On Sat 07/Feb/2015 14:51:20 +0100 Hanno Böck wrote: > On Sat, 7 Feb 2015 08:40:07 -0500 Jeff Potter wrote: > >> 465 has the benefit that the STARTTLS keyword can’t be MITM stripped. > > That's kinda the thing: STARTTLS doesn't really make that much sense > any more in a world where we essentially want to deprecate > non-crypto-logins. > > Mail settings with "starttls if available" should be considered > dangerous. If they use starttls they need to fixate that and make sure > it can't be randomly removed.
While I 100% agree, I note that "starttls if available" is the only choice for a server that relays the message. Even if there's no password exchange in that case, encrypted SMTP enhances privacy. My understanding was that, if massively adopted, it would have switched off 1984-like spying. Instead, the MITM attack that Jeff exemplified makes it clear that suitable appliances installed at the right backbone nodes remain undisturbed. Unlike 587, 465 doesn't seem to require authentication, so it could be used for relaying too. I consider it a protocol weakness that it's not standard. Ale -- ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
