[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Thoughts on proxy setup wrt insecure connections

On 2/28/2011 6:35 PM, Lucky Green wrote:
This article is good intro to how the STARTTLS command would be used:

In short, the client sends the STARTTLS command to the server to
indicate a desire to use TLS encryption for the connection.

STARTTLS is most widely used with SMTP, POP, and IMAP.

The genesis of the STARTTLS command was a realization that the earlier
approaches to adding TLS security to existing TCP protocol-based
services suffered from a systemic flaw: "wrapping" the connection in TLS
and offering the "wrapped" service on a different port in effect
required doubling the number of assigned ports. One port for the
cleartext version, one port for the TLS version.

(This turned out to be less of a problem in practice than anticipated at
the time of the creation of the STARTTLS command, as the growth of
encryption was paralleled by a reduction in ports on which many hosts
connected to the Internet may transmit packets due to ISP level
filtering and the rise of NAT. But that's a discussion for a different
mailing list).


What about cases where mail servers REQUIRE checking "use SSL / TLS" in email clients? There are (in Thunderbird, for instance) separate security connection options of "SSL / TLS" and "STARTTLS" , in both incoming / outgoing server settings. In context of what's being discussed, is one more desirable / secure, in terms of privacy, etc?
tor-talk mailing list