Re: IMAPS problems...
- From: Carlos Morgado <chbm chbm nu>
- To: Balsa List <balsa-list gnome org>
- Subject: Re: IMAPS problems...
- Date: Wed, 22 Aug 2001 15:35:26 +0100
On 2001.08.22 15:10:26 +0100 Brian Stafford wrote:
> > yeah, but advertising LOGINDISABLED inside a SSL connection sounds prety
> > daft no ?
>
> RFC 2595
>
> 3.2. IMAP LOGINDISABLED capability
>
yeah i know this
>
> An IMAP server which implements STARTTLS MUST implement support for
> the LOGINDISABLED capability on unencrypted connections.
>
sounds reasonable
>
> This capability is useful to prevent clients compliant with this
> specification from sending an unencrypted password in an environment
> subject to passive attacks. It has no impact on an environment
how does one send an unencrypted password over a ssl connection ?
--
Carlos Morgado - chbm(at)chbm(dot)nu - http://chbm.nu/ -- gpgkey: 0x1FC57F0A
http://wwwkeys.pgp.net/ FP:0A27 35D3 C448 3641 0573 6876 2A37 4BB2 1FC5 7F0A
Software is like sex; it's better when it's free. - Linus Torvalds
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]