On Tue, Jul 25, 2017 at 4:13 PM, Ted Cabeen <ted.cab...@lscg.ucsb.edu> wrote:
> On 7/25/2017 8:14 AM, Vladimir Dubrovin via mailop wrote: > >> STARTTLS is opportunistic and doesn't protect against active >> Man-in-the-Middle. In case of TLS problems it falls back to plain text. >> > > Interestingly, that's not always the case now. We typoed the cert on one > of our list servers earlier this year, and discovered that Google outbound > SMTP will not downgrade from TLS to plain text. If you offer STARTTLS and > then break the handshake, they bounce the mail. I presume that it's a > protection against downgrade attacks, but that's just a guess. This has been the case for Google for more than three years. Which doesn't mean that MITM can't happen, just that if it does, it should be more obvious, both from our transparency report, etc. Agreed that STS and DANE are the solution for enforcing, however it's still early days for those. Brandon
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop