[Security] S2S Leap of faith w/ SASL EXTERNAL

David Banes david at banes.org
Thu Nov 18 17:01:09 CST 2010


If we had an Internet Hall of Fame I'd nominate Dave for a place on the wall :)

On 19/11/2010, at 9:57 AM, Dave Cridland wrote:

> On Thu Nov 18 00:51:26 2010, Kim Alvefur wrote:
>> Imagine a server with a self signed certificate. When your server
>> connects to it, it of course would't trust the cert enough to do SASL
>> EXTERNAL, so it falls back to dialback. If dialback is successfully done
>> a few times, while the server presents the same cert, automatically pin
>> it and allow SASL EXTERNAL the next time.
> 
> Actually, just doing leap-of-faith the first time is sufficient.
> 
> You're allowing full dialback as authentication anyway, so in practise, this isn't losing you any security, whereas by having to build trust in a server, you're providing a larger window for an attacker to disrupt.
> 
> It's also, of course, not gaining any security - it is gaining optimization, but at the risk that an attacker can disrupt, and takeover, a server if he times it *just* so. (Or, if your LoF certificate store isn't persistent and he figures out how to crash your server).
> 
> Dave.
> -- 
> Dave Cridland - mailto:dave at cridland.net - xmpp:dwd at dave.cridland.net
> - acap://acap.dave.cridland.net/byowner/user/dwd/bookmarks/
> - http://dave.cridland.net/
> Infotrope Polymer - ACAP, IMAP, ESMTP, and Lemonade

--------------------------------------------------------------------------------------------------------
Email Filtering by Cleartext a Carbon Minimised company - www.cleartext.com
--------------------------------------------------------------------------------------------------------


More information about the Security mailing list