[Standards] Fwd: [Uta] STARTTLS vulnerabilities

Ruslan N. Marchenko me at ruff.mobi
Thu Aug 12 05:48:43 UTC 2021


Am Mittwoch, dem 11.08.2021 um 14:25 -0600 schrieb Peter Saint-Andre:
> Too bad we didn't stick to our guns in 2003 and insist on two ports
> instead of one, but STARTTLS was the recommended approach back
> then...
> 
I am still not convinced the STARTTLS is ultimate evil. SMTP had way
too many bugs in its implementation over its history, still no one
considers it evil. And that's just yet another of those bugs. And
considering network transparency becomes bigger rarity nowadays - port
multiplication is a must. And we are yet to see how many of similar
bugs will be in alpn/sni implementations.

--rr



More information about the Standards mailing list