Tony Finch wrote:
Of course MUAs should just use the protocol's negotiation features to
auto-configure the most secure settings possible.
strongly disagree. the problem is that when you try to negotiate the
most secure settings possible, you often create a way for the
negotiation to be dumbed down by an attacker to the least secure setting
possible.
e.g. for an MUA that tries first to use an "SSL port" and if that fails,
tries to use the normal port without SSL (and sending the password in
cleartext) all the attacker has to do is arrange for the client to see
an ICMP port unreachable packet or TCP RST at the right time, after
which the client will happily send the user's password in cleartext.
Keith