nanog mailing list archives
Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
From: Mark Andrews <marka () isc org>
Date: Sat, 12 Jan 2019 07:19:07 +1100
On 12 Jan 2019, at 6:36 am, Töma Gavrichenkov <ximaera () gmail com> wrote: 11 Jan. 2019 г., 22:33 Rob McEwen <rob () invaluement com>:but if done right, fwiw,, wouldn't that be sent over SMTP using TLS encryptionSo STARTTLS strip is not a problem anymore?
If you deploy DANE (client and server sides) then stripping STARTTLS is ineffective for the target domain. We (isc.org) have but gmail.com hasn’t (server side at least). On could be asking why you are using gmail.com when they don’t care enough to signal to the world that STARTTLS is supported and should be there in the EHLO. % dig mx isc.org +dnssec ;; BADCOOKIE, retrying. ; <<>> DiG 9.13.1+hotspot+add-prefetch+marka <<>> mx isc.org +dnssec ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4910 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 13 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags: do; udp: 4096 ; COOKIE: bfabca20a2ed6fe032fae4e75c38f7eecca21769def0a3e3 (good) ;; QUESTION SECTION: ;isc.org. IN MX ;; ANSWER SECTION: isc.org. 7140 IN MX 20 mx.ams1.isc.org. isc.org. 7140 IN MX 10 mx.pao1.isc.org. isc.org. 7140 IN RRSIG MX 5 2 7200 20190206233314 20190107233314 19923 isc.org. UBu26XwokUyCwZvBzp5+kajy686RF4cdA/Un3Z3vtEARG8qx0hQfHoTk lGfGPkt21QdZmqX+ZJcdO3LfA+qU9A3aEJMXZi9aMZkPDWu1aPsJBu6U 3U3Tj9j+DsqL2Uk780TAqQQQWFUwIHF+y0hcRIWPaqUuvygl/5jxdVDN Mls= ;; ADDITIONAL SECTION: mx.pao1.isc.org. 3541 IN A 149.20.64.53 mx.ams1.isc.org. 3544 IN A 199.6.1.65 mx.pao1.isc.org. 3541 IN AAAA 2001:4f8:0:2::2b mx.ams1.isc.org. 3544 IN AAAA 2001:500:60::65 mx.pao1.isc.org. 3541 IN RRSIG A 5 4 3600 20190206233333 20190107233333 13902 pao1.isc.org. WrDcCGC0SmNUSh+DBxogVXWU2PQVpJ/6S/WJxpU4fLDpI+0J85aep+e1 NwZRUuw9N5RRuslQSz0y+aiwB0RACq2wbPUxDem21KpzKE8rlrAlf0U9 k9sT1PeCkWu7QOiWgEksnoJijyCVY41Q/GB0HnWzaO4jUtay6e/PBj4c IiA= mx.pao1.isc.org. 3541 IN RRSIG AAAA 5 4 3600 20190206233333 20190107233333 13902 pao1.isc.org. EaYgxAGrmJ9oiX4u2DfIcHKCqen3RNGylmWT0VjJ8VWY5e/c5TA1eI5U evGsvYhvLD4WvR8hzvKxp4Pc5EYKLoB+YRI4ttUgnTydsEI0xFCcgB4+ dFb+89h8e6tHSPhUa1wa7ObriKm1O5FzplEXLfNFbgEUN6oJOIMw7q8w cC8= _25._tcp.mx.pao1.isc.org. 3543 IN RRSIG TLSA 5 6 3600 20190206233333 20190107233333 13902 pao1.isc.org. liSDcLgGpDXqgTxkv2sQBI3OsACPflpxoZxcrgSge4yTe5gA97NOPe0l ECmDBPzUkhcRI6Mwv+uBCmm5FBvgh0leNxLXzACdkCX8EscE3v74wd5o ReCRGFAhV6TBjycwejkGARVTYF23RyRflq2/fRV2hoOdH2ImcW7/SMqA 8Jg= mx.ams1.isc.org. 3544 IN RRSIG A 5 4 3600 20190206233315 20190107233315 5730 ams1.isc.org. E+6nzEbFAcftlr3UTaCcw0LAHYIdVe5TNfyIwVwU71AzZB22jiif/BrQ KxemOrR7LT7ukfDRjnEzfV1/s0Wwfxh0b79otxrDwssKzNKz9XhaIhVf j17oyuQBkYjYv5RBuwsrmKQmSbu56Zu7G35xp2qbKi6E+3lpXPghnrnJ DBk= mx.ams1.isc.org. 3544 IN RRSIG AAAA 5 4 3600 20190206233315 20190107233315 5730 ams1.isc.org. ov/6HUTx8v7t31KBYVgDy02Bpe8rJX431vPDdRZvKKhffFrYmUOIXEqD Q/3+DNV1axSJCTONJ1NwzoSC8LDwQQFUcAsXnhcW/C/Z3rbaEthetmmP TERuRGjF3QdA+qFM8RCc83s+hp1RXo5cU+9wA8OTPT5nTmfthkDs/cUi 0o8= _25._tcp.mx.ams1.isc.org. 3545 IN RRSIG TLSA 5 6 3600 20190206233315 20190107233315 5730 ams1.isc.org. qdzOyIbkPhufqw6/B5bwpxJ0pfVeUay2v8O5spUa+xgHdLQFNS851vlW KOYrNfZALDomXkOyfAVTEZXQ1g3xf0gzIcRCy0PHcgDtgl5a56AilFGB n6LZVkh6lbAkQ8lSmlKWmOvAmJnXh6L6dX8/CQzpWT7G0EEL1EcvLW6p uZ0= _25._tcp.mx.pao1.isc.org. 3543 IN TLSA 3 0 1 71903FF43D60CA91BDB7AA0DFE9C247B1A2C5A6002C436451C3C1684 0C607AE0 _25._tcp.mx.ams1.isc.org. 3545 IN TLSA 3 0 1 5EF9B10DA21B2711522982EAD699FBABE77FD07FF07AC810608A85DA 66AFE916 ;; Query time: 7 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Jan 12 07:09:18 AEDT 2019 ;; MSG SIZE rcvd: 1555 %
-- Töma
-- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka () isc org
Current thread:
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues, (continued)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rich Kulawiec (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Anne P. Mitchell, Esq. (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Yang Yu (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Ross Tajvar (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Mike Hammett (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Brian Kantor (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rich Kulawiec (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Andreas Ott (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rob McEwen (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Töma Gavrichenkov (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Mark Andrews (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Töma Gavrichenkov (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues cosmo (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Grant Taylor via NANOG (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rob McEwen (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Bryan Holloway (Jan 11)