On Sat, Oct 31, 2015 at 1:06 AM, Viktor Dukhovni <ietf-dane@xxxxxxxxxxxx> wrote: > On Fri, Oct 30, 2015 at 12:00:30PM +0100, Aaron Zauner wrote: > <chop> > > STARTTLS is designed to thwart exactly one attack: *passive* wiretap. > It works as designed for just that attack. It is not surprising > that active attacks can and do defeat STARTTLS, Before STARTTLS adoption the Tunisian secret police read all your emails. Afterwards they still do. What was gained? Let's try solving that problem.