[Cryptography] STARTTLS, was IAB Statement on Internet Confidentiality

Tom Ritter tom at ritter.vg
Wed Nov 19 09:59:44 EST 2014


On 18 November 2014 18:50, John Levine <johnl at iecc.com> wrote:
>>> Am I really the only person here who is interested in what actually
>>> happened, as opposed to what hypothetically might happen on some
>>> non-existent network at some time in the unknown future?
>
> Hmmn.  Apparently the answer is "yes".

Or we tend to skip over threads with a low fact:opinion ratio ;)

> A few seconds of googlage finds this article, which after you skip
> over the breathless bits, tells us that this was port 25 on Cricket
> Wireless, a prepaid mobile subsidiary of AT&T, i.e., a consumer
> network without static IP addresses or mail servers.
>
> http://arstechnica.com/tech-policy/2014/11/condemnation-mounts-against-isp-that-sabotaged-users-e-mail-encryption/
>
> Blocking port 25 on consumer networks to prevent outgoing spam, with
> real mail submitted on port 587 with authentication, has been an ISP
> best practice for over a decade.  Here, for example, is a
> recommendation on the topic that MAAWG published in 2005:
>
> https://www.maawg.org/sites/maawg/files/news/MAAWG_Port25rec0511.pdf
>
> Some large networks, notably Comcast, experimented with rate limiting
> or filtering post 25 back in the early 2000s, on the assumption that
> there would be fewer support calls than they'd get with outright
> blocks.  That turned out to be wrong; when they turned on blocking
> they got a spike of calls for a few days while people got their mail
> programs reconfigured, then the calls and the spam complaints
> disappeared.  The question here is how a part of AT&T a decade later
> didn't get the memo.

But then why didn't Cricket do what Comcast does, and just block it,
instead of doing this super-sketchy 'Let's just remove the crypto and
inspect the user's data' approach?  Or, what I think is a fairly
reasonable tactic that some ISPs do on consumer home ISPs, and block
ports but let you opt-out in your user account.  (I had an ISP that
blocked 80 and 25, and two checkboxes to immediately undo it.)

-tom


More information about the cryptography mailing list