On Fri, Aug 08, 2014 at 12:19:21PM +0100, Kevin Chadwick wrote: > previously on this list Kevin Chadwick contributed: > > > With STARTTLS I believe there is a clear text race where an attacker can > > create a response stating STARTTLS is unsupported resulting in > > cleartext transmission which I believe would not be the case for smtps. > > If as I guess there isn't any good solution? Would it be an idea and > how much effort would it be to track servers supporting STARTTLS and > refuse plain text in the future. Or is it enough to know a request for > STARTTLS means that an IP supports STARTTLS for a short period? >
A good solution to what ? I don't understand your "clear text race" thing -- Gilles Chehade https://www.poolp.org @poolpOrg -- You received this mail because you are subscribed to [email protected] To unsubscribe, send a mail to: [email protected]
