diff options
| -rw-r--r-- | tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment b/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment new file mode 100644 index 0000000..c665ac7 --- /dev/null +++ b/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="guilhem" + avatar="http://cdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28" + subject="comment 1" + date="2015-06-05T15:52:00Z" + content=""" +I'm all for ubiquitous encryption, but note that without TLSA records and DNSSEC, any MX is trivially vulnerable to downgrade attacks: an adversary sitting in the middle can easily strip the STARTTLS EHLO/HELO response, and force the communication to happen in the clear :-P +"""]] |