# HG changeset patch # User meillo@marmaro.de # Date 1229974953 -3600 # Node ID 5c873e6478ef50aa03f2047143df34ffa500cf0c # Parent 9415e41e765e31936a1274f90c5df33a60adb1dd wrote about encryption diff -r 9415e41e765e -r 5c873e6478ef thesis/bib/websites.bib --- a/thesis/bib/websites.bib Sat Dec 20 20:51:48 2008 +0100 +++ b/thesis/bib/websites.bib Mon Dec 22 20:42:33 2008 +0100 @@ -198,6 +198,12 @@ +@misc{wikipedia:tls, + author = "Wikipedia", + title = "\emph{Transport Layer Security}", + howpublished = "On the Internet: {\small\url{http://en.wikipedia.org/w/index.php?title=Transport_Layer_Security&oldid=258890258} (2008-12-22)}", +} + diff -r 9415e41e765e -r 5c873e6478ef thesis/tex/4-MasqmailsFuture.tex --- a/thesis/tex/4-MasqmailsFuture.tex Sat Dec 20 20:51:48 2008 +0100 +++ b/thesis/tex/4-MasqmailsFuture.tex Mon Dec 22 20:42:33 2008 +0100 @@ -193,15 +193,9 @@ \item a list of users (e.g.\ ``\texttt{bob: alice, john@example.com}'') \item a command (e.g.\ ``\texttt{bob: |foo}'') \end{itemize} -Aliases can be cascaded like in the following example: -\begin{verbatim} -team: alice, bob -bob: bob@example.com -\end{verbatim} - Addresses expanding to lists of users lead to more envelopes. Aliases changing the reciptients domain part may require a different route to use. -Aliasing is often handled in expanding the alias and reinjecting the mail into the system. Unfortunately, the mail is processed twice using this approach; also does the system need to handle more mail this way. Is it needed to check the new recipient address for acceptance, or should it be accepted generally? (The aliase actually came from inside the system.) A second point for access control seems to be no choice. +Aliasing is often handled in expanding the alias and reinjecting the mail into the system. Unfortunately, the mail is processed twice then; additionally does the system have to handle more mail this way. If it is wanted to check the new recipient address for acceptance and do all processing again, then reinjecting it is the best choice. @@ -242,85 +236,50 @@ \subsubsection*{Encryption} -TLS/SSL prevents attackers to listen on the cable -but it does not prevent man-in-the-middle attacks -signed certificates help here +Electronic mail is very weak to sniffing attacks, because all data transfer is unencrypted. This concerns the message's content, as well as the email addresses in header and envelope, but also authentication dialogs that may transfer plain text passwords (\NAME{PLAIN} and \NAME{LOGIN} are examples). Adding encryption is therefor wanted. +The common way to encrypt \SMTP\ dialogs is using \name{Transport Layer Security} (short: \TLS, successor of \NAME{SSL}). \TLS\ encrypts the datagrams of the \name{transport layer}. This means it works below the application protocols and can be used by any of them\citeweb{wikipedia:tls}. -ch /usr/share/ssl/misc +\TLS\ allows to create secure tunnels through which arbitrary programs can communicate. Hence one can add secure communication afterwards to programs without changing them. \name{OpenSSL} for example---a free implementation---allows traffic to be piped into a command; a secure tunnel is created and the traffic is forwarded through it. Or a secure tunnel can be set up between a local and a remote port; this tunnel can then be used by any application. -create new CA: -\begin{verbatim} - CA.pl -newca - country: DE - state: schwaben - city: Ulm - company: - section: - name: - emailaddress: -\end{verbatim} +The \NAME{POP} protocol, for example, is good suited for such tunneling, but \SMTP\ is is not generally. Outgoing \SMTP\ client connections can be tunneled without problem---\masqmail\ already provides a configure option called \texttt{wrapper} to do so. Tunneling incomming connections to a server leads to problems with \SMTP. As data comes encrypted through the tunnel to the receiving host and gets then decrypted and forwarded on local to the port the application listens on. From the \MTA's view, this makes all connections appear to come from localhost, unfortunately. Figure \ref{fig:stunnel} depicts the data flow. -generate ssl key: -\begin{verbatim} - CA.pl -newreq - ... the same questions -\end{verbatim} +\begin{figure} + \begin{center} + \input{input/stunnel.tex} + \end{center} + \caption{Data flow using \name{stunnel}} + \label{fig:stunnel} +\end{figure} -sign request with CA: -\begin{verbatim} - CA.pl -sign -\end{verbatim} +For incoming connections, \NAME{STARTTLS}---defined in \RFC2487---is what \mta{}s implement. -remove passphrase from private key: -\begin{verbatim} - openssl rsa key.pem - (to be used by programs automaticly) -\end{verbatim} +\masqmail\ is already able to encrypt outgoing connections, but encryption of incoming connections, using \NAME{STARTTLS} should be implemented. This only affects the \SMTP\ server module. -secure: -\begin{verbatim} - chmod 400 *.pem - cp newcert.pem /etc/postfix/cert.pem - cp key.pem /etc/postfix/key.pem - cp demoCA/cacert.pem /etc/postfix/CAcert.pem - chmode 400 /etc/postfix/*.pem +%TLS/SSL prevents attackers to listen on the cable +%but it does not prevent man-in-the-middle attacks +%signed certificates help here +% or PGP encryption - mkdir /etc/stunnel - cat newcert.pem key.pem >/etc/stunnel/stunnel.pem - chmod 400 /etc/stunnel/stunnel.pem - (check /etc/stunnel with `stunnel -V') -\end{verbatim} +%do not use stunnel wit SMTP: +%because all incoming mail would be from 127.0.0.1 !! +%use STARTTLS instead -set up stunnels for POP, etc: -\begin{verbatim} - nmap localhost - stunnel -d pop3s -r localhost:pop3 -p /etc/stunnel/stunnel.pem - stunnel -d imaps -r localhost:imap -p /etc/stunnel/stunnel.pem - nmap localhost - pop3s 995 - imaps 993 -\end{verbatim} - -do not use stunnel wit SMTP: -because all incoming mail would be from 127.0.0.1 !! -use STARTTLS instead - -postfix: main.cf -\begin{verbatim} - smtpd_use_tls = yes - smtpd_tls_received_header = no (does not log in received headers) - - smtpd_tls_key_file = /etc/postfix/key.pem - smtpd_tls_cert_file = /etc/postfix/cert.pem - smtpd_tls_CA_file = /etc/postfix/CAcert.pem - - smtp_use_tls = yes (use TLS for sending) - smtp_tls_key_file = /etc/postfix/key.pem - smtp_tls_cert_file = /etc/postfix/cert.pem - smtp_tls_CA_file = /etc/postfix/CAcert.pem -\end{verbatim} +%postfix: main.cf +%\begin{verbatim} +% smtpd_use_tls = yes +% smtpd_tls_received_header = no (does not log in received headers) +% +% smtpd_tls_key_file = /etc/postfix/key.pem +% smtpd_tls_cert_file = /etc/postfix/cert.pem +% smtpd_tls_CA_file = /etc/postfix/CAcert.pem +% +% smtp_use_tls = yes (use TLS for sending) +% smtp_tls_key_file = /etc/postfix/key.pem +% smtp_tls_cert_file = /etc/postfix/cert.pem +% smtp_tls_CA_file = /etc/postfix/CAcert.pem +%\end{verbatim} diff -r 9415e41e765e -r 5c873e6478ef thesis/thesis.sty --- a/thesis/thesis.sty Sat Dec 20 20:51:48 2008 +0100 +++ b/thesis/thesis.sty Mon Dec 22 20:42:33 2008 +0100 @@ -55,6 +55,7 @@ \newcommand{\gpl}{General Public License} \newcommand{\GPL}{\NAME{GPL}} \newcommand{\SMTP}{\NAME{SMTP}} + \newcommand{\TLS}{\NAME{TLS}} \newcommand{\nth}{\textsuperscript{th}} \newcommand{\st}{\textsuperscript{st}}