Re: bits of encryption

[Juri Haberland]

On 13.11.2016 07:55, li...@lazygranch.com wrote:
> On Sun, 13 Nov 2016 01:43:17 -0500
> "Bill Cole"  wrote:
> > 
>> If the NSA/GCHQ capturing all of your SMTP traffic and saving it for 
>> hypothetical future decryption is a realistic and significant
>> scenario in your threat model, you should reconsider your use of
>> email.
>> 
> 
> I'm in the USA and getting ready for life post Jan 20, 2017. It is very
> likely the NSA will be after my email. 
> 
> I'll just try the tips in 
> https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/
> 
> They're just lines in a configure file. Save the old file and you back
> to where you were. 

Just go with the tips from BetterCrypto.org - as the site above suggests, too.

  Juri

Re: bits of encryption

[li...@lazygranch.com]

On Sun, 13 Nov 2016 01:43:17 -0500
"Bill Cole"  wrote:
 
> If the NSA/GCHQ capturing all of your SMTP traffic and saving it for 
> hypothetical future decryption is a realistic and significant
> scenario in your threat model, you should reconsider your use of
> email.
> 

I'm in the USA and getting ready for life post Jan 20, 2017. It is very
likely the NSA will be after my email. 

I'll just try the tips in 
https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/

They're just lines in a configure file. Save the old file and you back
to where you were. 

Re: bits of encryption

[Bill Cole]

On 12 Nov 2016, at 18:59, li...@lazygranch.com wrote:


# postconf tls_high_cipherlist
tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
verified

Assuming the default "high" setting is sufficient, why wouldn't I 
change

this parameter to high rather than medium.

postconf smtpd_tls_mandatory_ciphers
smtpd_tls_mandatory_ciphers = medium


Because if you set it to 'high' then you will be unable to negotiate ANY 
encryption with some senders, and they will either fall back to sending 
in cleartext or they will keep trying to negotiate TLS sessions with 
you, fail, and retry until their queue timeout has passed. With the 
default 'medium' setting, you still use the (probably) stronger 
ciphersuites when possible, so using 'medium' only switches some 
sessions from cleartext to encrypted and some others from slow failure 
to normal success.


The difference between "high" and "medium" ciphersuites is roughly the 
difference between whether the NSA/GCHQ will be able to crack your SMTP 
sessions in 10 years or >20 years, assuming that they are capturing and 
archiving it today. Unless you have "smtpd_tls_security_level=encrypt" 
in your config, most of the SMTP sessions that could use the 'medium' 
ciphersuites would end up running in the clear, so the practical 
difference is between readable in realtime with 'high' and readable 
(maybe) many years from now with 'medium'.


If the NSA/GCHQ capturing all of your SMTP traffic and saving it for 
hypothetical future decryption is a realistic and significant scenario 
in your threat model, you should reconsider your use of email.



Actually
smtp_tls_mandatory_protocols = high, !SSLv2, !SSLv3

since I excluded sslv2 and v3 after drown.


What makes you think "high" is a valid token for that parameter or for 
its server-side equivalent analog smtpd_tls_mandatory_protocols?


Seriously: RTFM. It's pretty clear that you haven't done that or 
carefully read my messages in this thread, so I'm unlikely to waste any 
more time on it.

Re: bits of encryption

[li...@lazygranch.com]

On Sat, 12 Nov 2016 15:29:54 -0500
"Bill Cole"  wrote:

> On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote:
> 
> > On Fri, 11 Nov 2016 09:54:48 -0500
> > "Bill Cole"  wrote:  
> 
> [big snip...]
> 
> >> The bottom line (if you've made it this far...) is that the
> >> settings that involve deep encryption parameters in modern Postfix
> >> are best left at their default values unless you have very
> >> specific uncommon security needs, can accept outright insoluble
> >> breakage in place of imperfect security, and understand every
> >> sentence of the TLS_README, the relevant bits of postconf(5), and
> >> everything Viktor Dukhovni has ever written about encryption on
> >> this list.  
> >
> > My postfix setup lacks the tls_high_cipherlist parameter,  
> 
> Unlikely. It is much more likely that your postfix setup simply uses
> the default value:
> 
>   # postconf tls_high_cipherlist
>   tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
> 
> 
> 
> > as shown here:
> > https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/
> >
> > Is the advice on that link reasonable? I see the setup echoed over
> > the interwebs, but of course bad advice bounces around the internet
> > as well.  
> 
> I stand by what I said above, which I THINK answers your question. Is
> it unclear?

# postconf tls_high_cipherlist
tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH
verified

Assuming the default "high" setting is sufficient, why wouldn't I change
this parameter to high rather than medium.

postconf smtpd_tls_mandatory_ciphers
smtpd_tls_mandatory_ciphers = medium

Actually 
smtp_tls_mandatory_protocols = high, !SSLv2, !SSLv3

since I excluded sslv2 and v3 after drown.

Re: bits of encryption

[Bill Cole]

On 11 Nov 2016, at 14:31, li...@lazygranch.com wrote:


On Fri, 11 Nov 2016 09:54:48 -0500
"Bill Cole"  wrote:


[big snip...]


The bottom line (if you've made it this far...) is that the settings
that involve deep encryption parameters in modern Postfix are best
left at their default values unless you have very specific uncommon
security needs, can accept outright insoluble breakage in place of
imperfect security, and understand every sentence of the TLS_README,
the relevant bits of postconf(5), and everything Viktor Dukhovni has
ever written about encryption on this list.


My postfix setup lacks the tls_high_cipherlist parameter,


Unlikely. It is much more likely that your postfix setup simply uses the 
default value:


 # postconf tls_high_cipherlist
 tls_high_cipherlist = aNULL:-aNULL:HIGH:@STRENGTH




as shown here:
https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/

Is the advice on that link reasonable? I see the setup echoed over the
interwebs, but of course bad advice bounces around the internet as 
well.


I stand by what I said above, which I THINK answers your question. Is it 
unclear?