postfix-users May 2014 archive
Main Archive Page > Month Archives  > postfix-users archives
postfix-users: Re: Disabling Anonymous Diffie Hellman

Re: Disabling Anonymous Diffie Hellman

From: Viktor Dukhovni <postfix-users_at_nospam>
Date: Wed May 21 2014 - 14:09:16 GMT

On Wed, May 21, 2014 at 08:51:48AM +0200, David Schweikert wrote:

> Hi Viktor,
> On Tue, May 20, 2014 at 14:21:22 +0000, Viktor Dukhovni wrote:
> > Facebook made the same mistakes you did:
> >
> >
> In that thread you say that CA certs are futile for SMTP servers.

That's the one sentence version, in response to Facebook's implied
assertion that SMTP STARTTLS at sites with CA-issued certs is
somehow further along the evolutionary path towards a secure SMTP
backbone than at sites without.

The unstated context is "at Internet scale". I know about the
"secure" level, after all I developed that feature for Postfix,
while also serving as postmaster for a large company with many SMTP
secure TLS peering relationships. This non-scalable use-case is
explained in section 1.3 of the DANE draft.

> You might say that DANE is better, and I agree, but CA certificates are
> the current solution to this problem, and certainly will remain
> important until DANE becomes more widespread.

The problem with "secure" is that it requires bilateral coordination.
Thus O(n^2) effort for a network of size n. This cannot and will
not secure SMTP by default.

> Also, we don't do "fingerprint" because we don't want to maintain the
> fingerprint database (and deal with sudden changes, etc.).

Indeed, but you still maintain a policy table with per-destination
policy, contact numbers when things go wrong, custom matching rules
when the MX host certificates contain something other than the
recipient domain or a sub-domain there-of, ...

I urge companies that implement "secure" or "encrypt" with business
partners to implement DNSSEC and publish TLSA RRs. Demand DANE
support from your MTA vendors and/or email service providers.

-- Viktor.