[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
On Wed, 23 Jul 2008, Keith Moore wrote:
> Tony Finch wrote:
> > Of course MUAs should just use the protocol's negotiation features to
> > auto-configure the most secure settings possible.
> strongly disagree. the problem is that when you try to negotiate the most
> secure settings possible, you often create a way for the negotiation to be
> dumbed down by an attacker to the least secure setting possible.
Not if you store the settings that you negotiated the first time
(ssh-style "leap of faith") and allow the user to check the stored
f.anthony.n.finch <dot@xxxxxxxx> http://dotat.at/
FISHER GERMAN BIGHT: VARIABLE 3 OR 4 BECOMING EASTERLY 4 OR 5, OCCASIONALLY 6
LATER. SLIGHT OR MODERATE. FOG PATCHES. GOOD, OCCASIONALLY VERY POOR.