Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

[Mark Andrews <marka () isc org>]

> On 12 Jan 2019, at 6:36 am, Töma Gavrichenkov <ximaera () gmail com> wrote:
>
> 11 Jan. 2019 г., 22:33 Rob McEwen <rob () invaluement com>:
> > but if done right, fwiw,, wouldn't that
> > be sent over SMTP using TLS encryption
>
> So STARTTLS strip is not a problem anymore?

If you deploy DANE (client and server sides) then stripping STARTTLS is
ineffective for the target domain. 

We (isc.org) have but gmail.com hasn’t (server side at least).  On could be
asking why you are using gmail.com when they don’t care enough to signal to
the world that STARTTLS is supported and should be there in the EHLO.

% dig mx isc.org +dnssec
;; BADCOOKIE, retrying.

; <<>> DiG 9.13.1+hotspot+add-prefetch+marka <<>> mx isc.org +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4910
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 13

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
; COOKIE: bfabca20a2ed6fe032fae4e75c38f7eecca21769def0a3e3 (good)
;; QUESTION SECTION:
;isc.org.                       IN      MX

;; ANSWER SECTION:
isc.org.                7140    IN      MX      20 mx.ams1.isc.org.
isc.org.                7140    IN      MX      10 mx.pao1.isc.org.
isc.org.                7140    IN      RRSIG   MX 5 2 7200 20190206233314 20190107233314 19923 isc.org. 
UBu26XwokUyCwZvBzp5+kajy686RF4cdA/Un3Z3vtEARG8qx0hQfHoTk lGfGPkt21QdZmqX+ZJcdO3LfA+qU9A3aEJMXZi9aMZkPDWu1aPsJBu6U 
3U3Tj9j+DsqL2Uk780TAqQQQWFUwIHF+y0hcRIWPaqUuvygl/5jxdVDN Mls=

;; ADDITIONAL SECTION:
mx.pao1.isc.org.        3541    IN      A       149.20.64.53
mx.ams1.isc.org.        3544    IN      A       199.6.1.65
mx.pao1.isc.org.        3541    IN      AAAA    2001:4f8:0:2::2b
mx.ams1.isc.org.        3544    IN      AAAA    2001:500:60::65
mx.pao1.isc.org.        3541    IN      RRSIG   A 5 4 3600 20190206233333 20190107233333 13902 pao1.isc.org. 
WrDcCGC0SmNUSh+DBxogVXWU2PQVpJ/6S/WJxpU4fLDpI+0J85aep+e1 NwZRUuw9N5RRuslQSz0y+aiwB0RACq2wbPUxDem21KpzKE8rlrAlf0U9 
k9sT1PeCkWu7QOiWgEksnoJijyCVY41Q/GB0HnWzaO4jUtay6e/PBj4c IiA=
mx.pao1.isc.org.        3541    IN      RRSIG   AAAA 5 4 3600 20190206233333 20190107233333 13902 pao1.isc.org. 
EaYgxAGrmJ9oiX4u2DfIcHKCqen3RNGylmWT0VjJ8VWY5e/c5TA1eI5U evGsvYhvLD4WvR8hzvKxp4Pc5EYKLoB+YRI4ttUgnTydsEI0xFCcgB4+ 
dFb+89h8e6tHSPhUa1wa7ObriKm1O5FzplEXLfNFbgEUN6oJOIMw7q8w cC8=
_25._tcp.mx.pao1.isc.org. 3543  IN      RRSIG   TLSA 5 6 3600 20190206233333 20190107233333 13902 pao1.isc.org. 
liSDcLgGpDXqgTxkv2sQBI3OsACPflpxoZxcrgSge4yTe5gA97NOPe0l ECmDBPzUkhcRI6Mwv+uBCmm5FBvgh0leNxLXzACdkCX8EscE3v74wd5o 
ReCRGFAhV6TBjycwejkGARVTYF23RyRflq2/fRV2hoOdH2ImcW7/SMqA 8Jg=
mx.ams1.isc.org.        3544    IN      RRSIG   A 5 4 3600 20190206233315 20190107233315 5730 ams1.isc.org. 
E+6nzEbFAcftlr3UTaCcw0LAHYIdVe5TNfyIwVwU71AzZB22jiif/BrQ KxemOrR7LT7ukfDRjnEzfV1/s0Wwfxh0b79otxrDwssKzNKz9XhaIhVf 
j17oyuQBkYjYv5RBuwsrmKQmSbu56Zu7G35xp2qbKi6E+3lpXPghnrnJ DBk=
mx.ams1.isc.org.        3544    IN      RRSIG   AAAA 5 4 3600 20190206233315 20190107233315 5730 ams1.isc.org. 
ov/6HUTx8v7t31KBYVgDy02Bpe8rJX431vPDdRZvKKhffFrYmUOIXEqD Q/3+DNV1axSJCTONJ1NwzoSC8LDwQQFUcAsXnhcW/C/Z3rbaEthetmmP 
TERuRGjF3QdA+qFM8RCc83s+hp1RXo5cU+9wA8OTPT5nTmfthkDs/cUi 0o8=
_25._tcp.mx.ams1.isc.org. 3545  IN      RRSIG   TLSA 5 6 3600 20190206233315 20190107233315 5730 ams1.isc.org. 
qdzOyIbkPhufqw6/B5bwpxJ0pfVeUay2v8O5spUa+xgHdLQFNS851vlW KOYrNfZALDomXkOyfAVTEZXQ1g3xf0gzIcRCy0PHcgDtgl5a56AilFGB 
n6LZVkh6lbAkQ8lSmlKWmOvAmJnXh6L6dX8/CQzpWT7G0EEL1EcvLW6p uZ0=
_25._tcp.mx.pao1.isc.org. 3543  IN      TLSA    3 0 1 71903FF43D60CA91BDB7AA0DFE9C247B1A2C5A6002C436451C3C1684 0C607AE0
_25._tcp.mx.ams1.isc.org. 3545  IN      TLSA    3 0 1 5EF9B10DA21B2711522982EAD699FBABE77FD07FF07AC810608A85DA 66AFE916

;; Query time: 7 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jan 12 07:09:18 AEDT 2019
;; MSG SIZE  rcvd: 1555

% 

> --
> Töma

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka () isc org