Re: which pop3/imap secure method should I use?

To: debian-security@lists.debian.org
Subject: Re: which pop3/imap secure method should I use?
From: Ian Eure <ieure@blarg.net>
Date: Mon, 13 Jun 2005 16:48:56 -0700
Message-id: <[🔎] 200506131648.56368.ieure@blarg.net>
In-reply-to: <[🔎] 200506140141.51372.leva@az.isten.hu>
References: <[🔎] 200506140123.42049.leva@az.isten.hu> <[🔎] 200506131636.12351.ieure@debian.org> <[🔎] 200506140141.51372.leva@az.isten.hu>

On Monday 13 June 2005 04:41 pm, LeVA wrote:
> 2005. június 14. 01:36,
> Ian Eure <ieure@debian.org>
>
> > PLAIN is easier to set up. IIRC, CRAM-MD5 requires a seperate password
> > file. Shouldn't be a risk if you're only using PLAIN over TLS.
>
> I understand that with TLS or SSL the clear text passwords are secured, so
> do you think that an SSL + CRAM-MD5 combination is just a usesell
> complication of the problem, and I should stay with the SSL(or TLS) + clear
> text auth or with the no connection encryption + CRAM-MD5 auth?
>
I don't see why it would be helpful, unless you're trying to keep your info 
secret from a determined/resourceful attacker. But an attacker like that 
would probably get it anyways.

I use TLS & PLAIN, and encrypt/sign my messages with GPG for my business 
email, and I think that's plenty secure for my needs.

Reply to:

References:
- which pop3/imap secure method should I use?
  - From: LeVA <leva@az.isten.hu>
- Re: which pop3/imap secure method should I use?
  - From: Ian Eure <ieure@debian.org>
- Re: which pop3/imap secure method should I use?
  - From: LeVA <leva@az.isten.hu>

Prev by Date: Re: which pop3/imap secure method should I use?
Next by Date: Re: which pop3/imap secure method should I use?
Previous by thread: Re: which pop3/imap secure method should I use?
Next by thread: Re: which pop3/imap secure method should I use?
Index(es):
- Date
- Thread