[Cryptography] STARTTLS, was IAB Statement on Internet Confidentiality

Phillip Hallam-Baker phill at hallambaker.com
Wed Nov 19 21:07:52 EST 2014

On Wed, Nov 19, 2014 at 11:30 AM, John Levine <johnl at iecc.com> wrote:
>>But then why didn't Cricket do what Comcast does, and just block it,
>>instead of doing this super-sketchy 'Let's just remove the crypto and
>>inspect the user's data' approach?
> Good question.  Other parts of AT&T certainly understand this issue;
> some AT&T people helped write that MAAWG memo I pointed to.

Did anyone take a look at what they were doing on the SUBMIT port?

Given that it is wireless, I suspect that some idiot compression
scheme was the issue rather than anti-spam or malice. If it was only
on port 25 it was likely because the people doing it were too
ill-informed to know about SUBMIT.

Its just an attack and the security protocol should defend against it.


More information about the cryptography mailing list