[xnull]

STARTTLS was never intended to thwart MITM however. We need to keep that in mind. It allows a way to start a secure channel that is backwards compatible under the assumption that an attacker can eavesdrop but not manipulate the contents of the channel. In this regard it is some measure of an improvement.

For the record I do not think it is a final solution (what is). I do often have mixed feelings about 'the perfect being the enemy of the good'. With STARTTLS my feelings aren't as mixed. A measurable improvement to passive surveillance for minimal changes and no new infrastructure. Swell.

Again, not going to condone it as a panacea - but it's never advertised itself as one.

Let's keep using it until there's something better. And let's get furious at ISPs that strip it (or modify our traffic in any significant way).

[cm2187]

But TLS is too often advocated as a replacement for SSL. It just isn't. It is something else, less secure.

[Ded7xSEoPKYNsDd]

TLS is just a new name for SSL from version 3.1 onwards. It's much more secure then those older SSL versions.

STARTTLS, a protocol used to negotiate SSL/TLS in some plain text protocols, is problematic if it isn't enforced. Some software stupidly abbreviates STARTTLS to TLS in the GUI, which is a source of constant confusion.

[icebraining]

How is TLS less secure? Accepting unsecured connections is a problem of the client, not the protocol.

[wolf550e]

using STARTTLS is not a good replacement for using a connection that is secure from the start, but TLS _is_ a replacement for SSL.