> Here is an extract of the paragraphs dealing with TLS in the draft, so that > you can easily see what to comment (wording improvement, missing stuff...). > > The point of COMPRESS as an NNTP extension is to behave as a > transport layer, similar to STARTTLS [RFC4642]. Compression can > therefore benefit to all NNTP commands sent or received after the use > of COMPRESS.
It kind of sounds doomed under threat models with active attackers. The active attacker can swallow the STARTTLS message and no one would be the wiser. How does the protocol thwart downgrades under active attackers? Jeff _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
