Recently on the NANOG list, there was discussion going on about IPv6 and e-mail, and it slightly diverged into SMTP TLS. After some off-list discussion about SMTP level security and what a Debian system will do on a default install, I've made some observations I'd like to share.
- The default install of Debian unstable with EXIM4 will have TLS support enabled by default thanks to the options in /etc/exim4/conf.d/main - its not the most optimal setup, but it will work for basic TLS support.
- SMTP TLS security can't really easily be compared to HTTP SSL/TLS security. When you browse to a HTTPS website, its an entirely interactive process, which gives you a chance to see the certificate in question and respond. In an SMTP TLS session, its done entirely by the MTA in an automated matter
- Depending on TLS to give security, authentication, and reliability to SMTP is a long, and probably fruitless process. Unless you are going to refuse connections to every server which you can't verify their certificate or which doesn't have a certificate, you aren't really solving anything. In tests, I've yet to have a system refuse to talk to my SMTP server because its using a self signed certificate.
- TLS will provide wire level security when talking to another mail server - however, your message will most likely be stored plain text on the sending server, receiving server, and places in between, including the MUA, completely defeating the purpose of keeping the contents of the message secret. PGP/GPG is the proper answer to the message security issue.
Given how easy its been for people in the past to get valid but fake certs from Verisign and similar companies, is dependng on TLS/SSL certificates to guarantee the identity of the person you are communicating with really such a great idea?