info-gnus-english
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Doubts about IMAP SSL authentication

From: Adam Sjøgren
Subject: Re: Doubts about IMAP SSL authentication
Date: Sun, 21 Sep 2008 00:52:03 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux) 
On Wed, 17 Sep 2008 10:58:20 -0700, Ross wrote:

> "chrycheng@gmail.com" <chrycheng@gmail.com> writes:

>> imap: Authenticating to `imap.gmail.com' using `login'...
>> imap: Plaintext authentication...

>> Does this mean that Gnus ignored the SSL connection that was set up
>> and went with a less secure plaintext login method instead?

> Unless I'm misunderstanding, this is fine.  Sine the *connection* is
> fully encrypted with SSL, it is safe to *authenticate* using plain text
> over the *encrypted connection*.  Most SSL setups I've seen work this
> way where plain text auth is used when the connection is encrypted.
> Course, I'm no SSL expert.

Nevertheless you are right.

A nice, easy way to reassure oneself that it is so, is to sniff the
actual packets going over the wire.

Run something like:

 # ngrep -Wbyline host your.imap.server

And then connect with Gnus and check that your password is really sent
over the SSL-encrypted connection (i.e. you can't see it in the
encrypted "noise").


  Best regards,

     Adam

-- 
 "Even if you don't have all the things you want, be          Adam Sjøgren
  grateful for the things you don't have that you        asjo@koldfront.dk
  don't want."
reply via email to
[Prev in Thread] Current Thread [Next in Thread]