Hello Robert,

Yes that was pointed out to me in the IETF. That's why I mentioned this part in this thread.

"But guys in the IETF mailing list actually showed me a way to get that info. You just get the IP address from 3 way handshake and do reverse lookup / Connect to port 26 to fill the rest of the info. So a new port doesn't offer much security. And I totally I agree with them on that from my understanding of it."

On Mon, Jan 14, 2019 at 9:28 PM Robert Blayzor <rblayzor.bulk@inoc.net> wrote:
On 1/11/19 11:15 PM, Viruthagiri Thirumavalavan wrote:
> e.g. 220 mail.ashleymadison.com <http://mail.ashleymadison.com>
> AshleyMadison ESMTP Service Ready
>
> Those text will always be transferred in plain text. So I thought
> Implicit TLS would prevent leaking that info.


I'm not really sure how that really matters when anyone on the open
internet could connect to that service port and get the information anyway.

If I'm in the middle and I really want to know who you're talking to,
what prevents me to just connect to that host and get the same information?

--
inoc.net!rblayzor
XMPP: rblayzor.AT.inoc.net
PGP:  https://inoc.net/~rblayzor/



--
Best Regards,

Viruthagiri Thirumavalavan
Dombox, Inc.