[Cryptography] Certificates and PKI

[John Levine]

>That is part of the point of opportunistic encryption:  force the 
>attacker to go active.  Now that we see ISPs are stripping the STARTTLS 
>flag, ...

Actually they aren't, except in a few obscure cases where the client
shouldn't have been sending mail, with or without TLS, in the first
place.  The EFF, as too often happens, leapt to unwarranted
paranoid conclusions about an ambiguous report.

See the endless discussion of this topic if you want to know what's
actually going on.

R's,
John