On May 10, 2004, at 10:38, Eric A. Hall wrote:
Using an encrypted port just means an attack can only produce failure,
rather than inducing fallback.
Clients generally default to using the unencrypted port.
Clients generally default to accepting non-STARTTLS connections.
Both require configuration changes to be fully secure. At least with
starttls you are secure against a passive attacker (because clients use
starttls if they can).
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf