[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [nmh-workers] logging outgoing messages

From: Steffen Nurpmeso
Subject: Re: [nmh-workers] logging outgoing messages
Date: Thu, 11 Jul 2019 17:22:04 +0200
User-agent: s-nail v14.9.13-111-g4bb54f29

Ken Hornstein wrote in <address@hidden>:
 |all of the time?  Secondly ... I am seeing more and more authentication
 |methods that require keeping some kind of state and possibly user
 |interaction in the MUA (GSSAPI and XOAUTH2 are two examples that I have
 |personally encountered), and that makes doing authentication in the MTA

I could not disagree more, and if its for political reasons;
i think that today with TLS plain passwords are all you need,
other cruft should leave codebases as soon as possible.  The only
exception comes with the availability of a system like Kerberos,
which can provide you local tickets, with timeouts etc. as
requested, shared in between multiple applications in a secure
way.  I once had "kdestroy -A" in my shell logout file, today
i would hook that into my on-lid-close script.

Unfortunately i am too stupid to do the real thing and use GELI on
FreeBSD aka dm-crypt/LUKS on Linux, ie block level encryption, but
even i have an encfs directory which serves my config files, and
one encfs loaded once a week which stores the keys.  The former
includes a PGP encrypted .netrc-style file, which holds all the
credentials for Google and my S/MIME keys (my MUA supports
"pseudo-hosts" like USER@HOST.smime-cert-key, .smime-cert-cert and
.smime-include-certs), and becomes decrypted on the fly.  Of
course my MUA is still primitive and kees that decrypted stuff in
clear, neither does it mprotect() the region nor zeroes that after
use.  I do not use suspend-to-disk, but still.  And it would be
better with encfs2, but that will not happen i guess.

 |very problematic.  I think the days of embedded plaintext passwords in
 |your MTA configuration file are slowly coming to an end.

Some kind of shared TLS private key and password service that
daemons can use to load such, before they start their privilege-
separated childs which only have the readily prepared sessions.
And to be unlocked with a Yubikey first.  (And with an option to
implant that under the skin of an administrators living flesh.)
Brave new world.

 |Like I said in my previous email ... we'll continue to support that.
 |But I can't recommend it to the average nmh user.
 --End of <address@hidden>

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]