Quote:
Originally Posted by BritTim
The real solution to the man-in-the-middle attacks that allow downgrading of the security in message transfers is improved security around DNS. As I understand it, there are no known ways to intercept SMTP traffic via downgrade attacks when DNSSEC is properly implemented. The EFF STARTTLS policy list, which may or may not make a difference depending on whether the correspondent mail service references it, is an inelegant hack.
|
Thanks for your comment on my query. Looks like this policy list is not so useful, then.