Re: IMAPS problems...



On 2001.08.22 15:10:26 +0100 Brian Stafford wrote:

> > yeah, but advertising LOGINDISABLED inside a SSL connection sounds prety 
> > daft no ?
> 
> RFC 2595
> 
> 3.2. IMAP LOGINDISABLED capability
> 
yeah i know this

> 
>    An IMAP server which implements STARTTLS MUST implement support for
>    the LOGINDISABLED capability on unencrypted connections.
> 
sounds reasonable

> 
>    This capability is useful to prevent clients compliant with this
>    specification from sending an unencrypted password in an environment
>    subject to passive attacks.  It has no impact on an environment

how does one send an unencrypted password over a ssl connection ?

-- 
Carlos Morgado - chbm(at)chbm(dot)nu - http://chbm.nu/ -- gpgkey: 0x1FC57F0A
http://wwwkeys.pgp.net/ FP:0A27 35D3 C448 3641 0573 6876 2A37 4BB2 1FC5 7F0A
Software is like sex; it's better when it's free. - Linus Torvalds




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]