ietf1@ietf.org writes:
> It did teach me the importance of protecting against the
> man-in-the-middle attack. This is not often done, at least not by
> default, in many STARTTLS implementations.
Indeed. The problem is that it's pretty hard to determine
a priori what certificate the peer server ought to be offering,
due to mail relaying and MX records.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/