'Today' considers data retention and IMP
Florian Weimer
ukcrypto at chiark.greenend.org.uk
Wed, 14 Jan 2009 10:10:31 +0100
* Chris Edwards:
> (2) I'm not convinced the certificate check IS dealing with a different
> risk. The very people most likely to have the ability to passively
> sniff *backbone* links are probably ISP staff, who could just as easily
> mount an active attack to defeat opportunistic TLS. E.g redirect SMTP
> to a transparent proxy, effectively man-in-the-middle'ing the TLS.
It has already happened that some on-path device filtered out the
STARTTLS capability in the EHLO response, leading to transmission in
the clear:
<http://www.heise.de/security/news/meldung/116073>
The ISP claimed that this was purely by accident, which is quite
plausible (unfortunately).