[Cryptography] STARTTLS, was IAB Statement on Internet Confidentiality
Phillip Hallam-Baker
phill at hallambaker.com
Wed Nov 19 21:07:52 EST 2014
On Wed, Nov 19, 2014 at 11:30 AM, John Levine <johnl at iecc.com> wrote:
>>But then why didn't Cricket do what Comcast does, and just block it,
>>instead of doing this super-sketchy 'Let's just remove the crypto and
>>inspect the user's data' approach?
>
> Good question. Other parts of AT&T certainly understand this issue;
> some AT&T people helped write that MAAWG memo I pointed to.
Did anyone take a look at what they were doing on the SUBMIT port?
Given that it is wireless, I suspect that some idiot compression
scheme was the issue rather than anti-spam or malice. If it was only
on port 25 it was likely because the people doing it were too
ill-informed to know about SUBMIT.
Its just an attack and the security protocol should defend against it.
PHB
More information about the cryptography
mailing list