> Scott Gifford:
> The only particularly nasty implication of using APOP are that it
> requires that the server have the password stored in plaintext. The
most mail-servers that i, as a simple leafnode fetching private mail,
care for has my password(s) stored in plaintext somewhere anyway, so
that i can loose it it and have them retrieve it for me. this
"service" is offered by every mailhost, but at least nobody could
sniff it off the line, which is a little more secure than pop3's plain
ascii transmission.
> POP over SSL solves both of these, by making no changes to the POP
> protocol, but just encrypting the whole session.
i've checked around here in germany: isp's offer pop3 access plus
web access. with freenet (mobile) i just had to change my fetchmailrc
to use apop, germanynet (calisto) barked, thay would not change their
entire setup for just one customer, when i asked them for apop. i dared
to ask only because their greeting looks like an apop prompt, and it
even changes on every dialup... so much for technical competence.
clemens
