[Ach] Fwd: E-Mail Protocol Security Measurements

Aaron Zauner azet at azet.org
Tue Jul 28 22:13:12 CEST 2015


* micah <micah at riseup.net> [28/07/2015 21:21:56] wrote:
> I dont understand why both XMPP and SMTP decided to go the route of
> deprecating tls-wrapped options and instead only do STARTTLS. This seems
> like a wrong approach.
> Even though 465 was deprecated by the IANA a long time ago, its still
> widely used for wrapped TLS. In fact, I use it for that purpose because
> I dont want to support a downgrade attack STARTTLS option.

Not sure either. I guess this was en vouge a while ago. The problem
is I don't want to recommend an officially deprecated port. Ideally
we'd speak TLS over 587 or something like that.

In-band protocol upgrades (especially for security purposes) have to
seem like a strange choice for anyone that has spent some time
reading up on network protocol security.

BTW: keep up the excellent work with rise-up ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150728/8e3c468d/attachment.sig>

More information about the Ach mailing list