[Cryptography] Facebook on the state of STARTTLS
Salz, Rich
rsalz at akamai.com
Tue May 20 17:17:30 EDT 2014
> I wouldn't say "futile," but I would say that there are some challenges.
I think many people are missing the point.
By default, SMTP traffic is unauthenticated cleartext. You have no idea who is at the other end and anyone can sniff the packets along the way. With STARTTLS, traffic is unauthenticated ciphertext. You have no idea who is at the other end, but only the endpoint (or those who compromised it) can see the content. Many people consider that progress, even though it is still unauthenticated.
/r$
--
Principal Security Engineer
Akamai Technologies, Cambridge, MA
IM: rsalz at jabber.me; Twitter: RichSalz
More information about the cryptography
mailing list