From 38f40ed92976da590bf98df857cb6ced0d084d0d Mon Sep 17 00:00:00 2001 From: guilhem Date: Fri, 5 Jun 2015 17:52:00 +0200 Subject: Added a comment --- .../comment_1_96728869b78cedfd11594828615e5079._comment | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment (limited to 'tracker') diff --git a/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment b/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment new file mode 100644 index 0000000..c665ac7 --- /dev/null +++ b/tracker/Poor_score_on_starttls.info/comment_1_96728869b78cedfd11594828615e5079._comment @@ -0,0 +1,8 @@ +[[!comment format=mdwn + username="guilhem" + avatar="http://cdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28" + subject="comment 1" + date="2015-06-05T15:52:00Z" + content=""" +I'm all for ubiquitous encryption, but note that without TLSA records and DNSSEC, any MX is trivially vulnerable to downgrade attacks: an adversary sitting in the middle can easily strip the STARTTLS EHLO/HELO response, and force the communication to happen in the clear :-P +"""]] -- cgit v1.2.3