DragonFly users List (threaded) for 2005-10
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: [OT] Secure connection to email servers?

From:	Joerg Sonnenberger <joerg@xxxxxxxxxxxxxxxxx>
Date:	Sun, 9 Oct 2005 02:05:07 +0200
Mail-followup-to:	users@crater.dragonflybsd.org

On Sat, Oct 08, 2005 at 04:17:36PM -0700, walt wrote:
> Background:  I have free email accounts with myrealbox.com
> and gmail.com.  Both organizations provide TLS connection
> to outgoing (SMTP) servers, and SSL connection to incoming
> (POP/IMAP) servers.
> 
> My questions:
> 
> 1.  Why use two different protocols instead of one?

TLS is effectively SSLv3, but without the name from Netscape.

> 2.  Does the use of secure connections make the 'secure
>     authentication' protocol irrelevant?  (I notice that
>     my password never appears in the clear in either
>     direction, even though I don't use 'secure auth'.)

Depends. You have two kinds of authentication mechanisms: clear text
transmission and hash transmission. Both have advantages and
disadvantages, e.g. for clear text transmission you normally don't have
to store the password itself in clear text (but can use something like
the md5 hash). For the hash transmission, the server has to store the
password unencrypted, but the protocol itself is more resilient to
replay attacks.

Joerg

References:
- [OT] Secure connection to email servers?
  - From: walt

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]