EmailDiscussions.com - View Single Post

ppm · 15 Sep 2018, 07:30 PM

In the Fastmail blog, a June 2018 post talks about STARTTLS (https://fastmail.blog/2018/06/27/let...ls-everywhere/).

When testing Fastmail.com on the STARTTLS Everywhere site (https://starttls-everywhere.org/results/?fastmail.com), it reveals that Fastmail.com's mailserver supports STARTTLS, uses great TLS parameters, and presents a valid certificate, which is tops.

However, it also says that the Fastmail.com domain was not added to the Electronic Frontier Foundation's STARTTLS Policy List, which would reportedly help mitigate downgrade attacks, so servers have another point of reference to discover that Fastmail support STARTTLS.

May Fastmail consider doing so?

15 Sep 2018, 07:30 PM	#1
ppm Member Join Date: Nov 2003 Location: Hong Kong Posts: 79	Getting STARTTLS Everywhere In the Fastmail blog, a June 2018 post talks about STARTTLS (https://fastmail.blog/2018/06/27/let...ls-everywhere/). When testing Fastmail.com on the STARTTLS Everywhere site (https://starttls-everywhere.org/results/?fastmail.com), it reveals that Fastmail.com's mailserver supports STARTTLS, uses great TLS parameters, and presents a valid certificate, which is tops. However, it also says that the Fastmail.com domain was not added to the Electronic Frontier Foundation's STARTTLS Policy List, which would reportedly help mitigate downgrade attacks, so servers have another point of reference to discover that Fastmail support STARTTLS. May Fastmail consider doing so?