On Fri, Dec 28, 2001 at 02:40:29AM +0000, Matthew Byng-Maddick wrote:
> > Grr. You seem to have misparsed what I said.
> > 1. If an MTA advertises starttls, exim sends to it over TLS by default
>
> This, IMHO, is extremely broken behaviour.
I think you've made that clear, and others (including myself) disagree. If
you advertise TLS to me, I will use it.
If you then give me a 4xx or 5xx because you can't really do TLS, even
though you did advertise it, then you don't get mail from me until you fix
your MTA to do TLS or to stop advertising it.
I'm well aware that TLS without knowing the identity of the remote server
opens to MITM attacks, but it's still better than sending cleartext, where I
know that it will definitely get compromized if anyone is listening.
This all seems to be poor excuses in an attempt to justify broken
configuration of MTAs that advertise TLS without being able to actually do
it.
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page:
http://marc.merlins.org/ | Finger marc_f@??? for PGP key