[tor-talk] Thoughts on proxy setup wrt insecure connections
Joe Btfsplk
joebtfsplk at gmx.com
Wed Mar 2 13:58:47 UTC 2011
On 2/28/2011 6:35 PM, Lucky Green wrote:
> On 2011-02-28 16:05, Joe Btfsplk wrote:
>> Where would the "STARTTLS" command be used?
>> Would it be a permanent change to some config file (until changed back)
>> or used manually on each start?
> Joe,
> This article is good intro to how the STARTTLS command would be used:
> http://en.wikipedia.org/wiki/STARTTLS
>
> In short, the client sends the STARTTLS command to the server to
> indicate a desire to use TLS encryption for the connection.
>
> STARTTLS is most widely used with SMTP, POP, and IMAP.
>
> The genesis of the STARTTLS command was a realization that the earlier
> approaches to adding TLS security to existing TCP protocol-based
> services suffered from a systemic flaw: "wrapping" the connection in TLS
> and offering the "wrapped" service on a different port in effect
> required doubling the number of assigned ports. One port for the
> cleartext version, one port for the TLS version.
>
> (This turned out to be less of a problem in practice than anticipated at
> the time of the creation of the STARTTLS command, as the growth of
> encryption was paralleled by a reduction in ports on which many hosts
> connected to the Internet may transmit packets due to ISP level
> filtering and the rise of NAT. But that's a discussion for a different
> mailing list).
>
> --Lucky
> _______________________________________________
Thanks. I'll plead (somewhat) ignorant. What's the diff - if any -
between "using the STARTTLS" command & choosing "use TLS/SSL" under
Server Settings>Connection Security in email client (i.e.,
Thunderbird). That's assuming _email server(s) use this & instruct to
set up email client w/ these settings_?
When you say, "you can use the STARTTLS command," it indicates manually
entering the command - thus, my orig question - where would it be used
if simply using an email client?
Is the command necessary or just redundant if email client and email
servers you're are using TLS / SSL for POP3 / SMTP?
More information about the tor-talk
mailing list