On Wed, 17 Sep 2008 10:58:20 -0700, Ross wrote:
> "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> writes:
>> imap: Authenticating to `imap.gmail.com' using `login'...
>> imap: Plaintext authentication...
>> Does this mean that Gnus ignored the SSL connection that was set up
>> and went with a less secure plaintext login method instead?
> Unless I'm misunderstanding, this is fine. Sine the *connection* is
> fully encrypted with SSL, it is safe to *authenticate* using plain text
> over the *encrypted connection*. Most SSL setups I've seen work this
> way where plain text auth is used when the connection is encrypted.
> Course, I'm no SSL expert.
Nevertheless you are right.
A nice, easy way to reassure oneself that it is so, is to sniff the
actual packets going over the wire.
Run something like:
# ngrep -Wbyline host your.imap.server
And then connect with Gnus and check that your password is really sent
over the SSL-encrypted connection (i.e. you can't see it in the
encrypted "noise").
Best regards,
Adam
--
"Even if you don't have all the things you want, be Adam Sjøgren
grateful for the things you don't have that you [EMAIL PROTECTED]
don't want."
_______________________________________________
info-gnus-english mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/info-gnus-english
