[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15

To: Keith Moore <moore@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
From: Tony Finch <dot@xxxxxxxx>
Date: Thu, 24 Jul 2008 11:32:51 +0100
Cc: Hector Santos <winserver.support@xxxxxxxxxxxxx>, Michael Welzl <michael.welzl@xxxxxxxxxx>, ietf-822@xxxxxxx, jpalme@xxxxxxxxx
In-reply-to: <4887FDA6.3020601@xxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-822/mail-archive/>
List-id: <ietf-822.imc.org>
List-unsubscribe: <mailto:ietf-822-request@imc.org?body=unsubscribe>
References: <1216718106.6052.15.camel@xxxxxxxxxxxxxxxxxxxxx> <4885DDEF.1020404@xxxxxxxxxxxxxxxxxxxx> <1216733324.6052.67.camel@xxxxxxxxxxxxxxxxxxxxx> <4885F716.9000201@xxxxxxxxxxxxxxxxxxxx> <48863B5C.9000403@xxxxxxxxxxxxx> <48865107.1050607@xxxxxxxxxxxxxxxxxxxx> <alpine.LSU.1.10.0807232030540.14012@xxxxxxxxxxxxxxxxxxxxxx> <4887FDA6.3020601@xxxxxxxxxxxxxxxxxxxx>
Sender: owner-ietf-822@xxxxxxxxxxxx
User-agent: Alpine 1.10 (LSU 962 2008-03-14)

On Wed, 23 Jul 2008, Keith Moore wrote:
> Tony Finch wrote:
>
> > Of course MUAs should just use the protocol's negotiation features to
> > auto-configure the most secure settings possible.
>
> strongly disagree.  the problem is that when you try to negotiate the most
> secure settings possible, you often create a way for the negotiation to be
> dumbed down by an attacker to the least secure setting possible.

Not if you store the settings that you negotiated the first time
(ssh-style "leap of faith") and allow the user to check the stored
settings.

Tony.
-- 
f.anthony.n.finch  <dot@xxxxxxxx>  http://dotat.at/
FISHER GERMAN BIGHT: VARIABLE 3 OR 4 BECOMING EASTERLY 4 OR 5, OCCASIONALLY 6
LATER. SLIGHT OR MODERATE. FOG PATCHES. GOOD, OCCASIONALLY VERY POOR.

Follow-Ups:
- Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Keith Moore

References:
- Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Michael Welzl
- Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Keith Moore
- Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Michael Welzl
- Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Keith Moore
- Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Hector Santos
- Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Keith Moore
- Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Tony Finch
- Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
  - From: Keith Moore

Prev by Date: Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
Next by Date: Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
Previous by thread: Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
Next by thread: Re: Intent to revive "expires" header from draft-ietf-mailext-new-fields-15
Index(es):
- Date
- Thread