oss-sec mailing list archives
Re: Python standard library defaults to insecure TLS for mail protocols
From: nightmare.yeah27 () aceecat org
Date: Thu, 1 Feb 2024 09:45:36 -0800
On Thu, Feb 01, 2024 at 12:31:00PM +0100, Hanno Böck wrote:
Also relevant is RFC 8314, which contains guidelines for TLS connections in email protocols [5]. ("MUAs MUST validate TLS server certificates [...]") It targets client software, but I believe it is reasonable to apply the same standards to client APIs.
Relaying *MTAs* do not usually verify the certificate of the server they connect to. When they do, it creates problems because MTA certificates are very often self-signed. IIRC Yahoo relays in particular used to have this problem (or still do?) It is true that MTAs are not usually written in Python :-) So maybe the proposal is OK. But there's a general point to note here, namely not all protocols are the same wrt TLS. -- Ian
Current thread:
- Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 01)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols Steffen Nurpmeso (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Kurt H Maier (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Steffen Nurpmeso (Feb 02)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Hanno Böck (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols nightmare . yeah27 (Feb 01)
- Re: Re: Python standard library defaults to insecure TLS for mail protocols Daniel Kahn Gillmor (Feb 02)
- Re: Python standard library defaults to insecure TLS for mail protocols Jeremy Stanley (Feb 01)
- Re: Python standard library defaults to insecure TLS for mail protocols Stuart D Gathman (Feb 02)