You explicitly call out imap and other email protocols. Can this be applied to LDAP?
LDAP (think Active Directory if you are short of imagination, and/or experience).
A lot of connections use STARTTLS on port 389 instead of full on explicit TLS on port 636. Then there are the other two ports for the "global catalogue" which I think is basically a Win NT style domain flat lists for users and groups on 3268/tcp and 3269/tcp.
I've always had my suspicions about STARTTLS but it looked quite convincing to a sysadmin and was always encouraged by the sort of people who use terms like: "best practice". I'll start dumping it from now on. This will take a while.
Iām not the writer of the paper, but I do remember STARTTLS being called out as an issue when I was previously working on setting up an ldap directory.
LDAP (think Active Directory if you are short of imagination, and/or experience).
A lot of connections use STARTTLS on port 389 instead of full on explicit TLS on port 636. Then there are the other two ports for the "global catalogue" which I think is basically a Win NT style domain flat lists for users and groups on 3268/tcp and 3269/tcp.
I've always had my suspicions about STARTTLS but it looked quite convincing to a sysadmin and was always encouraged by the sort of people who use terms like: "best practice". I'll start dumping it from now on. This will take a while.