Proposal: Add support for STARTTLS measurements [STARTTLS]
Dear RIPE Atlas users, We recently published a RIPE Labs article containing a few proposals: https://labs.ripe.net/author/kistel/five-proposals-for-a-better-ripe-atlas/. We'd like to encourage you to express your comments about this proposal (if you'd like to share them) here. Regards, Robert Kisteleki For the RIPE Atlas team
Hello, As a security and privacy specialist, I am absolutely in favour of RIPE Atlas gaining the ability to detect and measure phenomena such as STARTTLS stripping, certificate replacement, etc. Cheers, Alex
Hi Alex, Thanks for your support! Please note that the proposal as yet does not include the ability to validate. The proposal does deliver upon the information which would enable such to happen. In effect it adds upon the existing SSL measurement and will provide the same level of information. Just to clarify. Cheers, Michel
On 15 Dec 2022, at 06:11, Alexander Burke via ripe-atlas <ripe-atlas@ripe.net> wrote:
Hello,
As a security and privacy specialist, I am absolutely in favour of RIPE Atlas gaining the ability to detect and measure phenomena such as STARTTLS stripping, certificate replacement, etc.
Cheers, Alex
-- ripe-atlas mailing list ripe-atlas@ripe.net https://lists.ripe.net/mailman/listinfo/ripe-atlas
Hi Robert, i really appreciate the introduction of STARTTLS measurements! But if you do so, i strongly recommend to also introduce four new System Tags: IPv4 FCrDNS working IPv4 FCrDNS not working IPv6 FCrDNS working IPv6 FCrDNS not working A lot of mailservers will block or cancel inbound connections, if the sending server has no Forward-confirmed reverse DNS record. Some mailservers do this immediately, others do it at a later communication stage. So, when someone would create a new STARTTLS measurement, it would be a huge help to be able to only choose probes, which have FCrDNS. It shouldn't matter, if it's a simple or obfuscated DNS record. Please also take into consideration, to make FCrDNS mandatory for (new) anchors. BR, Simon On 14.12.22 15:04, Robert Kisteleki wrote:
Dear RIPE Atlas users,
We recently published a RIPE Labs article containing a few proposals: https://labs.ripe.net/author/kistel/five-proposals-for-a-better-ripe-atlas/. We'd like to encourage you to express your comments about this proposal (if you'd like to share them) here.
Regards, Robert Kisteleki For the RIPE Atlas team
participants (4)
-
Alexander Burke -
Michel Stam -
ripe.net@toppas.net -
Robert Kisteleki