From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/67540
Path: news.gmane.org!not-for-mail
From: Matthias Andree <matthias.andree@gmx.de>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: Bug#499774: starttls is a joke
Date: Tue, 07 Oct 2008 22:41:25 +0200
Message-ID: <m3zllgrvd6.fsf@merlin.emma.line.org>
References: <871vzca7gp.fsf@natisbad.org> <87y71kpmq7.fsf@bubble.risko.hu>
	<87od2g31hf.fsf@natisbad.org>
	<87tzc8upgf.fsf@marauder.physik.uni-ulm.de>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1223412189 16442 80.91.229.12 (7 Oct 2008 20:43:09 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Tue, 7 Oct 2008 20:43:09 +0000 (UTC)
Cc: Daiki Ueno <ueno@unixuser.org>,  Simon Josefsson <simon@josefsson.org>,  499774@bugs.debian.org,  RISKO Gergely <risko@debian.org>,  ding@gnus.org
To: Arnaud Ebalard <arno@natisbad.org>
Original-X-From: ding-owner+M15991@lists.math.uh.edu Tue Oct 07 22:44:06 2008
Return-path: <ding-owner+M15991@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from util0.math.uh.edu ([129.7.128.18])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1KnJPa-0001WC-0S
	for ding-account@gmane.org; Tue, 07 Oct 2008 22:44:06 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by util0.math.uh.edu with smtp (Exim 4.63)
	(envelope-from <ding-owner+M15991@lists.math.uh.edu>)
	id 1KnJOG-00064b-2p; Tue, 07 Oct 2008 15:42:44 -0500
Original-Received: from mx1.math.uh.edu ([129.7.128.32])
	by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256)
	(Exim 4.63)
	(envelope-from <matthias.andree@gmx.de>)
	id 1KnJNd-00063z-CA
	for ding@lists.math.uh.edu; Tue, 07 Oct 2008 15:42:05 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx1.math.uh.edu with esmtp (Exim 4.69)
	(envelope-from <matthias.andree@gmx.de>)
	id 1KnJNZ-0006Om-8t
	for ding@lists.math.uh.edu; Tue, 07 Oct 2008 15:42:05 -0500
Original-Received: from mail.gmx.net ([213.165.64.20])
	by quimby.gnus.org with smtp (Exim 3.36 #1 (Debian))
	id 1KnJNe-0007Nj-00
	for <ding@gnus.org>; Tue, 07 Oct 2008 22:42:06 +0200
Original-Received: (qmail invoked by alias); 07 Oct 2008 20:41:28 -0000
Original-Received: from g227125196.adsl.alicedsl.de (EHLO m2a2.dyndns.org) [92.227.125.196]
  by mail.gmx.net (mp053) with SMTP; 07 Oct 2008 22:41:28 +0200
X-Authenticated: #428038
X-Provags-ID: V01U2FsdGVkX19FzXZpt7lFvYYkzyyEIkeEcWfacEFmgCYcpQhCmp
	fQMtqNNj+1YDES
Original-Received: from localhost (localhost [127.0.0.1])
	by merlin.emma.line.org (Postfix) with ESMTP id B0435200338;
	Tue,  7 Oct 2008 22:41:25 +0200 (CEST)
X-Virus-Scanned: amavisd-new at emma.line.org
Original-Received: from m2a2.dyndns.org ([127.0.0.1])
	by localhost (m2a2.dyndns.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id tjL+tJg8Xdqg; Tue,  7 Oct 2008 22:41:25 +0200 (CEST)
Original-Received: by merlin.emma.line.org (Postfix, from userid 500)
	id 4EDFB2005AE; Tue,  7 Oct 2008 22:41:25 +0200 (CEST)
In-Reply-To: <87tzc8upgf.fsf@marauder.physik.uni-ulm.de> (Reiner Steib's
	message of "Mon, 22 Sep 2008 18:15:28 +0200")
User-Agent: Gnus/5.110011 (No Gnus v0.11) Emacs/22.2 (gnu/linux)
X-PGP-Key: http://home.pages.de/~mandree/keys/GPGKEY.asc
X-Y-GMX-Trusted: 0
X-FuHaFi: 0.57
X-Spam-Score: -2.6 (--)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:67540
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/67540>

Reiner Steib <reinersteib+gmane@imap.cc> writes:

>> Then, someone should correct the code to support passing trust anchors,
>> allow passing the verify value, and document capabilities and
>> limitations. 
>
> Gnus currently uses starttls if starttls and gnutls-cli are available
> for backward compatibility.  
>
> Would it make sense to prefer gnutls-cli and warn when using starttls
> (if gnutls-cli is not installed)?

It would make sense to fix the tools first, and stop using them in
unsafe ways.

I recently found on Cygwin, when setting up Emacs+Gnus, that gnutls-cli
(2.4.2 IIRC) has some subtle "accept b0rked cert chain" behaviour: it
would happily accept any garbage^Wuntrusted certificate chain without
notice -- when I'm not using "--x509cafile FOO" on the command line.
This isn't documented anywhere (manual, manpage, --help), I found this
out through systematic testing.

I find this most disturbing, since if I don't provide a set of trusted
X.509 CA certs, I trust nobody (rather than everybody as gnutls-cli
does)... gnutls-cli should bail out if it has no trusted root
certificates, rather than silently trust everyone. Go figure - there's a
difference between giving "--x509cafile /dev/null" and not giving this
option at all. :-(

While I'm at it, from the end user's perspective, I find it very hard to
figure what options I need for a proper configuration that doesn't use
b0rked protocols such as SSLv2, that uses proper X.509 certificate
validation to detect MITM attacks. Few applications except Firefox 3 get
that right, and I couldn't tell one off-hand.

I think that EVERY tool that has a remotely security-related context
should default to bulletproof mode and require that the user relaxes
every test explicitly.

Yes, I need to do homework here, fetchmail doesn't get this right
either... compatibility and all that.

So I'd say make Gnus default to gnutls-cli and change the sample
configuration to include --x509cafile and add instructions to the
defcustom blah self-documentation telling the user to cat(1) his trusted
ROOT certificates (in PEM format) together to form this file.

-- 
Matthias Andree