Tim Dierks wrote:
[resending due to e-mail address / cryptography list membership issue]

On 8/24/05, Ian G <[EMAIL PROTECTED]> wrote:

Once you've configured iChat to connect to the Google Talk service, you may
receive a warning message that states your username and password will be
transferred insecurely. This error message is incorrect; your username and
password will be safely transferred.

iChat pops up the warning dialog whenever the password is sent to the
server, rather than used in a hash-based authentication protocol.
However, it warns even if the password is transmitted over an
authenticated SSL connection.

I'll leave it to you to decide if this is:
 - an iChat bug
 - a Google security problem
 - in need of better documentation
 - all of the above
 - none of the above

It seems Google is assuming that SASL PLAIN is acceptable once you've completed STARTTLS on port 5222 (or if you've connected via SSL on the old-style port 5223). Decide for yourself if that's "secure" and whether the iChat warning is justified.


Peter Saint-Andre
Jabber Software Foundation

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to