On Wed, Jan 10, 2007 at 06:31:21PM -0500, Steven M. Bellovin wrote:
> I just stumbled on a web site that strongly believes in crypto --
> *everything* on the site is protected by https. If you go there via
> http, you receive a Redirect. The site? www.cia.gov:
>
> $ telnet www.cia.gov 80
> Trying 198.81.129.100...
> Connected to www.odci.gov.
> Escape character is '^]'.
> GET / HTTP/1.0
>
> HTTP/1.0 301 Found
> Location: https://www.cia.gov/
Their public email gateways don't believe in crypto nearly as much as
cs.columbia.edu does.
$ for d in cia.gov cs.columbia.edu; do
echo; dig +sho -t mx $d | sort +0n |
tee /dev/tty |
perl -lne 'm{(\S+)\.$} && print $1' |
while read h; do echo; smtp-finger -t "[$h]" $d 2>&1 |
perl -lne 'print unless (/^-{5}BEGIN/ .. /^-{5}END/);'; done; done
5 mail2.ucia.gov.
10 mail1.ucia.gov.
smtp-finger: Connected to mail2.ucia.gov[198.81.129.148]:25
smtp-finger: < 220 mail2b.ucia.gov ESMTP
smtp-finger: > EHLO amnesiac.ms.com
smtp-finger: < 250-mail2b.ucia.gov
smtp-finger: < 250-8BITMIME
smtp-finger: < 250 SIZE 104857600
smtp-finger: Connected to mail1.ucia.gov[198.81.129.68]:25
smtp-finger: < 220 mail1a.ucia.gov ESMTP
smtp-finger: > EHLO amnesiac.ms.com
smtp-finger: < 250-mail1a.ucia.gov
smtp-finger: < 250-8BITMIME
smtp-finger: < 250 SIZE 104857600
100 cs.columbia.edu.
200 ober.cs.columbia.edu.
200 opus.cs.columbia.edu.
smtp-finger: Connected to cs.columbia.edu[128.59.16.20]:25
smtp-finger: < 220 cs.columbia.edu ESMTP Sendmail (8.12.10/22/jtt/sed/ib42)
is thrilled to serve you at Sat, 13 Jan 2007 13:27:13 -0500 (EST).
smtp-finger: > EHLO amnesiac.ms.com
smtp-finger: < 250-cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1],
pleased to meet you
smtp-finger: < 250-ENHANCEDSTATUSCODES
smtp-finger: < 250-PIPELINING
smtp-finger: < 250-EXPN
smtp-finger: < 250-VERB
smtp-finger: < 250-8BITMIME
smtp-finger: < 250-SIZE 25000000
smtp-finger: < 250-DSN
smtp-finger: < 250-ETRN
smtp-finger: < 250-STARTTLS
smtp-finger: < 250-DELIVERBY
smtp-finger: < 250 HELP
smtp-finger: > STARTTLS
smtp-finger: < 220 2.0.0 Ready to start TLS
smtp-finger: certificate verification failed for
cs.columbia.edu[128.59.16.20]:25: untrusted issuer /C=US/O=Equifax Secure
Inc./CN=Equifax Secure Global eBusiness CA-1
smtp-finger: TLSv1 connection to
cs.columbia.edu(cs.columbia.edu[128.59.16.20]:25) with cipher
DHE-RSA-AES256-SHA (256/256 bits)
smtp-finger: > EHLO amnesiac.ms.com
smtp-finger: < 250-cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1],
pleased to meet you
smtp-finger: < 250-ENHANCEDSTATUSCODES
smtp-finger: < 250-PIPELINING
smtp-finger: < 250-EXPN
smtp-finger: < 250-VERB
smtp-finger: < 250-8BITMIME
smtp-finger: < 250-SIZE 25000000
smtp-finger: < 250-DSN
smtp-finger: < 250-ETRN
smtp-finger: < 250-AUTH PLAIN LOGIN
smtp-finger: < 250-DELIVERBY
smtp-finger: < 250 HELP
smtp-finger: Unverified: subject_CN=cs.columbia.edu, issuer=Equifax Secure
Global eBusiness CA-1
smtp-finger: Server session id:
8EA8B66A9DCCA0903BF75B7FC71316CE201330A0B1B09114FB6BE15E25AA9827
smtp-finger: Common Name: cs.columbia.edu: matched
---
Certificate chain
0
s:/C=US/O=cs.columbia.edu/OU=https://services.choicepoint.net/get.jsp?GT13222205/OU=See
www.geotrust.com/quickssl/cps (c)04/OU=Domain Control Validated - This is a
GeoTrust QuickSSL Premium(R) Certificate/CN=cs.columbia.edu
i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
smtp-finger: Connected to ober.cs.columbia.edu[128.59.18.100]:25
smtp-finger: < 220 ober.cs.columbia.edu ESMTP Sendmail
(8.12.10/22/jtt/sed/ib42) is thrilled to serve you at Sat, 13 Jan 2007 13:27:14
-0500 (EST).
smtp-finger: > EHLO amnesiac.ms.com
smtp-finger: < 250-ober.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1],
pleased to meet you
smtp-finger: < 250-ENHANCEDSTATUSCODES
smtp-finger: < 250-PIPELINING
smtp-finger: < 250-EXPN
smtp-finger: < 250-VERB
smtp-finger: < 250-8BITMIME
smtp-finger: < 250-SIZE 25000000
smtp-finger: < 250-DSN
smtp-finger: < 250-ETRN
smtp-finger: < 250-STARTTLS
smtp-finger: < 250-DELIVERBY
smtp-finger: < 250 HELP
smtp-finger: > STARTTLS
smtp-finger: < 220 2.0.0 Ready to start TLS
smtp-finger: certificate verification failed for
ober.cs.columbia.edu[128.59.18.100]:25: untrusted issuer /C=US/O=Equifax Secure
Inc./CN=Equifax Secure Global eBusiness CA-1
smtp-finger: TLSv1 connection to
ober.cs.columbia.edu(ober.cs.columbia.edu[128.59.18.100]:25) with cipher
DHE-RSA-AES256-SHA (256/256 bits)
smtp-finger: > EHLO amnesiac.ms.com
smtp-finger: < 250-ober.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1],
pleased to meet you
smtp-finger: < 250-ENHANCEDSTATUSCODES
smtp-finger: < 250-PIPELINING
smtp-finger: < 250-EXPN
smtp-finger: < 250-VERB
smtp-finger: < 250-8BITMIME
smtp-finger: < 250-SIZE 25000000
smtp-finger: < 250-DSN
smtp-finger: < 250-ETRN
smtp-finger: < 250-AUTH PLAIN LOGIN
smtp-finger: < 250-DELIVERBY
smtp-finger: < 250 HELP
smtp-finger: Unverified: subject_CN=ober.cs.columbia.edu, issuer=Equifax
Secure Global eBusiness CA-1
smtp-finger: Server session id:
BD13DB29EA51632C6AA3B32CD2418E468DE27FF24FD1E2DDAF41E8F9C0D127A3
smtp-finger: Common Name: ober.cs.columbia.edu: matched
---
Certificate chain
0
s:/C=US/O=ober.cs.columbia.edu/OU=https://services.choicepoint.net/get.jsp?GT54350519/OU=See
www.geotrust.com/quickssl/cps (c)04/OU=Domain Control Validated - This is a
GeoTrust QuickSSL Premium(R) Certificate/CN=ober.cs.columbia.edu
i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
smtp-finger: Connected to opus.cs.columbia.edu[128.59.20.100]:25
smtp-finger: < 220 opus.cs.columbia.edu ESMTP Sendmail
(8.12.10/22/jtt/sed/ib42) is thrilled to serve you at Sat, 13 Jan 2007 13:27:19
-0500 (EST).
smtp-finger: > EHLO amnesiac.ms.com
smtp-finger: < 250-opus.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1],
pleased to meet you
smtp-finger: < 250-ENHANCEDSTATUSCODES
smtp-finger: < 250-PIPELINING
smtp-finger: < 250-EXPN
smtp-finger: < 250-VERB
smtp-finger: < 250-8BITMIME
smtp-finger: < 250-SIZE 25000000
smtp-finger: < 250-DSN
smtp-finger: < 250-ETRN
smtp-finger: < 250-STARTTLS
smtp-finger: < 250-DELIVERBY
smtp-finger: < 250 HELP
smtp-finger: > STARTTLS
smtp-finger: < 220 2.0.0 Ready to start TLS
smtp-finger: certificate verification failed for
opus.cs.columbia.edu[128.59.20.100]:25: untrusted issuer /C=US/O=Equifax Secure
Inc./CN=Equifax Secure Global eBusiness CA-1
smtp-finger: TLSv1 connection to
opus.cs.columbia.edu(opus.cs.columbia.edu[128.59.20.100]:25) with cipher
DHE-RSA-AES256-SHA (256/256 bits)
smtp-finger: > EHLO amnesiac.ms.com
smtp-finger: < 250-opus.cs.columbia.edu Hello amnesiac.ms.com [192.0.2.1],
pleased to meet you
smtp-finger: < 250-ENHANCEDSTATUSCODES
smtp-finger: < 250-PIPELINING
smtp-finger: < 250-EXPN
smtp-finger: < 250-VERB
smtp-finger: < 250-8BITMIME
smtp-finger: < 250-SIZE 25000000
smtp-finger: < 250-DSN
smtp-finger: < 250-ETRN
smtp-finger: < 250-AUTH PLAIN LOGIN
smtp-finger: < 250-DELIVERBY
smtp-finger: < 250 HELP
smtp-finger: Unverified: subject_CN=opus.cs.columbia.edu, issuer=Equifax
Secure Global eBusiness CA-1
smtp-finger: Server session id:
66B95E48EF282B6D96E87D317E17822417AED06377ECCA2300B3ECF09E19E10A
smtp-finger: Common Name: opus.cs.columbia.edu: matched
---
Certificate chain
0
s:/C=US/O=opus.cs.columbia.edu/OU=https://services.choicepoint.net/get.jsp?GT85845534/OU=See
www.geotrust.com/quickssl/cps (c)04/OU=Domain Control Validated - This is a
GeoTrust QuickSSL Premium(R) Certificate/CN=opus.cs.columbia.edu
i:/C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
--
Viktor.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
