previously on this list Kevin Chadwick contributed:

> With STARTTLS I believe there is a clear text race where an attacker can
> create a response stating STARTTLS is unsupported resulting in
> cleartext transmission which I believe would not be the case for smtps.

If as I guess there isn't any good solution? Would it be an idea and
how much effort would it be to track servers supporting STARTTLS and
refuse plain text in the future. Or is it enough to know a request for
STARTTLS means that an IP supports STARTTLS for a short period?

-- 
_______________________________________________________________________

'Write programs that do one thing and do it well. Write programs to work
together. Write programs to handle text streams, because that is a
universal interface'

(Doug McIlroy)

In Other Words - Don't design like polkit or systemd
_______________________________________________________________________

-- 
You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to