Should fastmail opt into strict transport layer security mode?

[elvey]

Should fastmail opt into strict transport layer security mode? See RFC 8461. MTA-STS (full name SMTP Mail Transfer Agent Strict Transport Security) is a ~10-month-old standard that aims to improve the security of SMTP by enabling domain names to opt into strict transport layer security mode ...

I just opted in my own domains and subdomains and fastmail subdomains. That is,
<munged>.com, <munged.munged>.com, <munged>sent.com, <munged>.mm.st.

It was my popular previous thread regarding whether the logs showed whether content to certain domains was encrypted or not (op cit) and this fastmail blog post that got me energized :
Getting STARTTLS Everywhere
TECHNICAL
27 June 2018 / Helen Horstmann-Allen (fastmail COO)
https://fastmail.blog/2018/06/27/let...ls-everywhere/

This won’t (well, shouldn’t) cause any problems (other than for those trying to spy on email traffic). ( for example: When servers that don’t understand MTA-STS try and send email to fastmail it will still be accepted.)

PS I’m surprised that MTA-STS policy can be defined only on a per recipient domain basis, but not on a per receiving SMTP server name basis, which would require much less setup and maintenance work, but at the cost of reduced policy granularity choice.

PPS I’m guessing there’s no DanE support yet.

[elvey]

More votes, please!

[malcarada]

I would not worry too much about it, since Fastmail is an Australian company, their government could ask one of FM employees to introduce a backdoor before MTA-STS takes place or make it buggy, and if that is not possible they can ask the employee to write a piece of code to make it possible or give him a USB thumbdrive with malware to run it on the server.

If you are so worried about privacy it is best to pick a company not in Australia, somewhere employees can not be forced to act in secret behind the management back to introduce a backdoor, which is the current power Australian law enforcement has. This is unheard of even in the USA or UK and those countries are not exactly the most privacy friendly in the World, which tells you what a bad idea is to pick an Australian company for privacy.

And before you say that you are not likely to attract law enforcement attention, let me remind you that backdoors can be exploited by anybody, not just law enforcement.

[elvey]

Really? I recall Fastmail has a blog post that, as i recall, doesn’t square with what you’re claiming. As I recall, because the server hosting is not in Australia but the company is, and fastmail is not more accommodating of legal demands then it has to be, privacy is unusually good (but by no means lavabit-good). Have you seen that post or posts?

Also I think you’re mistaken at least one sense because thee case of lavabit shows that in the US companies can receive enforceable secret orders to compromise email privacy.

Do you have any sources to support your claim?

[snappy]

Even if the Australian government can compel Fastmail to install a backdoor to exfiltrate secured SMTP traffic, they probably wouldn't go through that length. But at the same time you shouldn't dismiss the "worst case scenario," because at some point in history mass surveillance on the Internet was considered hysteria/conspiracy theory territory which was unequivocally proved wrong.


In any case, MTA-STS is an improvement over the current posture of SMTP TLS interconnect by adding a stronger element of trust/authentication. It mitigates the threat of bad actors and MITM attacks for fairly negligible overhead/cost. There's probably never really been an attack in the wild of a rogue SMTP server masquerading as a legitimate entity, but it's just another way to keep servers/systems honest.

To me, it's a no brainer, implement it. Probably not that important to expedite though.

[n5bb]

Was this thread inspired by this news about Gmail becoming the first major email provider to add MTA-STS support?
https://betanews.com/2019/04/12/gmai...tls-reporting/
https://www.zdnet.com/article/gmail-...tls-reporting/

Bill

[malcarada]

Quote:

Originally Posted by elvey

Really? I recall Fastmail has a blog post that, as i recall, doesn’t square with what you’re claiming. As I recall, because the server hosting is not in Australia but the company is, and fastmail is not more accommodating of legal demands then it has to be, privacy is unusually good (but by no means lavabit-good). Have you seen that post or posts?

Also I think you’re mistaken at least one sense because thee case of lavabit shows that in the US companies can receive enforceable secret orders to compromise email privacy.

Do you have any sources to support your claim?

Yes really, if you have a company in Australia you must comply with Australian law, my source is common sense.

I think you are mistaken too comparing the lavabit case with the Australian law that can force employees to plant backdoors in the infrastructure and the law in the US where the CEO gets a gagging order and then he decides if he wants to comply with it or not, if Lavabit had been in Australia the CEO would have never known about any backdoor, law enforcement could have asked one of his employees to plant it and demand he doesn´t say anything to his boss.

I stand by my comment, the Australian law that can force employees to act behind the back of their bosses is unheard of in the US or UK. Not sure if China or Iran have any equivalent, but other surveillance states like UK, they do not have that kind of power.

[elvey]

Quote:

Originally Posted by n5bb

Was this thread inspired by this news about Gmail becoming the first major email provider to add MTA-STS support?
https://betanews.com/2019/04/12/gmai...tls-reporting/
https://www.zdnet.com/article/gmail-...tls-reporting/

Bill

Coincidence. I found out about it through the IETF; I hadn't seen any news coverage about it. I just corrected a betanews commenter ignorant of https://www.wired.co.uk/article/goog...emails-privacy



I'm not entirely convinced, @malcarada; I think we're both partly right; good discussion.