On Wed, 16 Oct 2013, Dr Andrew C Aitchison wrote:
> On Tue, 15 Oct 2013, Viktor Dukhovni wrote:
>
>> Also keep in mind that SMTP use of TLS is almost universally
>> *opportunistic*, TLS is used without authentication when possible,
>> and plaintext is used otherwise or as a fallback when TLS handshakes
>> fail (at least in Postfix).
>
> Whilst opportunistic TLS dominates in SMTP, I believe that it is
> not "almost universal", at least if you include 587/submisison and
> 465/smtps as well as 25/smtp.
>
> Breaking opportunistic TLS is not good, but the message was
> available in plain at any intermediate hub so any sensitive
> message should have been encrypted anyway.
>
> I believe that most mail administrators enable TLS to protect
> authenticated submission from MTAs.
Oops. I meant "authenticated submission from MUAs" - an important
typo. Sorry.
> Features like server_advertise_condition
> go some way to ensure that
> crypto failure stops authentication and hence the message cannot be
> sent. Thus crypto failure creates an immediate and obvious break
> in service, not a hidden loss of security.
>
> I do believe that https/tls advice is not necessarily appropriate
> for smtp, but I've found it very difficult to find out, or figure
> out for myself, what is the correct answer in many cases.
--
Dr. Andrew C. Aitchison Computer Officer, DPMMS, Cambridge
A.C.Aitchison@??? http://www.dpmms.cam.ac.uk/~werdna
