|
|
|
|
|
|
by sydli
2687 days ago
|
|
|
From one party's perspective, it may just look like the other party does not support TLS. Without another point of reference, MTAs can't tell the difference between a lack of TLS support and a downgrade attack. Alternatively, the government could also conduct a TLS certificate man-in-the-middle, which would work in most cases since almost no MTAs validate certificates outside of occasionally trying DANE (a spec for pinning certs over DNSSEC). |
|
|
https://datatracker.ietf.org/doc/rfc8461/