Re: Re: Python standard library defaults to insecure TLS for mail protocols

[Daniel Kahn Gillmor <dkg () fifthhorseman net>]

Thanks Hanno for raising this.

Hanno's conclusion is the right one: the mail protocol implementations
in stdlib need to default to the standard default TLS behavior, which is
requires verifying the server identity.

On Thu 2024-02-01 09:45:36 -0800, nightmare.yeah27 () aceecat org wrote:
> On Thu, Feb 01, 2024 at 12:31:00PM +0100, Hanno Böck wrote:
>
> > Also relevant is RFC 8314, which contains guidelines for TLS
> > connections in email protocols [5]. ("MUAs MUST validate TLS server
> > certificates [...]") It targets client software, but I believe it is
> > reasonable to apply the same standards to client APIs.
>
> Relaying *MTAs* do not usually verify the certificate of the server
> they connect to. When they do, it creates problems because MTA
> certificates are very often self-signed. IIRC Yahoo relays in
> particular used to have this problem (or still do?)

This is a poor counterargument.  Note that Hanno's example was for
IMAP_SSL, which is not used by any MTA i'm aware of.

> It is true that MTAs are not usually written in Python :-) So maybe
> the proposal is OK. But there's a general point to note here, namely
> not all protocols are the same wrt TLS.

This note is fair: there are implementations that use TLS *without*
confirming the server identity.  However, those implementations should
have to explicitly opt *into* that looser behavior by default.

The baseline toolkit should not start in the unverified mode, for any
protocol that uses TLS.

As the lead author of the deliberately minimalist imap-dl from
mailscripts (https://git.spwhitton.name/mailscripts/tree/imap-dl) i
happen to be lucky enough to have avoided this because i have tried to
support a configuration which happened to want to have a dedicated set
of CA certificates.

The relevant code there is:

-----
    ca_certs = conf.get('retriever', 'ca_certs', fallback=None)
    […]
    ctx = ssl.create_default_context(cafile=ca_certs)
    […]
    server:str = conf.get('retriever', 'server')
    with imaplib.IMAP4_SSL(host=server,
                           port=int(conf.get('retriever', 'port', fallback=993)),
                           ssl_context=ctx) as imap:
-----

Basically, i avoided getting burned by really dumb luck.

Had i not implemented that particular use case (which is admittedly
distracting from imap-dl's minimalist goals), i would certainly have
expected that the default would be an ssl_default_context().

This needs to be fixed in the stdlib.

      --dkg

Attachment: signature.asc
Description: