Gary <lists at lazygranch.com> writes:
> If I read this correctly, starttls will fail due to the MITM attack.
> That is the client knows security has been compromised.
I'm not sure what you man by "fail". STARTTLS is prone to MITM
attacks
if a client has not been configured to refuse non-STARTTLS/SSL sessions.
For clients that will allow both secured and plaintext session (like
most MTAs), an attacker can strip out the server's STARTTLS capability
declaration and fool the client into using an unencrypted session.
> Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf
> use "may" for security, the message would go though unencrypted.
> Correct???
If it's what I described above, then yes.
> Is there something to enable for perfect forward security with starttls?
PFS is enabled using a particular choice of encryption algorithms (in
particular, use of ephememeral keys algorithms like ECDHE-*), but this
happens after SSL initiaton, whether by STARTTLS, or by connection to
SSL ports.
Joseph Tam <jtam.home at gmail.com>