RFC: fully secure SMTP connection for "hg email"

Kevin Bullock kbullock+mercurial at ringworld.org
Mon Mar 18 15:53:34 CDT 2013


On Mar 18, 2013, at 3:11 PM, Matt Mackall wrote:

> On Mon, 2013-03-18 at 01:42 +0900, FUJIWARA Katsunori wrote:
>>  3. do nothing any more in Mercurial
>> 
>>     for fully secure SMTP connection, users should use some external
>>     tools supporting STARTTLS/SMTPS with valid cacerts
>> 
>>     it should bore users, especially on Windows (for limited/un-easy
>>     options)
> 
> Here are the possible things a MITM attacker can do here:
> 
> a) tamper with an email
> b) blackhole an email
> c) read a secret email
> d) forge an email
> e) intercept SMTP auth login credentials (for plain auth modes)
> 
> But if we presume MITM capability, we can usually do (a) through (c) on
> the insecure delivery side of the SMTP server instead. And of course, we
> don't need MITM at all for (d).
> 
> So I would rate (a) through (d) as "meh". These are the sort of things
> we're supposed to use GPG for (there's a good little project for
> someone).

GSoC project? :)

> But (e) continues to be a real concern that we should aim to prevent.

Indeed.

pacem in terris / мир / शान्ति / ‎‫سَلاَم‬ / 平和
Kevin R. Bullock



More information about the Mercurial-devel mailing list