oss-sec mailing list archives
Re: Re: Python standard library defaults to insecure TLS for mail protocols
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Fri, 02 Feb 2024 18:47:15 -0500
Thanks Hanno for raising this. Hanno's conclusion is the right one: the mail protocol implementations in stdlib need to default to the standard default TLS behavior, which is requires verifying the server identity. On Thu 2024-02-01 09:45:36 -0800, nightmare.yeah27 () aceecat org wrote:
On Thu, Feb 01, 2024 at 12:31:00PM +0100, Hanno Böck wrote:Also relevant is RFC 8314, which contains guidelines for TLS connections in email protocols [5]. ("MUAs MUST validate TLS server certificates [...]") It targets client software, but I believe it is reasonable to apply the same standards to client APIs.Relaying *MTAs* do not usually verify the certificate of the server they connect to. When they do, it creates problems because MTA certificates are very often self-signed. IIRC Yahoo relays in particular used to have this problem (or still do?)
This is a poor counterargument. Note that Hanno's example was for IMAP_SSL, which is not used by any MTA i'm aware of.
It is true that MTAs are not usually written in Python :-) So maybe the proposal is OK. But there's a general point to note here, namely not all protocols are the same wrt TLS.
This note is fair: there are implementations that use TLS *without* confirming the server identity. However, those implementations should have to explicitly opt *into* that looser behavior by default. The baseline toolkit should not start in the unverified mode, for any protocol that uses TLS. As the lead author of the deliberately minimalist imap-dl from mailscripts (https://git.spwhitton.name/mailscripts/tree/imap-dl) i happen to be lucky enough to have avoided this because i have tried to support a configuration which happened to want to have a dedicated set of CA certificates. The relevant code there is: ----- ca_certs = conf.get('retriever', 'ca_certs', fallback=None) […] ctx = ssl.create_default_context(cafile=ca_certs) […] server:str = conf.get('retriever', 'server') with imaplib.IMAP4_SSL(host=server, port=int(conf.get('retriever', 'port', fallback=993)), ssl_context=ctx) as imap: ----- Basically, i avoided getting burned by really dumb luck. Had i not implemented that particular use case (which is admittedly distracting from imap-dl's minimalist goals), i would certainly have expected that the default would be an ssl_default_context(). This needs to be fixed in the stdlib. --dkg
Attachment:
signature.asc
Description:
Current thread:
- Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 01)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols Steffen Nurpmeso (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Kurt H Maier (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Steffen Nurpmeso (Feb 02)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 01)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Daniel Kahn Gillmor (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Jeremy Stanley (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols Stuart D Gathman (Feb 02)