View Single Post
Old 17 Sep 2018, 12:58 AM   #3
Join Date: Nov 2003
Location: Hong Kong
Posts: 55
Thanks, Tim

Originally Posted by BritTim View Post
The real solution to the man-in-the-middle attacks that allow downgrading of the security in message transfers is improved security around DNS. As I understand it, there are no known ways to intercept SMTP traffic via downgrade attacks when DNSSEC is properly implemented. The EFF STARTTLS policy list, which may or may not make a difference depending on whether the correspondent mail service references it, is an inelegant hack.
Thanks for your comment on my query. Looks like this policy list is not so useful, then.
ppm is offline   Reply With Quote