Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

cosmo clinton.mielke at gmail.com
Fri Jan 11 21:39:09 UTC 2019


Whaddya expect guys, the mailing list is hosted on an embedded DVR recorder

On Fri, Jan 11, 2019 at 12:52 PM Töma Gavrichenkov <ximaera at gmail.com>
wrote:

> 11 Jan. 2019 г., 23:19 Mark Andrews <marka at isc.org>:
> >> So STARTTLS strip is not a problem anymore?
>
>>
> > If you deploy DANE (client and server
> > sides) then stripping STARTTLS is
> > ineffective for the target domain.
>
> If you defer to send (and finally bounce) everything targeted at a domain
> that fails TLSA lookup, then fair enough. I don't think this is (and is
> going to be in the near future) the case for the dumpsterfire mailing list,
> but you may rightfully assume I haven't checked yet.
>
> > gmail.com hasn’t (server side at least).
>
> Google folks are on this mailing list, so it's best if they speak for me
> (though I believe I pretry much know their reasoning).
>
> --
> Töma
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190111/2fca6e68/attachment.html>


More information about the NANOG mailing list