Em maio 10, 2016 9:07 Kamil Cholewiński escreveu:
On Tue, 10 May 2016, Giancarlo Razzolini <grazzol...@gmail.com> wrote:
This is of limited usefulness.
All you need to do (as a mitm) is to block the connection on port 443,
client will now automagically fall back to using 80 and plain text...
It's even easier than filtering out STARTTLS for SMTP. Go google some,
why opportunistic encryption is a bad idea.
K.
Limited? Sure. STARTTLS is a bad idea and I didn't meant that by any
circumstance. Opportunistic encryption is a bad idea. As it is DNS, as it is
DNSSEC, as it is TLS. But it is what he have. For now. Ironically, google does
it, facebook does it, twitter does it, pretty much every freaking big site
does it. Don't beat a dead horse anymore. As I said, all I cared about was the
anon cvs page. Which now I can access over TLS, even if I have to guess it is
accessible over TLS.
Cheers,
Giancarlo Razzolini
