Re: which pop3/imap secure method should I use?
2005. június 14. 01:36,
Ian Eure <ieure@debian.org>
-> debian-security@lists.debian.org,:
> On Monday 13 June 2005 04:23 pm, LeVA wrote:
> > Hi!
> >
> > I've configured a courier-imap server with pop3(-ssl) and imap(-ssl)
> > support. Now I can not decide which combination of methods is the most
> > secure (first of all) and most usefull (lastly) for me.
> >
> > The courier server supports both SSL and TLS, and I can use PLAIN and
> > CRAM-MD5 methods for authentication.
> >
> > My mail user agent supports all of the above, so I would really
> > appreciate if someone could tell me which configuration is the most
> > secure way.
>
> TLS and SSL are equally secure. TLS is easier on your system's resources;
> Courier-IMAP runs a seperate daemon for SSL connections, which you don't
> need if you use TLS.
>
> PLAIN is easier to set up. IIRC, CRAM-MD5 requires a seperate password
> file. Shouldn't be a risk if you're only using PLAIN over TLS.
I understand that with TLS or SSL the clear text passwords are secured, so do
you think that an SSL + CRAM-MD5 combination is just a usesell complication
of the problem, and I should stay with the SSL(or TLS) + clear text auth or
with the no connection encryption + CRAM-MD5 auth?
Daniel
--
LeVA
Reply to: