[$] STARTTLS considered harmful

The use of TransportLayer Security (TLS) encryption is ubiquitous on today's internet,though that has largely happened over the last 20 years or so; the firstpublic version of its predecessor, Secure Sockets Layer (SSL), appeared in1995. Before then, internet protocols were generally not encrypted, thus providingfertile ground for various types of "meddler-in-the-middle" (MitM) attacks.Later on, theSTARTTLS command was added to some protocols as abackward-compatible way to add TLS support, but the mechanism has suffered from anumber of flaws and vulnerabilities over the years. Some recent research,going by the name "NO STARTTLS", describes more, similarvulnerabilities and concludes that it is probably time to avoid usingSTARTTLS altogether.