If I read this correctly, starttls will fail due to the MITM attack. That is the client knows security has been compromised. Using SSL/TLS, the MITM can use SSL stripping. Since most Postifx conf use "may" for security, the message would go though unencrypted. Correct???
Is there something to enable for perfect forward security with starttls?
Original Message From: s.arcus@open-t.co.uk Sent: August 21, 2017 3:07 PM To: dovecot@dovecot.org Reply-to: dovecot@dovecot.org Subject: Re: pop 110/995, imap 143/993 ?
On 21/08/17 22:18, Joseph Tam wrote:
Lest anyone think STARTTLS MITM doesn't happen,
https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-comm...
Not only for security, I prefer port 993/995 as it's just plain simpler to initiate SSL from the get-go rather than to do some handshaking that gets you to the same point.
Frankly, after reading the above link and some more info on the internet on the subject, I am now wondering why do we bother at all with STARTTLS for imap, pop3 and even smtp (and by the way, port 465 for SMTP + SSL/TLS *is* indeed deprecated officially)? It would appear that STARTTLS is significantly more vulnerable to MITM attacks than plain SSL/TLS for all the above protocols. Is the slight extra convenience of opportunistic encryption really worth the substantial loss in security?