I'm currently the maintainer of GetTor [1], and together with Nima and Sukhbir we have been talking about the future of it.
If this conversation moves elsewhere, I would really like to be kept in the loop.
I'm the primary maintainer of Psiphon's email auto-responder, which was initially modeled on Tor's approach. Psiphon is, obviously, also extremely interested in robust ways of making our tools available in censoring regions. (So, Satori, etc., are also interesting.)
Relatedly...
When doing Logjam, etc., testing on our responder I found testssl.sh[1] to be a handy tool. Used like so: ./testssl.sh --mx torproject.org
CheckTLS[2] is also good for actually doing email send and receive tests.
We're currently struggling a bit with just how hardcore we can be in securing our server communications. Right now Postfix is configured[3] to only connect out using TLS and only accept incoming TLS connections from servers with a verifiable cert. That seems reasonable, except... we're getting complaints that Chinese mail services don't meet those criteria, and Chinese users can't/won't/don't use Gmail/Hotmail/Yahoo.
...As an example of the sort of shared hurdles we might encounter.
[1]: https://testssl.sh/ [2]: https://www.checktls.com/ [3]: https://bitbucket.org/psiphon/psiphon-circumvention-system/src/2d052db9597d/...
Hi Adam,
On 18/06/15 16:40, Adam Pritchard wrote:
I'm currently the maintainer of GetTor [1], and together with Nima and Sukhbir we have been talking about the future of it.
If this conversation moves elsewhere, I would really like to be kept in the loop.
Good, I'll create a wiki page to keep track of the discussion and ideas (I'll post it later to this thread).
I'm the primary maintainer of Psiphon's email auto-responder, which was initially modeled on Tor's approach. Psiphon is, obviously, also extremely interested in robust ways of making our tools available in censoring regions. (So, Satori, etc., are also interesting.)
Great, I've heard of Psiphon before, and I'm sure both projects could benefit from working on new/better ways to expand the autoresponder service.
Relatedly...
When doing Logjam, etc., testing on our responder I found testssl.sh[1] to be a handy tool. Used like so: ./testssl.sh --mx torproject.org
CheckTLS[2] is also good for actually doing email send and receive tests.
Oh, nice! Although for some reason ./testssl.sh --mx torproject.org does not work for me, it says torproject.org has no mx records.
We're currently struggling a bit with just how hardcore we can be in securing our server communications. Right now Postfix is configured[3] to only connect out using TLS and only accept incoming TLS connections from servers with a verifiable cert. That seems reasonable, except... we're getting complaints that Chinese mail services don't meet those criteria, and Chinese users can't/won't/don't use Gmail/Hotmail/Yahoo.
...As an example of the sort of shared hurdles we might encounter.
Yeah, our current approach is to get to many people as possible (that's why, for example, we don't do DKIM verification). Maybe we can share experiences about it. Do you have a list of those services?
Anyway, I'll be taking a look at Psiphon's code :)
Thanks, --ilv
Oh, nice! Although for some reason ./testssl.sh --mx torproject.org does not work for me, it says torproject.org has no mx records.
Weird. I just ran it and put the output into a gist -- pretty[1], plain[2]. And the CheckTLS sender test[3], for good measure.
Yeah, our current approach is to get to many people as possible (that's why, for example, we don't do DKIM verification).
We don't do DKIM/SPF verification either. I don't think the decision was with the rationale "to get to as many people as possible", though. More like, "kind of a hassle and doesn't gain us much". We limit the number of responses to a single address to 3 per day, so if an attacker is faking a
From address there's only so much damage they can do... to a single target.
I guess a bigger threat is an attacker causing us to spam all over the place, hurting our mail server's reputation. (Well. I guess now I have to reconsider checking DKIM/SPF.)
Maybe we can share experiences about it. Do you have a list of those services?
Not a comprehensive list, but here's a start...
Email services that play nice with strong TLS client/server reqs:
* Gmail * Yahoo (but maybe not some of the regional ones? Like yahoo.de?) * Hotmail/Outlook.com * qq.com (Chinese email service)
Email services that do *not*:
* sina.cn, sina.net, sina.com.cn, sina.com (Chinese) * 163.com (Chinese) * tom.com (Chinese) * 126.com (Chinese)
[1]: https://rawgit.com/adam-p/349d6753aa23fd359e67/raw/63c91716ffb3bc764b1b686b0... [2]: https://gist.githubusercontent.com/adam-p/349d6753aa23fd359e67/raw/cc95105ed... [3]: https://gist.githubusercontent.com/adam-p/349d6753aa23fd359e67/raw/f8ff6cbcd...
On 19/06/15 17:17, Adam Pritchard wrote:
Oh, nice! Although for some reason ./testssl.sh --mx torproject.org does not work for me, it says torproject.org has no mx records.
Weird. I just ran it and put the output into a gist -- pretty[1], plain[2]. And the CheckTLS sender test[3], for good measure.
Weird indeed, it still doesn't work me. Anyway, thanks for the outputs. I'm worried though, because the script shows a lot of NOT oks :/
Not a comprehensive list, but here's a start...
Email services that play nice with strong TLS client/server reqs:
- Gmail
- Yahoo (but maybe not some of the regional ones? Like yahoo.de?)
- Hotmail/Outlook.com
- qq.com (Chinese email service)
Email services that do *not*:
- sina.cn, sina.net, sina.com.cn, sina.com (Chinese)
- 163.com (Chinese)
- tom.com (Chinese)
- 126.com (Chinese)
Thank you.
--ilv
If this conversation moves elsewhere, I would really like to be kept in the loop.
To all the people interested, below you'll find a wiki page where we can keep track of all the ideas that have come up. If you have your own idea, please add it :)
https://trac.torproject.org/projects/tor/wiki/org/roadmaps/GetTor/future
Best, --ilv
-
Adam Pritchard -
ilv