On Friday 09 December 2011 14:23:01 Philip Prindeville wrote:
> On 12/9/11 11:39 AM, Grant wrote:
Philip:
> >> Now whenever you upgrade Squirrelmail to something current,
> >> you can pass your free time trying to figure out how to get
> >> it to do STARTTLS. :-)
> >
> > No need. Squirrelmail connects to 587 on the same host
> > without encryption and its successor could do the same.
>
> My point was that if you can get it to do
> encryption/authentication, you're better off.
If an attacker is in a position to snoop traffic on the loopback
interface, chances are high that said attacker will also have any
encryption keys that might be used.
--
Offlist mail to this address is discarded unless
"/dev/rob0" or "not-spam" is in Subject: header
