Changes between Version 1 and Version 2 of Ticket #10836, comment 14


Ignore:
Timestamp:
Feb 12, 2014, 4:45:40 PM (5 years ago)
Author:
ben
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #10836, comment 14

    v1 v2  
    55> Don't check DNS MX records for mail configurations. This may need some rethinking for DNSSEC.
    66
    7 Likewise, this will break **all** hosted domains, even those hosters in the ISPDB, and a number of vanity domains (@iamcool.com etc.). I know it sounds weak security-wise, but the attack surface is reduced significantly by the fact that Mozilla's server makes the MX lookup, and the result comes via HTTPS. (If Mozilla ever implements arbitrary DNS lookups, we could do both and compare the two results.)
     7Likewise, this will break **all** hosted domains, even hosters in the ISPDB, and a number of vanity domains (@iamcool.com etc.). I know it sounds weak security-wise, but the attack surface is reduced significantly by the fact that Mozilla's server makes the MX lookup, and the result comes via HTTPS. (If Mozilla ever implements arbitrary DNS lookups, we could do both and compare the two results.)
    88
    99I don't hope for DNSSEC anymore. (Very broken concepts in the spec, which hinders deployment.)
     
    1111> A successful attack would require a certificate for a hostname under the domain of the email address (since we only fetch/send emails via SSL/STARTTLS).
    1212
    13 Note that many states, including China, Spain etc., have root CAs. These CAs not just in the country, they are directly for parts of the state. I guess that's a broader discussion and we secure one point at a time. Just wanted to point this out.
     13Many states, including China, Spain etc., have root CAs. These CAs are not just in the country, they are directly parts of the state. That said, that's a broader discussion and we need to secure one point at a time. Just wanted to point this out.
    1414
    15 > I realized that autoconfig xml files can be used for more than just mailserver hostnames and ports/protocols, I'll look at it [2] in more detail to assess if that
    16 opens any new attack vectors. Ben, is [2] up to date? ​https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat
     15> I realized that autoconfig xml files can be used for more than just mailserver hostnames and ports/protocols, I'll look at it [2] in more detail to assess if that opens any new attack vectors. Ben, is [2] up to date? ​https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat
    1716
    1817It should be. (If not, please tell me.) In some parts it's even ahead of the implementation, for example: The spec considers LDAP configuration for the future, but Thunderbird currently only configures mail accounts this way.