1. get a cert that is valid (otherwise you are vunerable to man-in-the-middle attacks anyway, and it's a bad idea to get users used to ignoring security warnings)
2. if they can disable SSL can't they disable 'secure passwords' and cause it to revert to plain logins anyway? David Lang On 26 Mar 2002, Chris Picton wrote: > Date: 26 Mar 2002 17:08:52 +0200 > From: Chris Picton <[EMAIL PROTECTED]> > To: Clifford Thurber <[EMAIL PROTECTED]> > Cc: T Churchward <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] > Subject: RE: Connecting to imap using Outlook > > On Tue, 2002-03-26 at 16:48, Clifford Thurber wrote: > > But as long as you enable TLS/SSL I don't see why this would matter? Am I > > missing something here? > > Thanks > > > > At 02:35 PM 3/26/2002 +0000, T Churchward wrote: > > >correctly the only way I could get Outlook to successfully > > >connect was using plain text passwords . Yeah, I agree, not an ideal > > >solution! > > Because a luser would find that if they disable SSL, they don't get an > extra popup saying that the certificate can't be validated. So they > would disable SSL to get rid of the popup. They probably don't care > much about password security, but I do > > Also, I would like a server that works for all clients :) > > -- > Chris Picton > Tangent Systems > [EMAIL PROTECTED] > > > ______________________________________ >
