Firewall Wizards mailing list archives
Re: Re: Firewalls breaking stuff: [Was re: fwtk]
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Fri, 19 Jul 2002 17:55:03 -0400
Charles W. Swiger wrote:
Please explain why SMTP AUTH or performing SSL-based encryption of mail en transit via STARTTLS is "stupid" rather than important functionality which improves security?
OK. It seems pretty straightforward so I didn't elaborate sufficiently on the first pass... The last time I downloaded the SSL codebase library it was humongous. I'm sure it's got more security bugs in it than a college dorm room has cockroaches. We just haven't found them all yet - probably because it's huge. So by adding SSL you're incorporating one huge thing into another huge thing. Not only that, it's something hooked to a network that accepts connections from the entire planet. That's just a bad idea. SMTP AUTH I have't looked at the code for, but I bet it's another plate of spaghetti. But one thing I can tell you for sure!!! If they aren't built into my mailer, I don't have to worry about 'em!! That's my whole point. ESMTP was still a-borning when I wrote smap and I looked at it and it was complicated and not necessary to support in order to collect mail. Since it wasn't necessary, I left it out. I guess that's a philosophical point I haven't raised: things that aren't strictly necessary, if you're writing security code, are, by definition, dumb.
If you also provide SSL-based IMAP (993/tcp), you can provide email access for remote employees where their usernames, passwords, and the mail itself is never sent in plain text. That seems quite worthwhile to me.
All built into the same mailer? Heck, why not throw a perl interpreter in there while you're at it! And make it an SSL web server, too, since you've already got SSL in there and it's already handling everything else in one process. Shoot, why not just write the whole thing as an apache plug-in and then it'll be _really_ secure! :)
Someone capable of implementing SMTP correctly is more likely to produce secure code than someone not capable of implementing SMTP correctly.
Someone perfectly capable of implementing SMTP correctly may just choose to omit features that made for a larger, more complex, harder to secure implementation. This is both laziness and a quest for perfection. It is the zen of knowing what is enough. mjr. --- Marcus J. Ranum http://www.ranum.com Computer and Communications Security mjr () ranum com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: FWTK and smap/smapd, (continued)
- Re: FWTK and smap/smapd Charles W. Swiger (Jul 17)
- Re: FWTK and smap/smapd Joseph S D Yao (Jul 16)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd Devdas Bhagat (Jul 17)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd Charles W. Swiger (Jul 17)
- Firewalls breaking stuff: [Was re: fwtk] Marcus J. Ranum (Jul 18)
- Re: Firewalls breaking stuff: [Was re: fwtk] Dominik Miklaszewski (Jul 18)
- Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 19)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 19)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Marcus J. Ranum (Jul 19)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles Swiger (Jul 20)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Marcus J. Ranum (Jul 20)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Charles W. Swiger (Jul 22)
- Re: Re: Firewalls breaking stuff: [Was re: fwtk] Paul Robertson (Jul 22)
- Re: FWTK and smap/smapd Rick Murphy (Jul 17)
- Re: FWTK and smap/smapd David Lang (Jul 16)
- Re: FWTK and smap/smapd Dominik Miklaszewski (Jul 16)