Added a comment

author: guilhem <guilhem@web> 2015-06-05 17:52:00 +0200
committer: Fripost Admins <admin@fripost.org> 2015-06-05 17:52:00 +0200
commit: 38f40ed92976da590bf98df857cb6ced0d084d0d (patch)
tree: be80117fd716113a5f81e481cccf46d03f4eecc0 /tracker
parent: 69cef551f928773ad81001f7436343976cf0b446 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment b/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment
new file mode 100644
index 0000000..c665ac7
--- /dev/null
+++ b/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="guilhem"
+ avatar="http://cdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28"
+ subject="comment 1"
+ date="2015-06-05T15:52:00Z"
+ content="""
+I'm all for ubiquitous encryption, but note that without TLSA records and DNSSEC, any MX is trivially vulnerable to downgrade attacks: an adversary sitting in the middle can easily strip the STARTTLS EHLO/HELO response, and force the communication to happen in the clear :-P
+"""]]
author	guilhem <guilhem@web>	2015-06-05 17:52:00 +0200
committer	Fripost Admins <admin@fripost.org>	2015-06-05 17:52:00 +0200
commit	38f40ed92976da590bf98df857cb6ced0d084d0d (patch)
tree	be80117fd716113a5f81e481cccf46d03f4eecc0 /tracker
parent	69cef551f928773ad81001f7436343976cf0b446 (diff)