[Ach] filippo on SSL SMTP encryption

Hanno Böck hanno at hboeck.de
Wed Apr 1 13:50:07 CEST 2015

On Wed, 01 Apr 2015 13:26:49 +0200
Manuel Kraus <ach at lsd.is> wrote:

> As I understand, mentioned alternative (HPKP) is not available at
> present

It *IS* available in Firefox and Chrome. On the server side it is just
a configuration issue, so you can use it today, right now. (That
Microsoft and Apple aren't fast in deploying better TLS features is a
sad fact - especially since microsoft just recently had an issue that
could've been mitigated with key pinning)

> and has the disadvantage on relying on a TOFU-procedure, where
> an attacker simply could intercept the first request.

That's true. HPKP is no perfect solution.

But right now we have:
* You need to compromise one of the many hundred CAs / sub-CAs to

After HPKP you have:
* You need to compromise one of the many CAs/sub-CAs *AND* you need to
  be able to intercept the first connection to a site.

If you further add CT it becomes very likely that your attack gets

To sub up: With CA+HPKP+CT you get a scenario where you have the
existing CA protection plus TOFU plus attacks can't be hidden easily.
Not perfect. But much much better than what we have now.

With DANE you gain nothing as long as you don't deploy resolvers on
clients. Nobody is seriously working on that right now. It won't happen
any time soon, maybe (probably?) it will never happen.

> But, well, if the currently underlying DNSSEC crypto really sucks (as
> to read in the mentioned rant articles) we're doomed with it at
> present. Maybe that can be fixed simply using better algorithms?

It can, it's just people don't. (You can use ECDSA, which is not
super-nice, but okay enough and better than rsa1024 what they currently
often use.)
That's also a problem with the DNSSEC crowd. They'll tell you "we have
fixes for the problems", but they don't deploy them.
(anecdote: Someone telling me "we can mitigate this reflection problem
by sending a tc flag and only answer in full via udp" - me: "that's
nice, but *your* dns server doesn't do that")

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150401/bbaa4f0a/attachment.sig>

More information about the Ach mailing list