[Standards] Fwd: [Uta] STARTTLS vulnerabilities

Philipp Hancke fippo at goodadvice.pages.de
Thu Aug 12 05:15:56 UTC 2021

Am 11.08.21 um 23:49 schrieb Peter Saint-Andre:
> On 8/11/21 3:35 PM, Kim Alvefur wrote:
>> On Wed, Aug 11, 2021 at 02:25:56PM -0600, Peter Saint-Andre wrote:
>>> Too bad we didn't stick to our guns in 2003 and insist on two ports
>>> instead of one, but STARTTLS was the recommended approach back then...
>> We were always at war with STARTTLS?
> We would have preferred to keep using port 5223 for TLS-only, but at
> that time (2003/2004) IETF/IESG policy was "don't use so many ports,
> STARTTLS makes it so that you only need one".

ah, one port is enough. But I do wonder if the old technique from 
(18 years...) is documented in some IETF document.
There is
but it only applies to DTLS.

More information about the Standards mailing list