STARTTLS and sp*m

S.P.Zeidler spz at
Wed Apr 16 23:31:42 CEST 2008


Thus wrote Tim (tim-projects at

> I've performed my share of MitM
> attacks, and in this particular protocol there are several very
> effective strategies if the end points try to be forgiving about
> STARTTLS support.

and some are entirely unintentional. Pix, inspect smtp, aaaaargh!

FWIW, in my own little pond I have my own little CA for mail, and if a
host speaks STARTTLS -and- verifies, they may relay, and they are exempt
from any other checks (for spammyness).

This doesn't extend well to other ponds that do the same though, a map
that gives client certificate to use for destination server would help

spz at (S.P.Zeidler)

More information about the ipv6-ops mailing list