pop 110/995, imap 143/993 ?
Sebastian Arcus
s.arcus at open-t.co.uk
Tue Aug 22 01:06:34 EEST 2017
On 21/08/17 22:18, Joseph Tam wrote:
>
> Lest anyone think STARTTLS MITM doesn't happen,
>
> https://threatpost.com/eff-calls-out-isps-modifying-starttls-encryption-commands/109325/3/
>
> Not only for security, I prefer port 993/995 as it's just plain simpler
> to initiate SSL from the get-go rather than to do some handshaking that
> gets you to the same point.
Frankly, after reading the above link and some more info on the internet
on the subject, I am now wondering why do we bother at all with STARTTLS
for imap, pop3 and even smtp (and by the way, port 465 for SMTP +
SSL/TLS *is* indeed deprecated officially)? It would appear that
STARTTLS is significantly more vulnerable to MITM attacks than plain
SSL/TLS for all the above protocols. Is the slight extra convenience of
opportunistic encryption really worth the substantial loss in security?
More information about the dovecot
mailing list