On Wed, Jan 10, 2007 at 06:31:21PM -0500, Steven M. Bellovin wrote: > I just stumbled on a web site that strongly believes in crypto -- > *everything* on the site is protected by https. If you go there via > http, you receive a Redirect. The site? www.cia.gov: > > $ telnet www.cia.gov 80 > Trying 198.81.129.100... > Connected to www.odci.gov. > Escape character is '^]'. > GET / HTTP/1.0 > > HTTP/1.0 301 Found > Location: https://www.cia.gov/
Their public email gateways don't believe in crypto nearly as much as cs.columbia.edu does. $ for d in cia.gov cs.columbia.edu; do echo; dig +sho -t mx $d | sort +0n | tee /dev/tty | perl -lne 'm{(\S+)\.$} && print $1' | while read h; do echo; smtp-finger -t "[$h]" $d 2>&1 | perl -lne 'print unless (/^-{5}BEGIN/ .. /^-{5}END/);'; done; done 5 mail2.ucia.gov. 10 mail1.ucia.gov. smtp-finger: Connected to mail2.ucia.gov[198.81.129.148]:25 smtp-finger: < 220 mail2b.ucia.gov ESMTP smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-mail2b.ucia.gov smtp-finger: < 250-8BITMIME smtp-finger: < 250 SIZE 104857600 smtp-finger: Connected to mail1.ucia.gov[198.81.129.68]:25 smtp-finger: < 220 mail1a.ucia.gov ESMTP smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-mail1a.ucia.gov smtp-finger: < 250-8BITMIME smtp-finger: < 250 SIZE 104857600 100 cs.columbia.edu. 200 ober.cs.columbia.edu. 200 opus.cs.columbia.edu. smtp-finger: Connected to cs.columbia.edu[128.59.16.20]:25 smtp-finger: < 220 cs.columbia.edu ESMTP Sendmail (8.12.10/22/jtt/sed/ib42) is thrilled to serve you at Sat, 13 Jan 2007 13:27:13 -0500 (EST). smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 25000000 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-STARTTLS smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: > STARTTLS smtp-finger: < 220 2.0.0 Ready to start TLS smtp-finger: certificate verification failed for cs.columbia.edu[128.59.16.20]:25: untrusted issuer /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 smtp-finger: TLSv1 connection to cs.columbia.edu(cs.columbia.edu[128.59.16.20]:25) with cipher DHE-RSA-AES256-SHA (256/256 bits) smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 25000000 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-AUTH PLAIN LOGIN smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: Unverified: subject_CN=cs.columbia.edu, issuer=Equifax Secure Global eBusiness CA-1 smtp-finger: Server session id: 8EA8B66A9DCCA0903BF75B7FC71316CE201330A0B1B09114FB6BE15E25AA9827 smtp-finger: Common Name: cs.columbia.edu: matched --- Certificate chain 0 s:/C=US/O=cs.columbia.edu/OU=https://services.choicepoint.net/get.jsp?GT13222205/OU=See www.geotrust.com/quickssl/cps (c)04/OU=Domain Control Validated - This is a GeoTrust QuickSSL Premium(R) Certificate/CN=cs.columbia.edu i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 smtp-finger: Connected to ober.cs.columbia.edu[128.59.18.100]:25 smtp-finger: < 220 ober.cs.columbia.edu ESMTP Sendmail (8.12.10/22/jtt/sed/ib42) is thrilled to serve you at Sat, 13 Jan 2007 13:27:14 -0500 (EST). smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-ober.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 25000000 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-STARTTLS smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: > STARTTLS smtp-finger: < 220 2.0.0 Ready to start TLS smtp-finger: certificate verification failed for ober.cs.columbia.edu[128.59.18.100]:25: untrusted issuer /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 smtp-finger: TLSv1 connection to ober.cs.columbia.edu(ober.cs.columbia.edu[128.59.18.100]:25) with cipher DHE-RSA-AES256-SHA (256/256 bits) smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-ober.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 25000000 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-AUTH PLAIN LOGIN smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: Unverified: subject_CN=ober.cs.columbia.edu, issuer=Equifax Secure Global eBusiness CA-1 smtp-finger: Server session id: BD13DB29EA51632C6AA3B32CD2418E468DE27FF24FD1E2DDAF41E8F9C0D127A3 smtp-finger: Common Name: ober.cs.columbia.edu: matched --- Certificate chain 0 s:/C=US/O=ober.cs.columbia.edu/OU=https://services.choicepoint.net/get.jsp?GT54350519/OU=See www.geotrust.com/quickssl/cps (c)04/OU=Domain Control Validated - This is a GeoTrust QuickSSL Premium(R) Certificate/CN=ober.cs.columbia.edu i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 smtp-finger: Connected to opus.cs.columbia.edu[128.59.20.100]:25 smtp-finger: < 220 opus.cs.columbia.edu ESMTP Sendmail (8.12.10/22/jtt/sed/ib42) is thrilled to serve you at Sat, 13 Jan 2007 13:27:19 -0500 (EST). smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-opus.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 25000000 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-STARTTLS smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: > STARTTLS smtp-finger: < 220 2.0.0 Ready to start TLS smtp-finger: certificate verification failed for opus.cs.columbia.edu[128.59.20.100]:25: untrusted issuer /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 smtp-finger: TLSv1 connection to opus.cs.columbia.edu(opus.cs.columbia.edu[128.59.20.100]:25) with cipher DHE-RSA-AES256-SHA (256/256 bits) smtp-finger: > EHLO amnesiac.ms.com smtp-finger: < 250-opus.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1], pleased to meet you smtp-finger: < 250-ENHANCEDSTATUSCODES smtp-finger: < 250-PIPELINING smtp-finger: < 250-EXPN smtp-finger: < 250-VERB smtp-finger: < 250-8BITMIME smtp-finger: < 250-SIZE 25000000 smtp-finger: < 250-DSN smtp-finger: < 250-ETRN smtp-finger: < 250-AUTH PLAIN LOGIN smtp-finger: < 250-DELIVERBY smtp-finger: < 250 HELP smtp-finger: Unverified: subject_CN=opus.cs.columbia.edu, issuer=Equifax Secure Global eBusiness CA-1 smtp-finger: Server session id: 66B95E48EF282B6D96E87D317E17822417AED06377ECCA2300B3ECF09E19E10A smtp-finger: Common Name: opus.cs.columbia.edu: matched --- Certificate chain 0 s:/C=US/O=opus.cs.columbia.edu/OU=https://services.choicepoint.net/get.jsp?GT85845534/OU=See www.geotrust.com/quickssl/cps (c)04/OU=Domain Control Validated - This is a GeoTrust QuickSSL Premium(R) Certificate/CN=opus.cs.columbia.edu i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1 -- Viktor. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]