* Thomas Walter via mailop: > Their conclusion is that all vulnerabilities rely on the transition of > an insecure connection to a secure connection.
No surprise there. > While it does not seem to be an urgent issue, it might help if we'd > get people to switch to implicit TLS where possible… I know of one large organisation which supports authentication over unencrypted channels for the purpose of mail submission. In 2021, this may seem like a terrible joke, but is apparently a deliberate choice (with which I strongly disagree but am in no position to affect). In that particular instance, STARTTLS vulnerabilities hardly seem like a reason for immediate concern. -Ralph _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
