 |
| [Kids say the darndest things...] |
1. Meeting invitations with all details included
Never a good idea, just like sending username & password in the same unencrypted message in any type of channel would usually be considered a bad idea. By e-mail or by using Outlook calendar - same thing. The sheer amount of people who can actually access such meeting details within any corporate Microsoft Exchange environment is overwhelming. Chances of a bad apple within the organisations, their external mail providers or others: 100% (perhaps that's just me being paranoid, but...)
2. Telephone conferencing solutions
A minimum requirement would be having a solution where an administrator can see all connected numbers, individually mute, kick and block numbers. Additionally a minimum configuration should include disabling the ability for any attendees to listen in or talk to each other before the administrator starts the conference call, after verifying all attending phone numbers and then locking it for additional participants. Yes, I'm planning a blog post on this topic separately. It seems not all providers are able to do even something as basic as this in their solutions....
3. STARTTLS (RFC3207) support
Go read the RFC, or the easier wikipedia article on STARTTLS. I'm even in the reference list there, as well as for the "Email privacy" article. It's pretty easy to implement, and it will prevent at least the most basic forms of network eavesdropping against plaintext transmissions, like regular SMTP. Based on the posting to pastebin, I looked up the MX records of the mail recipients to check for STARTTLS support at their mail gateways. Compared to "The state of SSL on the Internet" by Ivan Ristic, the state of STARTTLS seems to be the dark side of SSL on the Internet.
Here are the results from the 60 seconds check for STARTTLS support at FBI, Met Police in the UK, EUROPOL and others, as listed in the pastebin data. I've highlighted in RED and BLUE some of the easier things.
-----
Testing SSL server mail.ic.fbi.gov on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on mail.ic.fbi.gov port 25 did not appear to support STARTTLS.
Testing SSL server mail3.met.police.uk on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on mail3.met.police.uk port 25 did not appear to support STARTTLS.
Testing SSL server mail4.met.police.uk on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on mail4.met.police.uk port 25 did not appear to support STARTTLS.
Testing SSL server mxbackup.uk.cw.net on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on mxbackup.uk.cw.net port 25 did not appear to support STARTTLS.
Testing SSL server pnn-gw.pnn.police.uk on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on pnn-gw.pnn.police.uk port 25 did not appear to support STARTTLS.
Testing SSL server mail.garda.ie on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on mail.garda.ie port 25 did not appear to support STARTTLS.
Testing SSL server pochta3.nhtcu.nl on port 25
Supported Server Cipher(s):
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits ADH-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits ADH-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits ADH-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits ADH-RC4-MD5
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1 56 bits ADH-DES-CBC-SHA
Accepted TLSv1 56 bits DES-CBC-SHA
Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-ADH-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1 40 bits EXP-ADH-RC4-MD5
Accepted TLSv1 40 bits EXP-RC4-MD5
Prefered Server Cipher(s):
TLSv1 256 bits DHE-RSA-AES256-SHA
SSL Certificate:
Version: 0
Serial Number: -12920724846010265987
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=NL/ST=Utrecht/O=NHTCU/CN=pochta2
Not valid before: Jan 13 10:45:36 2010 GMT
Not valid after: Jan 11 10:45:36 2020 GMT
Subject: /C=NL/ST=Utrecht/O=NHTCU/CN=pochta2
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:dd:0a:1f:ee:21:ab:1e:e8:d8:7a:87:9a:38:3c:
06:20:f9:b1:8a:0f:09:93:40:f3:c4:4c:e0:7b:67:
c6:d8:a7:e6:03:71:45:a7:24:bd:ad:2f:50:c3:7d:
05:c2:2f:24:f5:bf:36:dc:51:5b:b4:e9:c1:76:bd:
4e:34:b4:ec:86:e4:a7:80:c8:6a:14:2b:ce:73:a3:
32:b0:f9:11:3b:8d:4a:96:ff:19:c1:32:40:4d:37:
1b:ef:f7:5a:51:0f:ef:69:e7:3d:46:d8:15:41:5f:
77:8a:34:75:77:65:3e:b2:92:e8:3b:b2:1c:14:02:
d5:fb:fe:96:db:9b:55:0c:d5
Exponent: 65537 (0x10001)
Verify Certificate:
self signed certificate
Testing SSL server pochta4.nhtcu.nl on port 25
Supported Server Cipher(s):
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits ADH-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits ADH-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits ADH-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits ADH-RC4-MD5
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1 56 bits ADH-DES-CBC-SHA
Accepted TLSv1 56 bits DES-CBC-SHA
Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-ADH-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1 40 bits EXP-ADH-RC4-MD5
Accepted TLSv1 40 bits EXP-RC4-MD5
Prefered Server Cipher(s):
TLSv1 256 bits DHE-RSA-AES256-SHA
SSL Certificate:
Version: 0
Serial Number: -18351820590030763555
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=NL/ST=Utrecht/O=NHTCU/CN=pochta1
Not valid before: Jan 13 10:33:04 2010 GMT
Not valid after: Jan 11 10:33:04 2020 GMT
Subject: /C=NL/ST=Utrecht/O=NHTCU/CN=pochta1
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:a9:d8:17:e2:96:5f:90:3c:e6:d1:e8:21:5b:2d:
cb:11:e5:0d:bd:c0:c2:bc:99:85:5f:e8:95:be:33:
f1:83:eb:c7:17:03:39:a7:c1:ad:13:e1:37:90:5d:
d8:a8:4c:8c:28:8e:86:5e:93:1f:87:06:98:f6:7b:
2f:9b:51:15:d0:34:66:ad:d7:85:c1:01:56:da:65:
a2:fe:33:c5:b0:b8:4f:6c:32:8f:e4:e1:0a:b9:ea:
37:f8:d9:a0:05:c9:43:3d:eb:b0:5e:48:3f:3f:19:
c6:59:d2:e8:4e:ea:a0:39:db:81:ab:75:93:ae:e6:
9b:9d:56:b4:66:8a:8b:e1:79
Exponent: 65537 (0x10001)
Verify Certificate:
self signed certificate
Testing SSL server tigre.interieur.gouv.fr on port 25
Supported Server Cipher(s):
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits ADH-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits ADH-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits ADH-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 128 bits ADH-RC4-MD5
Accepted TLSv1 128 bits RC4-SHA
Accepted TLSv1 128 bits RC4-MD5
Accepted TLSv1 56 bits EDH-RSA-DES-CBC-SHA
Accepted TLSv1 56 bits ADH-DES-CBC-SHA
Accepted TLSv1 56 bits DES-CBC-SHA
Accepted TLSv1 40 bits EXP-EDH-RSA-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-ADH-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-DES-CBC-SHA
Accepted TLSv1 40 bits EXP-RC2-CBC-MD5
Accepted TLSv1 40 bits EXP-ADH-RC4-MD5
Accepted TLSv1 40 bits EXP-RC4-MD5
Prefered Server Cipher(s):
TLSv1 256 bits DHE-RSA-AES256-SHA
SSL Certificate:
Version: 0
Serial Number: -9822045462768659921
Signature Algorithm: sha1WithRSAEncryption
Issuer: /CN=srvnat.messagerie.si.mi
Not valid before: Jan 6 15:01:21 2010 GMT
Not valid after: Jan 4 15:01:21 2020 GMT
Subject: /CN=srvnat.messagerie.si.mi
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Public-Key: (1024 bit)
Modulus:
00:b1:30:c6:1e:c9:09:ba:62:b7:33:96:f9:77:1d:
08:03:59:1d:8d:33:56:1e:98:6b:73:a0:b3:b6:b8:
5f:26:6a:b6:81:ee:e6:52:cc:42:c9:b5:dc:14:a9:
eb:3d:f2:fd:c6:b5:46:c5:c9:67:80:de:37:81:1c:
d9:dd:89:3e:5c:30:40:c4:e2:17:ea:0d:b1:ca:bc:
72:aa:eb:88:05:f2:62:f3:ac:0e:6d:a8:8c:8d:6b:
d5:c3:2a:11:6a:96:ee:40:ee:51:af:20:f5:55:c9:
0c:01:d5:5c:1a:ab:b0:02:93:18:80:58:17:1b:b9:
46:23:91:86:e0:4b:cc:9e:19
Exponent: 65537 (0x10001)
Verify Certificate:
self signed certificate
Testing SSL server smtp.ts-businessmail.de on port 25
Supported Server Cipher(s):
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits AES128-SHA
Prefered Server Cipher(s):
TLSv1 256 bits AES256-SHA
SSL Certificate:
Version: 2
Serial Number: 2873958537406232085
Signature Algorithm: sha1WithRSAEncryption
Issuer: /C=DE/O=T-Systems International GmbH/OU=Trust Center Services/CN=TeleSec ServerPass CA 1
Not valid before: Oct 4 09:38:53 2011 GMT
Not valid after: Oct 9 23:59:59 2014 GMT
Subject: /C=DE/O=T-Systems International GmbH/OU=Managed AntiSpam Service/ST=SH/L=Kiel/CN=secure05.t-systems.com
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Public-Key: (2048 bit)
Modulus:
00:ea:78:d6:88:85:1d:13:c1:0a:dd:46:05:f7:20:
a5:aa:e3:09:5a:88:3f:5d:5f:2c:c4:a6:88:51:53:
97:7f:a8:49:59:5b:3e:e4:69:de:88:03:73:2b:8a:
b3:3b:47:22:2d:e5:55:85:c3:81:2e:32:72:db:cc:
28:85:72:e1:63:e2:f4:b5:30:34:f9:8c:3e:22:5c:
00:39:d1:de:ce:d6:dd:5c:bd:09:b6:23:a7:8d:4f:
a4:0c:46:fc:5a:83:8f:9c:87:7e:44:36:9c:48:3d:
7e:3e:f8:5c:f5:39:55:5a:de:8e:af:39:aa:8f:b8:
26:9d:38:13:48:fd:96:dd:45:c7:70:4d:10:90:03:
30:c1:3d:e8:d2:1d:0a:2d:09:5a:2a:a9:1e:15:f3:
45:23:5a:5b:33:5d:8d:f8:65:d0:20:40:98:dc:90:
