From: "Ævar Arnfjörð Bjarmason" <avarab@gmail.com>
To: Drew DeVault <sir@cmpwn.com>
Cc: git@vger.kernel.org
Subject: Re: [PATCH v2 2/3] git-send-email: die on invalid smtp_encryption
Date: Mon, 12 Apr 2021 15:16:09 +0200 [thread overview]
Message-ID: <87o8ejej8m.fsf@evledraar.gmail.com> (raw)
In-Reply-To: <CALQY92B6OVL.2Z59Y6W51BU4Y@taiga>
On Mon, Apr 12 2021, Drew DeVault wrote:
> On Sun Apr 11, 2021 at 3:56 PM EDT, Ævar Arnfjörð Bjarmason wrote:
>> I suggest we don't compromise and just go with whatever you're OK with :)
>
> Well, if you're giving me an opportunity to not drag this out into a
> multi-phase rollout, then I'll take it :)
Just to be clear even if I was insisting on that I'm still just one guy
on the ML reviewing your patch.
As a first approximation the opinion of regular contributors counts for
more when the topic is some tricky interaction of code they wrote/are
familiar with.
In this case we're just discussing the general interaction of security,
optional switches, software versioning and how SMTP servers in the wild
work.
I'd think someone who e.g. needs to regularly deal with SMTP servers in
the wild would have a much better idea of those trade-offs than someone
(like me) who happens to have some existing patches in git.git to
git-send-email.perl.
> Another option is to forbid an unknown value (which is almost certainly
> (1) wrong and (2) causing users to unexpectedly use plaintext when they
> expected encryption), file a CVE, and pitch it as a security fix - then
> we can expect a reasonably quick rollout of the change to the ecosystem
> at large.
I think anyone would agree that in retrospect "unknown is plaintext" for
the "what encryption do you want" option is at best a something
approaching a shotgun to your foot of a UI pattern.
But I think it falls far short of a CVE. We *do* prominently document
it, a potential CVE would be if we had silent degration to plaintext
(well, in a mode whose inherent workings aren't to be vulnerable to that
attack, as STARTTLS is...).
FWIW since my upthread <87zgy4egtp.fsf@evledraar.gmail.com> I tried
sending mail through GMail's plain-text smtp gateway as an authenticated
user.
Testing with:
nc smtp.gmail.com 25
openssl s_client -connect smtp.gmail.com:465
It will emit a 530 if you try to AUTH in plain-text (telling you to use
STARTTLS), it will also only say "AUTH" in the EHLO response to the
latter.
And indeed Net::SMTP picks up on this, and doesn't even send your
user/password:
https://metacpan.org/release/libnet/source/lib/Net/SMTP.pm#L169
So this hypothetical degradation of the connection and sending auth over
plain-text I suggested in upthread #3 seems to mostly/entirely be a
non-issue as far as e.g. accidentally sending your password on some open
WiFi network goes due to a local misconfiguration.
As long as the SMTP server is functional enough to say it doesn't
support AUTH on plain-text you'll be OK. I'm assuming that these days
with the push for "SSL everywhere" most/all big providers/MTAs have
moved away from supporing plain-text auth by default.
next prev parent reply other threads:[~2021-04-12 13:16 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-11 12:54 [PATCH v2 0/3] git-send-email: improve SSL configuration Drew DeVault
2021-04-11 12:54 ` [PATCH v2 1/3] git-send-email(1): improve smtp-encryption docs Drew DeVault
2021-04-11 14:11 ` Ævar Arnfjörð Bjarmason
2021-04-11 12:54 ` [PATCH v2 2/3] git-send-email: die on invalid smtp_encryption Drew DeVault
2021-04-11 14:20 ` Ævar Arnfjörð Bjarmason
2021-04-11 14:21 ` Drew DeVault
2021-04-11 14:30 ` Ævar Arnfjörð Bjarmason
2021-04-11 15:06 ` Ævar Arnfjörð Bjarmason
2021-04-11 15:18 ` Drew DeVault
2021-04-11 19:56 ` Ævar Arnfjörð Bjarmason
2021-04-12 12:33 ` Drew DeVault
2021-04-12 13:16 ` Ævar Arnfjörð Bjarmason [this message]
2021-04-13 12:12 ` Drew DeVault
2021-04-13 14:22 ` Ævar Arnfjörð Bjarmason
2021-04-13 21:39 ` Junio C Hamano
2021-04-11 12:54 ` [PATCH v2 3/3] git-send-email: rename 'tls' to 'starttls' Drew DeVault
2021-04-11 14:17 ` Ævar Arnfjörð Bjarmason
2021-04-11 14:22 ` Drew DeVault
2021-04-11 14:43 ` [PATCH 0/2] send-email: simplify smtp.{smtpssl,smtpencryption} parsing Ævar Arnfjörð Bjarmason
2021-04-11 14:43 ` [PATCH 1/2] send-email: remove non-working support for "sendemail.smtpssl" Ævar Arnfjörð Bjarmason
2021-04-11 19:08 ` Junio C Hamano
2021-04-11 19:51 ` Ævar Arnfjörð Bjarmason
2021-05-01 9:15 ` Ævar Arnfjörð Bjarmason
2021-04-11 14:43 ` [PATCH 2/2] send-email: refactor sendemail.smtpencryption config parsing Ævar Arnfjörð Bjarmason
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: http://vger.kernel.org/majordomo-info.html
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87o8ejej8m.fsf@evledraar.gmail.com \
--to=avarab@gmail.com \
--cc=git@vger.kernel.org \
--cc=sir@cmpwn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://80x24.org/mirrors/git.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).