[Nottingham] Email downgrade attacks?
Mike Cardwell
nlug at lists.grepular.com
Wed Nov 12 15:49:03 UTC 2014
* on the Wed, Nov 12, 2014 at 02:49:45PM +0000, Jason Irwin wrote:
> https://www.eff.org/deeplinks/2014/11/starttls-downgrade-attacks
Annoyingly, this breaks DANE. I publish fingerprints of the certs which my MX
servers use, in the DNS:
mike at Mike-PC:~$ dig +short tlsa _25._tcp.mx1.grepular.com
3 1 1 8D805D884E8662658DA453C5053654F043F354262FCF49BAF7F82141 44762BE4
mike at Mike-PC:~$ dig +short tlsa _25._tcp.mx2.grepular.com
3 1 1 67C389321823F2E2C0FEB1456147D185C36A1311BC572744B00FA8A3 7AD274D6
mike at Mike-PC:~$
I am also using DNSSEC, so those records are cryptographically signed and
verifiable (a requirement of DANE). What this means is, if some other mail
server which supports DANE connects to mine, it will know that encryption is
*required* and that a certificate matching the fingerprint I've published *must*
be expected.
So if some cretinous ISP like Verizon comes along and strips out STARTTLS from
the EHLO response in the connection between me and some other party, the sending
mail server will notice the lack of encryption and the message will be bounced
back to the sender instead of delivered.
FYI, DANE support is available in Postfix today, and is being worked on by the
guys at Exim too.
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20141112/1cabc37d/attachment.pgp>
More information about the Nottingham
mailing list