Dňa 29. marca 2023 16:24:22 UTC používateľ Bill Cole via Exim-users <exim-users@???> napísal:
>On 2023-03-29 at 04:46:17 UTC-0400 (Wed, 29 Mar 2023 10:46:17 +0200)
>Kirill Miazine via Exim-users <km@???>
>is rumored to have said:
>
>> Exactly. The former preventing passive data collection, the later --
>> active. Still, if *I* were to state a legal requirement that certain
>> domains use TLS, I'd also ask for verification either via TLS or
>> DANE, because just TLS is a very small win.
>
>No, it's a huge win. All you get from demanding certificate verification is "protection" from sending mail as securely as possible to systems that are trivially misconfigured in ways that have been deemed tolerable for the whole history of encrypted mail transport.
The main problem here and not limited to SMTP is PKI, which
i consider as (false) feel of security (in contrast of real security).
Why in hell the certificate signed by same (anonymous for me)
group (understand CA) is considered as secure, but certificate
signed by my own CA is not ? Only because someone (anonymous
for me again) decided that these "public" CA are "good" and added
to list of system's CAs... And what are these "root CAs"? They are
the same self-signed certs as anyone other can generate.
How do you can know, that these "public CAs" did not sign rogue
certificate? (search net to examples) And are you aware of which
CAs are "secure" in your system? Did you review that system's list
recently (or at all)? Do you know all?
Verifying name in case of SMTP has another problem -- which
name to verify? Recipient's domain name? Name from MX? Or
frpm PTR? You know they often differs, at least in that that MX
is subdomain or even totally different domain. Anyway, how to
know that PTR/MX's name, obtained via DNS, is not forged?
And one can continue... Verifying cert name is worth of near
nothing in SMTP security. You do not verifies, that name match
to what you (or user) typed samowhere, as at time to write
recipient address nobody know which server will handle it
nor which name it will have at time of delivery. Thus one
verifies, that "something" matches with "something" other.
And finally, it seems that you expect, that cert will match
name of MTA. OK, we can use name from MX, but what
with systems which provides MTAs for thousands domains?
Do you expect that all these domains have to use
the same name in MX? Or do you expect thousands certs
on that MTA? Or one cert with thousands names in SAN?
Some of these options are unmanageable and some
impossible (a lot of SANs can affect clients in bad way)...
Not verifying that name is not misconfiguration, it only
reveals problems of using PKI and its false security. Using
self-signed certificate is simple at +/- the same level
of security as PKI.
Be slowly when you name these problems misconfigutation,
they can be carefully choosen with (real) security in mind.
regards
--
Slavko
https://www.slavino.sk/
