Guy Deslauriers wrote: > Kevin, > > RFC2487 is telling us that SMTP over TLS can protect their communications > from eavesdroppers and attacks. I understand that as an encrypted > communication, no? > > Why would usernames and passwords be sent on a SMTP connection? > > I don't quite understand what you tried to explain.... > > gd >
The key work there is communications an SSL/TLS connection encrypts the communication between the 2 parties it does NOT however encrypt the actual content. Once the connections is severed and the email is sent from the server to another server there is NO encryption unless something like PGP or opportunistic SSL/TLS used, and even then only PGP encrypts the actual message content. SMTP-AUTH is why usernames and passwords would be sent over an SMTP connection. ratner than explain it here i will point you to the RFC and the wikipedia article. http://en.wikipedia.org/wiki/SMTP-AUTH http://tools.ietf.org/html/rfc2554 Kevin ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
