On May 10, 2004, at 10:38, Eric A. Hall wrote:
Using an encrypted port just means an attack can only produce failure, rather than inducing fallback.
Clients generally default to using the unencrypted port.
Clients generally default to accepting non-STARTTLS connections.
Both require configuration changes to be fully secure. At least with starttls you are secure against a passive attacker (because clients use starttls if they can).
_______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf