when should we esmtps our mxes?

Mon, 24 Oct 2016 05:03:42 -0700 

>>>>> Kristian Erik Hermansen <kristian.herman...@gmail.com> writes:
>>>>> On Mon, Oct 24, 2016 at 1:59 AM, Adrian Bunk <b...@stusta.de> wrote:

[…]

 >> For the kind of attacks you are describing, https is just snake oil.

 > Profusely disagree and so do other members of this list.  I'll leave
 > it at that, but also I should point out that your email is being
 > routed insecurely via welho.com and lacks TLS in transit, so I also
 > probably shouldn't consider your TLS knowledge very highly…

        Speaking of which.  Does the gnutls-cli transcript MIMEd signify
        of an ongoing MitM attack, or is it just a misconfiguration?

-- 
FSF associate member #7257  58F8 0F47 53F5 2EB2 F6A5  8916 3013 B6A0 230E 334A

$ dig +nocomment mx lists.debian.org 
…
lists.debian.org.       3600    IN      MX      0 bendel.debian.org.
…
$ gnutls-cli --starttls -p 25  bendel.debian.org 
Processed 173 CA certificate(s).
Resolving 'bendel.debian.org'...
Connecting to '2001:41b8:202:deb:216:36ff:fe40:4002:443'...
Connecting to '82.195.75.100:443'...

- Simple Client Mode:

*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
 - subject `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP 
CA,CN=bendel.debian.org,EMAIL=hostmas...@bendel.debian.org', issuer 
`C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP 
CA,EMAIL=hostmas...@puppet.debian.org', RSA key 2048 bits, signed using 
RSA-SHA1, activated `2016-02-09 00:00:13 UTC', expires `2017-02-08 00:00:13 
UTC', SHA-1 fingerprint `d99dffbab982a0bbca0f95cf88401f75d75a0194'
        Public Key ID:
                a6fa6354cd66e04bba4f3c3e5f45bf82afe17b61
        Public key's random art:
                +--[ RSA 2048]----+
                |                 |
                |        .        |
                |       . +    .  |
                |        + =  . . |
                |       +S+    . .|
                |      o+.   .E  .|
                |     ...+  oo... |
                |     .+o....o..  |
                |    .o.ooo.++.   |
                +-----------------+

- Certificate[1] info:
 - subject `C=NA,ST=NA,L=Ankh Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian 
SMTP CA,EMAIL=hostmas...@puppet.debian.org', issuer `C=NA,ST=NA,L=Ankh 
Morpork,O=Debian SMTP,OU=Debian SMTP CA,CN=Debian SMTP 
CA,EMAIL=hostmas...@puppet.debian.org', RSA key 2048 bits, signed using 
RSA-SHA1, activated `2009-04-04 22:40:56 UTC', expires `2019-04-02 22:40:56 
UTC', SHA-1 fingerprint `2bd080f1a4c79bae4d8ce3728fd2483b49ce4ca5'
- Status: The certificate is NOT trusted. The certificate issuer is unknown. 
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
*** Handshake has failed

Reply via email to