On Sun, 19 May 2019, Viktor Dukhovni via Exim-users wrote:
> Since LOGJAM and DROWN, the SMTP MTA "ecosystem" has moved on
> from "export" ciphers and SSL2/SSL3. You can now without loss
> of interoperability expect at least 128-bit ciphers and TLS 1.0.
> Which are adequate for SMTP, and better than cleartext. I am
> not aware of any cross-protocol attacks against TLS 1.2 via
> servers that use the same certificate with TLS 1.0/1.1. And
> you really don't have to and shouldn't use the same certificate
> across multiple unrelated services.
Executive summary:
Although it is not immediately obvious, "multiple unrelated services"
describes "email" *on its own*.
When DROWN happened, it took me a long time to figure out why I was
uncomfortable with the advice that it was not essential to drop SSL for SMTP.
Eventually I figured out that the experts were assuming that
{smtp,imap,pop,webmail}.example.org would be used, whereas a small
setup with a single server for SMTP and webmail might use mail.example.org
for both.
I am yet to be convinced that it is unnecessary to spell out that
sharing a hostname for different *email* services has security
implications.
--
Andrew C. Aitchison Cambridge, UK
andrew@???
