Re: [exim] TLS auth between SMTP servers for mail exchange

Top Page
Delete this message
Reply to this message
Author: Viktor Dukhovni
Date:  
To: exim-users
Subject: Re: [exim] TLS auth between SMTP servers for mail exchange
On Tue, Mar 04, 2014 at 02:34:46PM +0200, s7r wrote:

> -----BEGIN PGP SIGNED MESSAGE-----


    http://xkcd.com/1181


> I know the basics how SSL/TLS works for websites, how does it work for
> SMTP?


    * Unauthenticated opportunistic TLS.


> Who issues the certs?


   * Nobody checks the certs, except by prior bilateral agreement.
     Therefore, you're free to use self-signed certs you generate.
     Paying for SMTP certs from a public CA is a waste, unless your
     business partners want to verify your SMTP server via some CA.


> If it's not a certification authority how are the certs verified


    * They are not verified.


> how are the encryption keys exchanged in order to be sure you are
> talking to the right end and there is no man-in-the-middle?


    * You get no man in the middle protection.


Postfix also supports authenticated TLS:

    http://www.postfix.org/TLS_README.html#client_tls_levels
    http://www.postfix.org/TLS_README.html#client_tls_fprint
    http://www.postfix.org/TLS_README.html#client_tls_verify
    http://www.postfix.org/TLS_README.html#client_tls_secure
    http://www.postfix.org/TLS_README.html#client_tls_dane


but all the levels other than "dane" don't scale beyond a handful
of peer sites. The "dane" level can scale, but at this time there
are essentially no domains that have DNSSEC sized zones with TLSA
records for SMTP (a total ~20 domains).

Exim also has various levels of TLS authentication, but the issues
are the same, they are in the nature of Internet SMTP, not any
particular MTA implementation.

Please help grow DANE adoption by implementing DNSSEC on your domain
and publishing TLSA records (only once you understand how to keep
these working properly with key rotation, we want DANE to work
reliably for all receiving domains that commit to authenticated
TLS by publishing TLSA records). So most users should wait 6-12
months, by which time the standards will be better defined, and
more deployment documentation will be available, maybe even an
implementation in Exim. Early adopters strongly familiar with
DNSSEC, TLS, and so on can deploy now.

-- 
    Viktor.