> On 5/10/2004 3:02 AM, RL 'Bob' Morgan wrote: > > So a "secure ports only" policy has very little to do with security and > > very much to do with organizational power relationships, and making > > your computing environment dysfunctional. > Somebody check my math on this please, but it seems to me that the whole > STARTTLS approach is succeptible to a specific attack which the secure > socket model is not. Your "math" is incorrect in that both STARTTLS and the separate port approach are vulnerable to this attack. In the separate port case an attacker has only to block the separate port completely, forcing a fallback to the regular port. (Not providing fallback in such cases is rarely a viable option.) It is also possible to interfere with the TLS negotiation itself, causing negotiation of unacceptably weak security. All of these attacks can be twarted by requiring (on either the client or server or both) a certain level of security. We've been providing the necessary knobs to enforce this for quite a few years now; I'm fairly sure other vendors have similar knobs. > Unless that's wrong for some reason, I'd say that a "secure ports policy" > actually is more secure. It isn't. See above. Ned _______________________________________________ Ietf@xxxxxxxx https://www1.ietf.org/mailman/listinfo/ietf