On Tue, 08 Jan 2019 22:07:49 +0530, Viruthagiri Thirumavalavan said:
smtps protects everything from top to bottom like https. In opportunistic
encryption, the conversation get started as plain text and gets upgraded to
a secure connection when the sever presents an opportunity.
Why do you wanna combine both?
It would be a useful exercise to go through and enumerate the exact difference
between the protection provided by smtps that starttls doesn't provide.
Hint: If starttls is subject to a downgrade attack, what prevents the same
attack
against the same pair of hosts attempting smtps instead?
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp