[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Thoughts on proxy setup wrt insecure connections

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Thoughts on proxy setup wrt insecure connections
From: Joe Btfsplk <joebtfsplk@xxxxxxx>
Date: Mon, 21 Mar 2011 08:18:21 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 21 Mar 2011 09:18:47 -0400
In-reply-to: <4D6C3F3D.9030207@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4D6BFF60.5070104@xxxxxxxxx> <20110228123045.126721b1@xxxxxxxxx> <4D6C1481.2010601@xxxxxxxxx> <4D6C384D.5050905@xxxxxxx> <4D6C3F3D.9030207@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9

On 2/28/2011 6:35 PM, Lucky Green wrote:

Joe,
This article is good intro to how the STARTTLS command would be used:
http://en.wikipedia.org/wiki/STARTTLS

In short, the client sends the STARTTLS command to the server to
indicate a desire to use TLS encryption for the connection.

STARTTLS is most widely used with SMTP, POP, and IMAP.

The genesis of the STARTTLS command was a realization that the earlier
approaches to adding TLS security to existing TCP protocol-based
services suffered from a systemic flaw: "wrapping" the connection in TLS
and offering the "wrapped" service on a different port in effect
required doubling the number of assigned ports. One port for the
cleartext version, one port for the TLS version.

(This turned out to be less of a problem in practice than anticipated at
the time of the creation of the STARTTLS command, as the growth of
encryption was paralleled by a reduction in ports on which many hosts
connected to the Internet may transmit packets due to ISP level
filtering and the rise of NAT. But that's a discussion for a different
mailing list).

--Lucky
_______________________________________________

What about cases where mail servers REQUIRE checking "use SSL / TLS" inemail clients? There are (in Thunderbird, for instance) separatesecurity connection options of "SSL / TLS" and "STARTTLS" , in bothincoming / outgoing server settings. In context of what's beingdiscussed, is one more desirable / secure, in terms of privacy, etc?

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] Iran cracks down on web dissident technology
Next by Author: Re: [tor-talk] Iran cracks down on web dissident technology
Previous by thread: Re: [tor-talk] Thoughts on proxy setup wrt insecure connections
Next by thread: [tor-talk] how to choise bridge by country
Index(es):
- Author
- Thread