[Cryptography] ISPs caught in STARTTLS downgrade attacks

Bill Frantz frantz at pwpconsult.com
Fri Nov 14 23:43:27 EST 2014

On 11/14/14 at 3:01 PM, leichter at lrw.com (Jerry Leichter) wrote:

>that is, the only service that encrypted connections would 
>break - is spam and malware detection.  And there are 
>alternative architectures even there, and strong arguments for 
>why such services belong at the endpoints, not in the network itself.

I hope these alternative architectures which put the services in 
the end point include an economic analysis of the load of email 
that would be sent over cell phone connections with their 
limited "free" data.

I remember the mail bomb effect when my email address was used 
as a From: address by a spamer. I got an incredible number of "I 
have treated your email as spam ..." message from Barracuda 
email gateways, well over 5000. I'm glad I didn't get that when 
my net access was through my phone.

So long as there are telephone companies involved, bits won't be 
free. :-(

Cheers - Bill

Bill Frantz        | There are now so many exceptions to the
408-356-8506       | Fourth Amendment that it operates only by
www.pwpconsult.com | accident.  -  William Hugh Murray

More information about the cryptography mailing list