[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: POP3 password in plaintext?

From: David Caldwell
Subject: Re: POP3 password in plaintext?
Date: Wed, 01 Oct 2014 10:56:47 -0700
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:33.0) Gecko/20100101 Thunderbird/33.0

On 9/30/14 10:33 PM, David Kastrup wrote:
> Transparent STARTTLS on demand would seem useless against
> man-in-the-middle attacks.  It's just good against eavesdropping on
> unintercepted traffic.  And you don't even need to be true
> man-in-the-middle: you just need to be faster answering the STARTTLS
> negotiation.

The CA system[1] prevents MITM attacks. The best an attacker could do is
maybe stop the encryption from starting in the first place, but in my
book that should be an error.


[1] https://en.wikipedia.org/wiki/Certificate_authority

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]