> Microsoft’s point-to-point tunneling protocol version 1.0 was a miserable > failure. Version 2.0 closed up many of those holes and was widely regarded > as secure, except for a configuration option which was on by default: “Enable > backwards compatibility.” So to exploit a PPTP 2.0 connection, you just had > to connect and give it a 1.0 handshake, at which point it would fall back > into an insecure mode.
https://www.schneier.com/paper-pptpv2.html Check section 5.1, “Version rollback attacks”. Full details there.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
