blob: c665ac7b3d1a202ac44814ed88f751e0a4b4b0d4 (
plain)
1
2
3
4
5
6
7
8
|
[[!comment format=mdwn
username="guilhem"
avatar="http://cdn.libravatar.org/avatar/86d6cb4bde1ef88730b14ccad0414c28"
subject="comment 1"
date="2015-06-05T15:52:00Z"
content="""
I'm all for ubiquitous encryption, but note that without TLSA records and DNSSEC, any MX is trivially vulnerable to downgrade attacks: an adversary sitting in the middle can easily strip the STARTTLS EHLO/HELO response, and force the communication to happen in the clear :-P
"""]]
|