18 Jan
2022
18 Jan
'22
10:59 a.m.
Hi
We have been looking a bit into JA3 (https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-2473... https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-2473... and https://blog.squarelemon.com/tls-fingerprinting/ https://blog.squarelemon.com/tls-fingerprinting/ ) for possible threat actor identifications. Roughly speaking you can think of JA3 as the TLS equivalent of the User-Agent string.
Has anybody been looking into the possibility of building an open source dovecot JA3 plugin? I’d also like to hear the technical pros/cons of doing so…and perhaps the ethical deliberations also :-)
Kind Regards, Sidsel