Jim Fenton <[email protected]> wrote: > > - Some ambiguity about when the REQUIRETLS extension should be > advertised. The draft had assumed that it would be advertised on any > EHLO response, even before STARTTLS had occurred.
Doesn't that open up a denial of service vulnerability, where an attacker can make a client incorrectly think a server requires TLS. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ - I xn--zr8h punycode Shannon: South or southwest 5 to 7, occasionally gale 8 at first. Very rough, becoming rough. Fog patches. Moderate or good, occasionally very poor. _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
