Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
STARTTLS Everywhere
Search
Yan!
August 05, 2014
Programming
0
310
STARTTLS Everywhere
Yan Zhu and Jacob Hoffman-Andrews. PasswordsCon 2014.
Yan!
August 05, 2014
Tweet
Share
Other Decks in Programming
See All in Programming
AI Agent 時代的開發者生存指南
eddie
0
430
Serena MCPのすすめ
wadakatu
4
1k
株式会社 Sun terras カンパニーデック
sunterras
0
310
品質ワークショップをやってみた
nealle
0
280
Server Side Kotlin Meetup vol.16: 内部動作を理解して ハイパフォーマンスなサーバサイド Kotlin アプリケーションを書こう
ternbusty
3
190
「ちょっと古いから」って避けてた技術書、今だからこそ読もう
mottyzzz
11
6.7k
Web フロントエンドエンジニアに開かれる AI Agent プロダクト開発 - Vercel AI SDK を観察して AI Agent と仲良くなろう! #FEC余熱NIGHT
izumin5210
3
530
バッチ処理を「状態の記録」から「事実の記録」へ
panda728
PRO
0
160
理論と実務のギャップを超える
eycjur
0
140
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
120
Building, Deploying, and Monitoring Ruby Web Applications with Falcon (Kaigi on Rails 2025)
ioquatix
4
2.2k
詳しくない分野でのVibe Codingで困ったことと学び/vibe-coding-in-unfamiliar-area
shibayu36
3
5k
Featured
See All Featured
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
20
1.2k
Scaling GitHub
holman
463
140k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
12
1.2k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
46
7.7k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
230
22k
Principles of Awesome APIs and How to Build Them.
keavy
127
17k
Build The Right Thing And Hit Your Dates
maggiecrowley
37
2.9k
Code Review Best Practice
trishagee
72
19k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
A better future with KSS
kneath
239
18k
The Cost Of JavaScript in 2023
addyosmani
55
9k
How STYLIGHT went responsive
nonsquared
100
5.8k
Transcript
STARTTLS Everywhere Peter Eckersley, Jacob Hoffman-Andrews, Yan Zhu Electronic Frontier
Foundation {pde, jsha,yan}@eff.org
SMTP email transmission is mostly insecure
ngrep -i password tcp port 25
None
None
Threat model 1. passive attackers 2. passive attacks w/ key
compromise 3. active attackers 4. sophisticated active attacks
Threat model 1. passive attackers turn on STARTTLS 2. passive
attacks w/ key compromise 3. active attackers 4. sophisticated active attacks
None
None
None
STARTTLS in/out of Gmail
It'd be nice to stretch that graph further back in
time https://github.com/EFForg/smtp-tls-history. git Email
[email protected]
if you'd like to run that on a large set of historical headers
2. passive attacks w/ sophisticated assistance (key theft)
What's the easiest way for eavesdroppers to read billions of
encrypted email transfers?
Session key 1 Session key 2 Session key 3 Session
key 4 Normal TLS: session keys linked to long-term private keys Sender's public key Receiver's public key
...steal the private keys Image: betty le bon
Session key 1 Session key 2 Session key 3 Session
key 4 “Perfect” Forward Secrecy: Extra crypto unbinds session keys from private keys Sender's public key Receiver's public key ECD H ECD H
How do we turn on Perfect Forward Secrecy correctly for
SMTP?
Simple answer: - support TLS v1.2 - protect against downgrade
attacks
Need a new policy mechanism to do that!
3. active network attacks
Unfortunately, active attacks are really easy...
How does SMTP-TLS work?
One side say “STARTTLS”, the other replies “STARTTLS”
None
The sender will fall back to insecure SMTP
Attackers can also “man in the middle”, speaking TLS themselves
Source: Facebook, May 2014
Threat model 1. passive attackers turn on STARTTLS 2. passive
attacks w/ key compromise 3. active attackers ??? 4. sophisticated active attacks
On the Web, we have the HSTS header for this
A quick pragmatic solution: STARTTLS Everywhere
git clone https://github.com/EFForg/starttls-everywhere.git
Main concepts: - Recipient security policy framework - Supports missing
functionality - Start with a centralized database - Multi-channel distribution
Related work DANE: fully distributed, uses DNSSEC SPF: Applies to
senders, not receivers
Scenario 1 (prototype, work in progress) git clone https://github.com/EFForg/starttls-everywhere.git #
Run our script, which does: while sleep 1d ; do git pull git tag --verify $LATEST_VERSION || exit ./MTAConfigGenerator.py --edit /etc/postfix ./FailureNotificationDaemon.py & done
Scenario 2 (common unix MTAs) apt-get install starttls-everywhere
Scenario 3 (large scale production) wget https://eff.org/starttls-everywhere/latest-db.json wget https://eff.org/starttls-everywhere/latest-db.sig gpg
--verify latest-db.sig latest-db.json || error-script MTAConfigGenerator.py latest-db.json -o mta-policy.cf your-deploy-script mta-policy.cf
Policy database is a set of JSON blobs:
// These match on the MX domain. "*.yahoodns.net": { "require-valid-certificate":
true, } "*.eff.org": { "require-tls": true, "min-tls-version": "TLSv1.1", "enforce-mode": "enforce" "accept-spki-hashes": [ "sha1/5R0zeLx7EWRxqw6HRlgCRxNLHDo=", "sha1/YlrkMlC6C4SJRZSVyRvnvoJ+8eM=" ] } "*.google.com": { "require-valid-certificate": true, "min-tls-version": "TLSv1.1", "enforce-mode": "log-only", "error-notification": "https://google.com/post/reports/here" }, } // Since the MX lookup is not secure, we list valid responses for each // address domain, to protect against DNS spoofing. "acceptable-mxs": { "yahoo.com": { "accept-mx-domains": ["*.yahoodns.net"] } "gmail.com": { "accept-mx-domains": [”*.gmail.com”, "*.google.com", ”*.googlemail.com”] # hypothetical }
demo time! https://eff.org/starttls
https://eff.org/join https://eff.org/starttls EFF depends on your support!
None