Re: Opportunistic TLS on mail servers

[Aarón Mizrachi <unmanarc () gmail com>]

On Miércoles 11 Marzo 2009 23:20:50 steve.dake () gmail com escribió:
> I am curious as to how may people have their email servers configured to
> perform opportunistic TLS? It seems like a cheap way to mitigate a good
> portion of your potential email information leakage. If you are against it,
> I would like to know why. If you have used it for a while, have you had any
> issues?

Heh, opportunistic encryption are just that.. oportunistic. 

our client can be configured to use it, but... have some weakness if you dont 
force to use it... because:

What if a man in the middle attack on a untrusted network disable or downgrade 
the encryption?

Check for RFC 2487 to understand it:

> > 5. The STARTTLS Command
> >
> >  The format for the STARTTLS command is:
> >
> >   STARTTLS
> >
> >   with no parameters.
> >
> >   After the client gives the STARTTLS command, the server responds with
> >   one of the following reply codes:
> >
> >   220 Ready to start TLS
> >   501 Syntax error (no parameters allowed)
> >   454 TLS not available due to temporary reason

Steps:

- You start a smtp connection
- a mitm attack forwarding tcp is started
- a mitm act as a proxy and start connection to real server
- you send a STARTTLS command
- a mitm replace your STARTTLS with nothing
- a mitm inject on your connection side: 454 TLS not available due to 
temporary reason
- if your email-client doesnot mandatory enforce TLS, you will procced without 
TLS.
- Everything from this point are unencrypted redirected and logged by the mitm 
host.

> Just interested in what everyone has to say about the topic.
>
> Article:
> http://securityn00dle.blogspot.com/

Real cryptography applications involves:

- Certificates: you have supposed to exchange the certs by a trusted secured 
way, BOTH SIDES.
- Certificate integrity: generation and private keys are supposed to be well 
protected. BOTH SIDES.
- Enforced mandatory crypto: both sides, client and server side. (SSL SMTP on 
465 are good)
- Good cypher algorithm support: SSLv3 are required, check for the best 
combination of cypher algorithms (blowfish, aes, serpent, CBC, hashing, etc...) 
and disable others weak supported algorithms (like 56-bit des)...

To increase usability (paying it on security), you can forget the client 
certificates.

-----------------------------

The server certificate and user training are mandatory... If you dummy accept 
any cert, a mitm attack could be possible and encryption are not quite useful.


------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Find the source of cybercrime! Almost every crime today involves a computer or mobile device. Learn how to become a 
Computer Forensics Examiner in InfoSec Institute's hands-on Computer Forensics Course. Up to three industry recognized 
certs available, online computer forensics training available.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
------------------------------------------------------------------------