On Jan 8, 2019, at 12:23 PM, valdis(_dot_)kletnieks(_at_)vt(_dot_)edu wrote:
Hint: If starttls is subject to a downgrade attack, what prevents the same
against the same pair of hosts attempting smtps instead?
IOW, if the server is only listening on port 26, and the client is being
MITM'd, the attacker can listen on port 25 and then tunnel the client
connection to the server's port 26. Only if the client knows that the server
supports TLS can you prevent a downgrade, and then STARTTLS works fine. So
you need some secure way of signaling this, e.g. DNSSEC, and if you have that,
then you don't need a second port allocation.
ietf-smtp mailing list