On Tue, Sep 03, 2013 at 06:31:33PM -0700, Ian Fette (????????) wrote:
> However, one of the problems with SMTP is that it's not known to
> the sending server whether the receiving server supports STARTTLS
> a-priori. Similar downgrade vulnerabilities exist for other
> protocols that rely on STARTTLS-type commands.
This is well understood, and downgrade resistance is built into:
https://tools.ietf.org/html/draft-dukhovni-smtp-opportunistic-tls-01
as well as the earlier:
https://tools.ietf.org/html/draft-ietf-dane-srv-02
and not surprisingly into the Postfix DANE implementation, currently
available in the 2.11-20130825 snapshot from www.postfix.org or
from the Debian experimental package repository.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
