On 8/3/22 6:51 PM, Jarland Donnell via mailop wrote:
I cannot believe that I am in a mailing list full of professional admins that is universally speaking up on this topic to ONLY state that there is zero merit to a best security practice of disallowing insecure SSL protocols and ciphers for communication between servers.
FLAG ON THE PLAY!!! I believe that is an unfair and unnecessary over simplification.
It is definitely not a universal opinion.I suspect that this thread is at least enough of a sampling to question the veracity of your previous statement; "a pretty big and well respected security practice to consider plain text to be more secure than insecure SSL".
Multiple have stated that disabling insecure TLS protocols can be a good thing. Many have said that doing so may be problematic. I have personally stated that it's laudable to try to reach for better standards. None of that equates / simplifies to "zero merit to a (supposed) best security practice of disallowing insecure SSL protocols and ciphers for communication between servers.".
I took the liberty to add supposed to that quote because I have yet to see any evidence of "a pretty big" or "well respected" practice when it "consider plain text to be more secure than insecure SSL" in the context of SMTP. I'll even go so far as to include IMAP and POP3 in that list.
I absolutely believe that there is merit to disabling older TLS protocols / cypher suites /if/ /you/ /can/. Meaning /if/ /your/ /situation/ /allows/.
I strongly suspect that everybody on this mailing list has received at least one managerial directive that dictates we do the exact opposite of what we think is technically the best thing to do. But almost all of us will do what we are directed to do.
I believe that most will agree that the PROs for disabling the old TLS protocols and cipher suites are quite appealing. However I strongly suspect that many of us will agree that the CONs are more massive. As such it's a matter balancing the PROs and CONs for each situation.
Aside: I have long been an advocate for practicing what you preach. So with that in mind, please tell us about the PROs and lack of CONs that you've experienced in disabling older TLS protocols / old cypher suites on /your/ mail server Jarland. -- I genuinely would like to learn from your experience.
Yes, there is some snark there. But there is /more/ curiosity and desire to learn from your experience than there is snark.
I'd be torn a new one and have a reddit thread ripping into me for the mere suggestion of what seems to be universal agreement here (assuming from lack of diversity of opinion).
As stated above, it is /not/ *universal* agreement.
Either allowing an end user to negotiate a secure connection, to which their software absolutely acknowledges it as a secure connection, is either sane or it isn't. Ignore the protocol. Ignore the software. Either it's sane to shake hands and agree that a connection is secure, when it isn't, or it's not.
I think that you're getting so far into software / user interface design and user experience that it's so far removed from the original intent of this thread as to be non-germane.
Allowing the end user to negotiate a secure connection is perfectly sane.But what is "a secure connection"? Similarly what isn't a secure connection? What is your answer for /today/? What is your answer for /next/ /month/, or /next/ /year/, or how about /next/ /decade/? Similarly, what was your answer /a/ /decade/ /ago/?
Eudora from '98 will happily negotiate what it thinks is a secure connection with Sendmail from '00. Was Eudora wrong then? Is it wrong now? It still thinks that it is using the best possible options that it knows about. -- Should we fault Eudora's programmers for not supporting a standard that hadn't been developed yet?
And why are the people on this mailing list so scared to let things fall back to plain text?
I have yet to see why sending anything as plain text is /better/ than sending it as /cyphertext/, independent of what the cypher is. -- I will say that I'm focusing on things that are *encrypted* /with/ /a/ /key/. Meaning that simple /encoding/ is out of scope.
It's still how surely the vast majority of email is done.
Almost /all/ of the SMTP connections that passes through my server are encrypted. Proportionally, very few of them are unencrypted.
If we're agreeing that insecure SSL is sane and that it's safe as long as the two servers trust each other,
That's not what is being said. What /is/ being said is that /older/ /TLS/ / /weaker/ /ciphers/ /are/ *BETTER* /than/ /plain/ /text/.
Full stop. Cypher text off any form is *BETTER* than cleartext. You want the *best* cypher algorithms /that/ /you/ /can/ /use/.It's just that many of the SMTP servers on the Internet don't / won't -- which doesn't matter much -- support TLS 1.2.
completely ignoring upstreams in between as seems to be the agreed upon philosophy in this discussion, then there's no harm in them transmitting to each other in plain text.
Seeing as how the foundation to your conditional is wrong, your outcome is equally wrong.
I re-iterate: Cypher text off any form is *BETTER* than cleartext.
If there's no one listening in that can capture plain text traffic and compromise your security, then there's no harm in plain text SMTP transactions.
That's an individual postmaster's choice. I would /strongly/ /suggest/ and *advocate* *for* *encryption* of some form.
If there is ANY danger of those things at all, then the false sense of security by acknowledging a secure transaction using insecure protocols/ciphers is at best equivalent. To walk away feeling better about an exploitable packet than a plain text packet doesn't make sense, either the information transmitted is secure or it isn't. If it isn't transmitted using a secure protocol/cipher, then it isn't secure. If you wouldn't transmit it over plain text but you would transmit it over TLS 1.0, your logic is simply not justifiable.
I do not agree with nor accept that paragraph.Perhaps you are getting hung up on "false sense of security". -- I personally do not think that TLS 1.2 is /secure/. I think that it's entirely possible for people with sufficient motivation to defeat it. Be it with super computers or intimidation.
But I do think that even the venerable TLS 1.0 is /better/ than no encryption at all.
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
