On Aug 9, 2007, at 11:38 PM, Andrew Lentvorski wrote:
However, if someone else runs the server, then your email has no security anyhow. Furthermore, at least IMAP will encrypt it on the wire. I don't think POP does that.
both IMAP and POP3 are quite handily run over SSL: [EMAIL PROTECTED](ttyp1):~ 24 % egrep '(pop3s|imaps)' /etc/services imaps 993/udp # imap4 protocol over TLS/SSL imaps 993/tcp # imap4 protocol over TLS/SSL pop3s 995/udp # pop3 protocol over TLS/SSL (was spop3) pop3s 995/tcp # pop3 protocol over TLS/SSL (was spop3)Contemporary servers will also offer TLS facilities for both IMAP and POP3 on the non-SSL ports (143 and 110, respectively).
Ideal servers will offer both SSL and non-SSL ports, but refuse to do anything on the non-SSL ports until TLS has been initiated. The UW IMAP/POP3 servers, for all their other failings, quite handily manage this if configured properly.
Gregory -- Gregory K. Ruiz-Ade <[EMAIL PROTECTED]> OpenPGP Key ID: EAF4844B keyserver: pgpkeys.mit.edu
PGP.sig
Description: This is a digitally signed message part
-- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
