[tor-talk] Thoughts on proxy setup wrt insecure connections
Joe Btfsplk
joebtfsplk at gmx.com
Mon Mar 21 13:18:21 UTC 2011
On 2/28/2011 6:35 PM, Lucky Green wrote:
> Joe,
> This article is good intro to how the STARTTLS command would be used:
> http://en.wikipedia.org/wiki/STARTTLS
>
> In short, the client sends the STARTTLS command to the server to
> indicate a desire to use TLS encryption for the connection.
>
> STARTTLS is most widely used with SMTP, POP, and IMAP.
>
> The genesis of the STARTTLS command was a realization that the earlier
> approaches to adding TLS security to existing TCP protocol-based
> services suffered from a systemic flaw: "wrapping" the connection in TLS
> and offering the "wrapped" service on a different port in effect
> required doubling the number of assigned ports. One port for the
> cleartext version, one port for the TLS version.
>
> (This turned out to be less of a problem in practice than anticipated at
> the time of the creation of the STARTTLS command, as the growth of
> encryption was paralleled by a reduction in ports on which many hosts
> connected to the Internet may transmit packets due to ISP level
> filtering and the rise of NAT. But that's a discussion for a different
> mailing list).
>
> --Lucky
> _______________________________________________
>
What about cases where mail servers REQUIRE checking "use SSL / TLS" in
email clients? There are (in Thunderbird, for instance) separate
security connection options of "SSL / TLS" and "STARTTLS" , in both
incoming / outgoing server settings. In context of what's being
discussed, is one more desirable / secure, in terms of privacy, etc?
More information about the tor-talk
mailing list