nanog mailing list archives

Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues

From: Töma Gavrichenkov <ximaera () gmail com>
Date: Fri, 11 Jan 2019 23:50:44 +0300

11 Jan. 2019 г., 23:19 Mark Andrews <marka () isc org>:

So STARTTLS strip is not a problem anymore?


If you deploy DANE (client and server
sides) then stripping STARTTLS is
ineffective for the target domain.


If you defer to send (and finally bounce) everything targeted at a domain
that fails TLSA lookup, then fair enough. I don't think this is (and is
going to be in the near future) the case for the dumpsterfire mailing list,
but you may rightfully assume I haven't checked yet.

gmail.com hasn’t (server side at least).


Google folks are on this mailing list, so it's best if they speak for me
(though I believe I pretry much know their reasoning).

--
Töma

Current thread:

Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues, (continued)
- - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Anne P. Mitchell, Esq. (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Yang Yu (Jan 11)
  - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Ross Tajvar (Jan 11)
  - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Mike Hammett (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Brian Kantor (Jan 11)
  - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rich Kulawiec (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Andreas Ott (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rob McEwen (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Töma Gavrichenkov (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Mark Andrews (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Töma Gavrichenkov (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues cosmo (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Grant Taylor via NANOG (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Rob McEwen (Jan 11)
    - Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Bryan Holloway (Jan 11)
- Re: Announcing: "dumpsterfire", the mailing list for IoT security/privacy issues Töma Gavrichenkov (Jan 11)