On Tue, 2002-10-08 at 04:23, Holden Hao wrote:
> Which is the best approach SSL or GnuPG encryption?
> How are the two different?
SSL encrypts the session between the MUA and the POP3
(or IMAP, although the reference was to POP3 over SSL)
server.
it's not so much that the email is unreadable
as it travels from SMTP server to SMTP server.
rather, when you check your mail, YOUR PASSWORD
is not trivially sniffed. in POP3 the password
is sent in plaintext. so anyone running ethereal
or something else with the appropriate filter will
see your password going by.
> SSL is for secure connections, right? Are emails
> sent through SSL secure only after the MUA sends
> it to your SMTP?
it's not about when you send email. that doesn't
usually require a password. it's about when you
check your mail. that *DOES* require a password.
>How about when it is passed on server to server?
> Are they still being secured by SSL until your
> intended reciver recieves it?
no. if you want the whole path between you and
your recipient to be secure, you use GPG. in answer
to your original question about SSL vs GPG. they
solve different problems. POP3 over SSL solves the
"sending my password in the clear" problem. only
the connection between your computer and the
POP3 server is protected by SSL. GPG solves the
"i don't want anyone between me and my
recipient to be able to read my mail" problem.
tiger
--
Gerald Timothy Quimpo tiger*quimpo*org gquimpo*sni-inc.com tiger*sni*ph
Veritas liberabit vos.
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
