too bad, server support is pretty bad currently. Other
TLS schemes provide at most opportunist encryption: all it takes for
an attacker is to redirect a connection elsewhere. With DANE, you
can securely tell whether your recipient supports encryption or not,
and obtain the TLS certificate.
Of course, this is for values of "securely" that trust ICANN, but at
least this is strictly better than the CA cartel. And if we shipped
(tz style) keys of individual TLDs, even ICANN could be avoided.
--
ᛊᚨᚾᛁᛏᚣ᛫ᛁᛊ᛫ᚠᛟᚱ᛫ᚦᛖ᛫ᚹᛖᚨᚲ
Reply to: