[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy
#10836: Enable mail account autoconfig dialog in TorBirdy
-----------------------------+-----------------
Reporter: ben | Owner: ben
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: TorBirdy | Version:
Resolution: | Keywords:
Actual Points: | Parent ID:
Points: |
-----------------------------+-----------------
Comment (by ben):
> Mailserver hostnames for the email address user@â would have to match
*.example.com. If it doesn't match we fall back to manual configuration.
I'm wondering how many email addresses would fail this test..
All hosted customer domains. I register lastname.name, and don't set up a
whole server for myself, but use shared hosting. If I also want SSL
without hostname/cert mismatch, I will always have a different email
server hostname than my email address domain.
> Don't check DNS MX records for mail configurations. This may need some
rethinking for DNSSEC.
Likewise, this will break **all** hosted domains. I know it's weak, but
this part is actually important. The attack surface is reduced by the fact
that Mozilla's server makes the MX lookup, and the result comes via HTTPS.
(If Mozilla ever implements arbitrary DNS lookups, we could do both and
compare the two results.)
I don't hope for DNSSEC anymore. (Very broken concepts in the spec, which
hinders deployment.)
> A successful attack would require a certificate for a hostname under the
domain of the email address (since we only fetch/send emails via
SSL/STARTTLS).
Note that many states, including China, Spain etc., have root CAs. These
CAs not just in the country, they are directly for parts of the state. I
guess that's a broader discussion and we secure one point at a time. Just
wanted to point this out.
> I realized that autoconfig xml files can be used for more than just
mailserver hostnames and ports/protocols, I'll look at it [2] in more
detail to assess if that
opens any new attack vectors. Ben, is [2] up to date?
âhttps://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat
It should be. (If not, please tell me.) In some parts it's even ahead of
the implementation, for example: The spec considers LDAP configuration for
the future, but Thunderbird currently only configures mail accounts this
way.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10836#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs