[Standards] Fwd: [Uta] STARTTLS vulnerabilities

Peter Saint-Andre stpeter at mozilla.com
Wed Aug 11 21:49:10 UTC 2021


On 8/11/21 3:35 PM, Kim Alvefur wrote:
> On Wed, Aug 11, 2021 at 02:25:56PM -0600, Peter Saint-Andre wrote:
>> Too bad we didn't stick to our guns in 2003 and insist on two ports
>> instead of one, but STARTTLS was the recommended approach back then...
> 
> We were always at war with STARTTLS?

We would have preferred to keep using port 5223 for TLS-only, but at
that time (2003/2004) IETF/IESG policy was "don't use so many ports,
STARTTLS makes it so that you only need one".

Peter


More information about the Standards mailing list