On Fri, Dec 28, 2001 at 12:49:26PM -0500, Derek Broughton wrote:
> Richard Welty wrote:
> > the concern, i think, is that the naive will confuse SMTP over TLS with
> > real security, which it is not. SMTP over TLS cannot be real security
> You & I know that, but that's hardly an argument for saying "don't use
> TLS except in very limited circumstances". I'm just not seeing the
I'll answer you and Marc (who is obviously a clueless fuckwit, because he
explicitly sent me a copy of the reply) in one go. The problem is that my
host *CAN* do TLS, but that you do not have the right credentials to
establish a TLS session. Marc is wrong in assuming that you get any kind
of error, you don't. The connection is just left in an undefined state,
where neither side knows whether to encrypt or send plaintext, because
the receiver-smtp side didn't want to make the TLS connection. Therefore,
by doing TLS to any host that advertises it, you lose, because your mail
sits in the queue and attempts to set up the same TLS connection with the
same inappropriate or incomplete credentials, and fails again.
My entire point is that because you can't communicate what credentials
you need to establish the TLS connection with the 250-STARTTLS response
to the EHLO command, then just knowing that the STARTTLS command is
supported does not give you a reason to assume that you can use TLS.
> downside of using TLS. If you're using TLS and not using end-to-end
> encryption, and you think you have a secure system then, in Matthew's
> words, you're a dork. But if you're using TLS, you're _at least_ as
> secure as the guy using plaintext.
Oh, sure, sorry, this is fine, I'm not saying this is dorkish. What I
am, however, complaining about is the inability to see why randomly using
TLS to any host that advertises that it can do the STARTTLS command is
a problem.
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/