6b:73:b0:7c:5c:55:c7:24:4b:45:9f:ec:66:40:cd:
80:37:33:72:bc:37:30:38:0d:05:29:87:d6:d2:48:
ee:b5:b6:8b:7e:e0:b6:cb:46:29:e2:81:40:15:f2:
71:55:bd:ad:92:23:7f:ea:29:af:f3:e5:2c:9c:09:
27:cc:51:94:d6:7e:bd:43:34:6b:1c:c9:e6:8d:e9:
cd:f2:ca:be:94:a6:1f:f7:62:c4:ae:95:b6:60:3e:
80:07
Exponent: 65537 (0x10001)
X509v3 Extensions:
X509v3 Authority Key Identifier:
keyid:33:DC:9E:96:EC:D8:E8:35:1F:6D:90:1B:0B:38:A4:AF:74:1B:C6:58
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Subject Key Identifier:
F9:62:F5:21:81:74:1F:43:EC:3B:00:A8:0B:32:CD:93:F6:D9:A1:F7
X509v3 Certificate Policies:
Policy: 1.3.6.1.4.1.7879.13.2
CPS: http://www.telesec.de/serverpass/cps.html
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.serverpass.telesec.de/rl/TeleSec_ServerPass_CA_1.crl
Full Name:
URI:ldap://ldap.serverpass.telesec.de/cn=TeleSec%20ServerPass%20CA%201,ou=Trust%20Center%20Services,o=T-Systems%20International%20GmbH,c=de?certificateRevocationlist?base?certificateRevocationlist=*
Authority Information Access:
OCSP - URI:http://ocsp.serverpass.telesec.de/ocspr
CA Issuers - URI:http://crl.serverpass.telesec.de/crt/TeleSec_ServerPass_CA_1.cer
CA Issuers - URI:ldap://ldap.serverpass.telesec.de/cn=TeleSec%20ServerPass%20CA%201,ou=Trust%20Center%20Services,o=T-Systems%20International%20GmbH,c=de?cACertificate
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Alternative Name:
DNS:secure05.t-systems.com
Verify Certificate:
self signed certificate in certificate chain
Testing SSL server mail.telia.com on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on mail.telia.com port 25 did not appear to support STARTTLS.
Testing SSL server m2.europol.europa.eu on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on m2.europol.europa.eu port 25 did not appear to support STARTTLS.
Testing SSL server m1.europol.europa.eu on port 25
Supported Server Cipher(s):
ERROR: The SMTP service on m1.europol.europa.eu port 25 did not appear to support STARTTLS.
Implementing support for STARTTLS shouldn't be very difficult or costly for most organizations. Very disappointed Microsoft haven't implemented it.
ReplyDeleteJust a short question, would you consider using self-signed certificates as "good enough"?
Nice post, thanks. You color coded 40 bits ciphers as RED, as if to say this is bad. While disabling low grade ciphers of TLS connections that do not have a plain text fall-back is a best practice, it makes no sense for SMTP. When you disable low grade ciphers, and a client would only offer low grade ciphers in the TLS handshake, the handshake will fail. The SMTP client will then offer the data unencrypted. So by not accepting low grade ciphers you have made the connection much more insecure. I've rather have a 40 bit TLS connection than no TLS at all.
ReplyDeleteNot all best practices you are familiar with from HTTPS apply to SMTPS.
Self-signed certificates will in most cases give you encryption. However I have come across one provider (back in 2009 I think) that required TTP certificates as well as certain algorithms and keylengths, AND that the certificate came from a narrow list of certificate providers (approx 30 from more than a hundred at that time, if I remember correctly). To top it off: if you wanted to do STARTTLS both ways with them, they required a signature on a written agreement. "If we're doing this, we'll do it properly".
ReplyDeleteThx RichieB! Yes, I color coded them RED. Perhaps I should have done orange or something, and partially I do agree with you. I'm just a little worried that allowing "everything" will mean default configurations, and I'd rather see things done "properly" than just implementing default. Default is bad.
Nothing wrong with self-signed certificates, at least when a proper CA environment is in place. Imho the it is more reliable then putting user trust in a commercial CA which have a reputation of being compromised due to very weak IT and auditing.
ReplyDeletePer: I can argue that for SMTP default TLS (even with self-signed certificates) is better than no TLS at all. At least you'll get some encryption instead of none. But I agree: when adding any features, a deliberate choice of configuration is better than just using defaults because they are the default.
ReplyDeleteHehe. Calling a truce here RichieB! I guess we're on the same page on this, we want STARTTLS, and we want it done properly.
ReplyDelete