Re: proposed text for crypto-policies in Packaging Guidelines

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Fri, Aug 08, 2014 at 03:36:51PM +0200, Reindl Harald wrote:
> 
> Am 08.08.2014 um 15:21 schrieb Nikos Mavrogiannopoulos:
> > Postfix is a different kind of beast though. It does not typically use
> > TLS, but uses some kind of opportunistic security that allows anonymous
> > ciphersuites. So it's a bit hard to enforce anything there, as
> > man-in-the-middle attacks are possible by design
> 
> and keep in mind in case of opportunistic TLS if you restrict
> ciphers and the SMTP client don't support what you offer it
> falls back to completly plaintext which defeats the intention

Falling back to an insecure cipher only provides a false sense of security which isn't any better than plaintext.

- -- Eric

- --------------------------------------------------
Eric "Sparks" Christensen
Red Hat, Inc - Product Security

sparks@xxxxxxxxxx - sparks@xxxxxxxxxxxxxxxxx
097C 82C3 52DF C64A 50C2  E3A3 8076 ABDE 024B B3D1
- --------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQGcBAEBCgAGBQJT5NRCAAoJEB/kgVGp2CYvfkwL+gL275nmp59R5YdmRUmqgZ7Q
9iNuTuAtNN6euY4llznWjiqHSTeoy6/A8821R2vCEBZQG0G0bq1ZXDJDsLoODkH3
13O57z4PcXaRNC6IjGATAvsX39ca2xlsmW1hrDS+15UEQRmkuuZ304DlydatqUIz
5LrEyUd3FkHbBaUmAHXK5BFEGtC7b+lOPwe+gDW1GAPkz89qwoKn8PSXVOwyyZLo
xAyQ1J2A4LgLI6Utl1fQk8sYgY7Ro6oD8Bmr5IDf17I62lstnV3tJazqkXT0gJWL
Mwf+IZIRJgAcLU7af/S6vsrkK+skgiVWoHE14C4hvpYvVAnKeabTleq1POmSZbAL
Nqk/Qk764AmZqZWab+ZUuuobtBcv63kJRCnwgL8K300fEtaNXJYBju5wZbgPiIKA
BOTXydbZsA9nV+CUuD1tdtK/7RU+vWecYWCoUKidFJ7tCV3b/u2CSW3HnrbdEygM
kOXBa7Q/sOEbB04WSAQC1QS4pa1r+KfymhWCiAb91g==
=N05U
-----END PGP SIGNATURE-----
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux