proposed text for crypto-policies in Packaging Guidelines
Eric H. Christensen
sparks at fedoraproject.org
Fri Aug 8 13:44:40 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Fri, Aug 08, 2014 at 03:36:51PM +0200, Reindl Harald wrote:
>
> Am 08.08.2014 um 15:21 schrieb Nikos Mavrogiannopoulos:
> > Postfix is a different kind of beast though. It does not typically use
> > TLS, but uses some kind of opportunistic security that allows anonymous
> > ciphersuites. So it's a bit hard to enforce anything there, as
> > man-in-the-middle attacks are possible by design
>
> and keep in mind in case of opportunistic TLS if you restrict
> ciphers and the SMTP client don't support what you offer it
> falls back to completly plaintext which defeats the intention
Falling back to an insecure cipher only provides a false sense of security which isn't any better than plaintext.
- -- Eric
- --------------------------------------------------
Eric "Sparks" Christensen
Red Hat, Inc - Product Security
sparks at redhat.com - sparks at fedoraproject.org
097C 82C3 52DF C64A 50C2 E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQGcBAEBCgAGBQJT5NRCAAoJEB/kgVGp2CYvfkwL+gL275nmp59R5YdmRUmqgZ7Q
9iNuTuAtNN6euY4llznWjiqHSTeoy6/A8821R2vCEBZQG0G0bq1ZXDJDsLoODkH3
13O57z4PcXaRNC6IjGATAvsX39ca2xlsmW1hrDS+15UEQRmkuuZ304DlydatqUIz
5LrEyUd3FkHbBaUmAHXK5BFEGtC7b+lOPwe+gDW1GAPkz89qwoKn8PSXVOwyyZLo
xAyQ1J2A4LgLI6Utl1fQk8sYgY7Ro6oD8Bmr5IDf17I62lstnV3tJazqkXT0gJWL
Mwf+IZIRJgAcLU7af/S6vsrkK+skgiVWoHE14C4hvpYvVAnKeabTleq1POmSZbAL
Nqk/Qk764AmZqZWab+ZUuuobtBcv63kJRCnwgL8K300fEtaNXJYBju5wZbgPiIKA
BOTXydbZsA9nV+CUuD1tdtK/7RU+vWecYWCoUKidFJ7tCV3b/u2CSW3HnrbdEygM
kOXBa7Q/sOEbB04WSAQC1QS4pa1r+KfymhWCiAb91g==
=N05U
-----END PGP SIGNATURE-----
More information about the security
mailing list