Skip to Content [alt-c]


In reply to Comment by Reader Jarek

Reader Charles on 2014-08-13 at 14:25:

So am I right to understand that the DANE record would say "this SMTP server supports TLS" and therefore a client would not accept an unencrypted connection with this server even if the server responds it does not support TLS.

But the article says that "it's trivial for a properly-programmed client to protect against this downgrade attack". I presume the author wasn't referring to using DANE records (which as you point is not widely supported)?


Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible.

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.
  • Use the Preview button to check your formatting.