[exim-dev] Re: [Bug 3021] New: patch: The essence of a MITM …

Top Page
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: Exim Bugzilla
CC: exim-dev
Subject: [exim-dev] Re: [Bug 3021] New: patch: The essence of a MITM is not that both I and the server still think I have an encrypted connection
On Tue, 29 Aug 2023, Exim Bugzilla via Exim-dev wrote:

> https://bugs.exim.org/show_bug.cgi?id=3021
>
>            Bug ID: 3021
>           Summary: patch: The essence of a MITM is not that both I and
>                    the server still think I have an encrypted connection
>           Product: Exim
>           Version: 4.96
>          Hardware: All
>                OS: All
>            Status: NEW
>          Severity: bug
>          Priority: medium
>         Component: Documentation
>          Assignee: unallocated@???
>          Reporter: u34@???
>                CC: exim-dev@???

>
> There is an attempt in parenthesis to shortly clarify what is the problem with
> a MITM. I feel the clarification should be with other words.
>
> diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
> index d0f310f57..d02e309c8 100644


The patch does not clearly show the changed wording (diff is too
interested in the changed line breaks) so here it is re-wrapped
for human consumption:

DNS-based Authentication of Named Entities, as applied to SMTP
over TLS, provides assurance to a client that it is actually
talking to the server it wants to rather than some attacker
operating a Man In The Middle (MITM) operation.
-The latter can terminate the TLS connection you make,
-and make another one to the server (so both you and the server
-still think you have an encrypted connection)
+The latter can terminate the TLS connection you have with the server,
+and make another one (so both you and the server
+wrongly feel the encryption protects against interception)
and, if one of the "well known" set of Certificate Authorities has
been suborned - something which *has* been seen already (2014), a
verifiable certificate (if you're using normal root CAs, eg. the
Mozilla set, as your trust anchors).

The new version suggests that a connection between me and the
intended server starts and then ceases, so I would have to
say this is worse than the original.
If we are going to make a change, the word 'terminate'
is confusingly ambiguous. It is used here to indicate where
one of the end points is, but it read as if an existing
connection ceases.

How about replacing the -+ text with:

(A MITM attack creates a situation where both the client and
the serverhave encrypted connections to the attacker but
believe they are talking directly to each other)

?

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/