[tor-bugs] #10836 [TorBirdy]: Enable mail account autoconfig dialog in TorBirdy

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Feb 12 16:41:10 UTC 2014 

#10836: Enable mail account autoconfig dialog in TorBirdy
-----------------------------+-----------------
     Reporter:  ben          |      Owner:  ben
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:
    Component:  TorBirdy     |    Version:
   Resolution:               |   Keywords:
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+-----------------

Comment (by ben):

 > Mailserver hostnames for the email address user@… would have to match
 *.example.com. If it doesn't match we fall back to manual configuration.
 I'm wondering how many email addresses would fail this test..

 All hosted customer domains. I register lastname.name, and don't set up a
 whole server for myself, but use shared hosting. If I also want SSL
 without hostname/cert mismatch, I will always have a different email
 server hostname than my email address domain.

 > Don't check DNS MX records for mail configurations. This may need some
 rethinking for DNSSEC.

 Likewise, this will break **all** hosted domains. I know it's weak, but
 this part is actually important. The attack surface is reduced by the fact
 that Mozilla's server makes the MX lookup, and the result comes via HTTPS.
 (If Mozilla ever implements arbitrary DNS lookups, we could do both and
 compare the two results.)

 I don't hope for DNSSEC anymore. (Very broken concepts in the spec, which
 hinders deployment.)

 > A successful attack would require a certificate for a hostname under the
 domain of the email address (since we only fetch/send emails via
 SSL/STARTTLS).

 Note that many states, including China, Spain etc., have root CAs. These
 CAs not just in the country, they are directly for parts of the state. I
 guess that's a broader discussion and we secure one point at a time. Just
 wanted to point this out.

 > I realized that autoconfig xml files can be used for more than just
 mailserver hostnames and ports/protocols, I'll look at it [2] in more
 detail to assess if that
 opens any new attack vectors. Ben, is [2] up to date?
 ​https://wiki.mozilla.org/Thunderbird:Autoconfiguration:ConfigFileFormat

 It should be. (If not, please tell me.) In some parts it's even ahead of
 the implementation, for example: The spec considers LDAP configuration for
 the future, but Thunderbird currently only configures mail accounts this
 way.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10836#comment:14>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list