Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

• Previous message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Next message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

11 Jan. 2019 г., 23:19 Mark Andrews <marka at isc.org>:
>> So STARTTLS strip is not a problem anymore?

>
> If you deploy DANE (client and server
> sides) then stripping STARTTLS is
> ineffective for the target domain.

If you defer to send (and finally bounce) everything targeted at a domain
that fails TLSA lookup, then fair enough. I don't think this is (and is
going to be in the near future) the case for the dumpsterfire mailing list,
but you may rightfully assume I haven't checked yet.

> gmail.com hasn’t (server side at least).

Google folks are on this mailing list, so it's best if they speak for me
(though I believe I pretry much know their reasoning).

--
Töma
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190111/b80170e7/attachment.html>

• Previous message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Next message (by thread): Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]