But the private key is (of course) never sent to GitHub, so it's hard for me to imagine what kind of vuln this would help with. I can think of a few, but they're odd: 1. Some sort of remote memory leak that leaks the…
Is the mailer-daemon message from @googlemail.com or from recipient domains?
But I think the authentication problem is in fact the hard problem. Assuming we got rid of STARTTLS (the actual verb) and just always did TLS (say, on some other port), how do you propose to solve it?
If you required TLS on all SMTP, you would in fact end up having to fail a large number of messages. Even worse, of the domains that support STARTTLS, a sizable number either don't present certificates that chain to a…
I don't think the use of a single port is really at the heart of the problem. Even if SMTP with TLS ran over port 26 (say), you wouldn't know if a timeout on port 26 meant the server wasn't listening on port 26 or a…
But the private key is (of course) never sent to GitHub, so it's hard for me to imagine what kind of vuln this would help with. I can think of a few, but they're odd: 1. Some sort of remote memory leak that leaks the…
Is the mailer-daemon message from @googlemail.com or from recipient domains?
But I think the authentication problem is in fact the hard problem. Assuming we got rid of STARTTLS (the actual verb) and just always did TLS (say, on some other port), how do you propose to solve it?
If you required TLS on all SMTP, you would in fact end up having to fail a large number of messages. Even worse, of the domains that support STARTTLS, a sizable number either don't present certificates that chain to a…
I don't think the use of a single port is really at the heart of the problem. Even if SMTP with TLS ran over port 26 (say), you wouldn't know if a timeout on port 26 meant the server wasn't listening on port 26 or a…