[Top] [All Lists]

Re: [ietf-smtp] SMTP Over TLS on Port 26 - Implicit TLS Proposal

2019-01-08 11:23:38
On Tue, 08 Jan 2019 22:07:49 +0530, Viruthagiri Thirumavalavan said:
smtps protects everything from top to bottom like https. In opportunistic
encryption, the conversation get started as plain text and gets upgraded to
a secure connection when the sever presents an opportunity.

Why do you wanna combine both?

It would be a useful exercise to go through and enumerate the exact difference
between the protection provided by smtps that starttls doesn't provide.

Hint: If starttls is subject to a downgrade attack, what prevents the same 
against the same pair of hosts attempting smtps instead?

ietf-smtp mailing list

<Prev in Thread] Current Thread [Next in Thread>