OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: sniffing plaintext protocols

From: Tonnerre Lombard (tonnerre.lombardsygroup.ch)
Date: Tue Aug 15 2006 - 01:59:41 CDT


Salut,

On Sat, 2006-08-12 at 00:57 +0200, Joachim Schipper wrote:
> > Well pgp does address another area compared to TLS or pop3s. On the
> > other hand I agree to combine both!
>
> Only if you configure your MUA not to downgrade to plain SMTP when TLS
> is not available, and so on - there isn't too much point otherwise.

In fact, every MTA which is between you and your communication partner
must be configured not to downgrade to plain SMTP. Which most of them
just do.

                                Tonnerre
--
SyGroup GmbH
Tonnerre Lombard

Loesungen mit System
Tel:+41 61 333 80 33 Roeschenzerstrasse 9
Fax:+41 61 383 14 67 4153 Reinach BL
Web:www.sygroup.ch tonnerre.lombardsygroup.ch

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (NetBSD)

iQIVAwUAROFw3O1mMGan/TnWAQIeLw//Sa41Qd6BnD838c/t4EQol3nk/3GhHXjV
/tUj5sq7EWDuotxThb9zsWPog+SeLvP0DqBVt5c+kqq0YjI5AotVIMH1RRQCM6mg
4Nq9qqXXwkwoK45PkbOraatGTtHo3mRCKPF1ZHoQ8thaKMcUtS1n5oOIPd2o6M3V
XPZM5TcickVgiqm4iEfTVgcSPPL4E/hR2Gc2b7g+L3F5q3r/7ziVSNiH610TptQD
GbhXfU055fnX1fBj6nWCZtuO8Xrz7pLckiMLZ2uNVGqNEh5TdR3iQDO+b8+MeLc8
xNKfVeIZNZh2SXQ8peirYX1mCda7uskkqXONDGsXKeMo7jypbVXyTxfyU9O+jgwq
a5m8yu+C5c9iJ2D7VRsTPpLChtQZ5ApQ4+be1TgUYB7mAC5j9gNtXHFDygpcVzMv
S1UZoHhgqJqzel+nuxLsKjGkpG+JDqJhrdOq/vaMqjyLviKI3xIE0D7xsSid6GIm
1J5ymIicBCZyRcXZjZ5BqxX6rCFqjO2cthG+Gud/1lZicNklvUwj81KsT+RRrSkX
J9iL3EgLhG505h2ZJnEbtmayNfaCnjxN9mX0Vcxw0tm7TmCh+5wozFCdMeUnvpLJ
YtqfNco/FPfCZOF6u6iPqws5HTCPAIuU+/zgvYOMWqlEcJL//1bDfaTUshs5V2id
Io0cSA1vtx0=
=BNPV
-----END PGP SIGNATURE-----