[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POP3 password in plaintext?

From: David Kastrup
Subject: Re: POP3 password in plaintext?
Date: Wed, 01 Oct 2014 07:33:54 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux)

"Stephen J. Turnbull" <address@hidden> writes:

> Richard Stallman writes:
>  > These points seem to conflict.  First, there is no protection.
>  > Second, there is protection: use TLS for this communication.
> Not at all.  If the server provides TLS, there is protection, and both
> modern servers and Emacs (at least Gnus and probably RMail according
> to larsi, but I don't think VM does) are able to use STARTTLS to
> convert an unencrypted channel to an encrypted one, *before* the
> password is sent.

Transparent STARTTLS on demand would seem useless against
man-in-the-middle attacks.  It's just good against eavesdropping on
unintercepted traffic.  And you don't even need to be true
man-in-the-middle: you just need to be faster answering the STARTTLS

David Kastrup

reply via email to

[Prev in Thread] Current Thread [Next in Thread]