[Ach] filippo on SSL SMTP encryption
ach at lsd.is
Wed Apr 1 15:51:20 CEST 2015
Am 01.04.2015 um 13:50 schrieb Hanno Böck:
> It *IS* available in Firefox and Chrome. On the server side it is just
> a configuration issue, so you can use it today, right now. (That
> Microsoft and Apple aren't fast in deploying better TLS features is a
> sad fact - especially since microsoft just recently had an issue that
> could've been mitigated with key pinning)
>> and has the disadvantage on relying on a TOFU-procedure, where
>> an attacker simply could intercept the first request.
Yes, you're right. I just deployed it for fun but I really do not like
the possible DoS-aspect of HSTS and HPKP.
If there are cleartext connections or the MITM carries out a very
classic certificate forgery on a new connection, the header can be
replaced with wrong data and absurdly long max-age timers.
Like this a broad bunch of visitors of that specific server will suicide
and be kept away for very long time.
Since many adversaries sit on carrier links, the MITM-attack will be one
of the most important ones. Playing with forged certificates (to gain
access to a HTTP header exchange) or simply poisoning cleartext
connections, both having DoS in mind, will be quite neat stuff for those.
It's better to have failed connections only from time to time (as result
of adversary's DNSSEC manipulation trials) instead of going dark for
ages because the own webbrowser says so.
More information about the Ach