I don’t really understand the need for STARTTLS. What am I missing?
As far as I understand service providers of text protocols (e.g. SMTP, LDAP, etc) can secure their protocol communication in one of two ways:
Method 1: Text protocol over a secure socket
Just like any other TCP connection you can wrap a connection in a SSL/TLS socket without the underlying protocol (LDAP, SMTP, etc) knowing about it. When this is done for SMTP this is sometimes referred to as
SMTPS protocol although technically speaking SSMTP or SMTPS is not really a protocol in itself. This is completely similar to HTTP and HTTPS. Along the same line we could invent an abbreviation like
LDAPS for LDAP over a secure socket. (indeed this abbreviation is used)
The dis-advantage of doing it this way is that the server endpoint would need two different ports, one for unsecure and another for secure traffic. Compare to webservers where HTTP use port 80 and HTTPS use port 433 by convention.
You do not need explicit support in your client (being it e-mail, LDAP or whatever) to handle this scenario. You can simply wrap the traffic using an external tool such as stunnel.
Method 2: Text protocol with STARTTLS extension
STARTTLS on the other hand is something else. It is an extension to plain text protocols like SMTP that ‘switches’ the connection to a secure SSL/TLS encrypted channel after the initial handshake which happens unsecured. The client and the server starts out unsecured and if they both support the STARTTLS extension then they can switch to using secure connection …. still on the same socket. This allows the server to serve both secure and unsecure connection on the same listening socket.
Confusingly STARTTLS doesn’t actually imply use of TLS; it can just as well be SSL which is used for the encryption of the socket.
As this is an extension to the underlying protocol your client application (as well as the server for that matter) needs to explictly support the STARTTLS extension for this to work. (if e-mail client: must support ‘SMTP with STARTTLS extension‘, if LDAP client: must support ‘LDAP with STARTTLS extension‘, and so on).
What is the problem ?
The amount of documentation in e-mail client applications, SMTP servers, LDAP servers, MTAs (sendmail, postfix) that fail to adequately distinguish between these two methods is amazing !!
Which one to use ?
Both setups provide the same level of security, as far as I know. However officially (at least for protocols like SMTP and LDAP) the method (1) is now deprecated in favour of (2).
I kind of like (1) though because it is something that can be applied without concern for the underlying software. Perhaps I’m just old-fashioned. I don’t see the huge and absolutely must-have reason for why STARTTLS extension was invented. If it was such an important thing to have as part of the text protocol itself then I think the idea would have gone into the HTTP world as well. If HTTP world could live without it why was it so important to get STARTTLS into SMTP, LDAP, etc ? (actually the same thing was attempted in HTTP world via RFC2817 but unsurprisingly it has never really been used)
I have a feeling that I’ve either misunderstood something or missed something?