Re: IMAPS problems...
- From: Brian Stafford <brian stafford uklinux net>
- To: chbm chbm nu
- Cc: Balsa List <balsa-list gnome org>
- Subject: Re: IMAPS problems...
- Date: Wed, 22 Aug 2001 15:43:13 +0100
On Wed, 22 August 15:35 Carlos Morgado wrote:
>
> On 2001.08.22 15:10:26 +0100 Brian Stafford wrote:
>
> > > yeah, but advertising LOGINDISABLED inside a SSL connection sounds prety
> > > daft no ?
> >
> > RFC 2595
> >
> > 3.2. IMAP LOGINDISABLED capability
> >
> yeah i know this
we might be talking at cross purposes here
> > An IMAP server which implements STARTTLS MUST implement support for
> > the LOGINDISABLED capability on unencrypted connections.
> >
> sounds reasonable
its also a normative requirement by the looks of things.
>
> >
> > This capability is useful to prevent clients compliant with this
> > specification from sending an unencrypted password in an environment
> > subject to passive attacks. It has no impact on an environment
>
> how does one send an unencrypted password over a ssl connection ?
since we're talking about tunnelling, the server presumably doesn't know
about the SSL bit, it thinks the channel is clear.
As a side issue. If the server authenticates using SASL, it would probably
want to disable login since SASL mechanisms (other than PLAIN/LOGIN) protect
the password on a clear text channel. You wouldn't want to offer SASL and
then let the clear text password mechanism bypass it.
brian
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
