Re: [MlMt] Security

Wed, 17 Jan 2018 08:23:55 -0800 

On 17 Jan 2018, at 10:49, Bill Cole wrote:


On 17 Jan 2018, at 8:06, Steven M. Bellovin wrote:


On 17 Jan 2018, at 5:51, Benny Kjær Nielsen wrote:

[...]
I back you up. Only thing to add is that one should make sure that SSL is always enabled such that a password is never sent to the IMAP/SMTP server in plain text. Note that most proper email servers wouldn't even allow non-SSL connections.
What authentication options that don't involve sending passwords does MailMate support? Is there a way to configure MM to use only one of these safer options if available?
I can't answer that, but I do take issue with the implied assertion that it is inherently safer to use CRAM-MD5, DIGEST-MD5, or other password-based mechanisms that avoid send the password to the server in decodable form rather than using a plaintext mechanism via an encrypted (i.e. TLS) transport. To support those mechanisms, the server needs to *store* a recoverable form of the password, which in most circumstances creates a less protectable attack surface than putting a password on the wire inside an encrypted channel to a server that only stores strong one-way hashes.
It varies, depending on the design. Client-side certificates require only a public key on the far end. Both sides could store hashed passwords (see https://tools.ietf.org/html/draft-bellovin-hpw-01 -- alas, it went nowhere) for one design.
But there's a more subtle issue: when you make your trust decisions. *If* you trust the site to store passwords safely -- and I agree; that's a big assumption -- you make the trust decision once. When you send passwords in the clear, you're making that trust decision every time you log in, and you're trusting the certificate issuance (think Diginotar and Comodo), corporate firewalls that terminate every TLS session and create a new one, users who click "OK" to certificate warnings, and more. 


        --Steve Bellovin, https://www.cs.columbia.edu/~smb


_______________________________________________
mailmate mailing list
[email protected]
https://lists.freron.com/listinfo/mailmate

Reply via email to