On Tue, Apr 24, 2001 at 03:31:21PM -0700, [EMAIL PROTECTED] wrote:
> On Sat, 21 Apr 2001, Kris Kennaway wrote:
> > On Sat, Apr 21, 2001 at 05:11:21AM -0400, vertigo wrote:
> > > Pine has SSL patches? :) It's plain old pine within
> > > an SSH session for me.
> >
> > Yeah - they implement IMAP-o
On Sat, 21 Apr 2001, Kris Kennaway wrote:
> On Sat, Apr 21, 2001 at 05:11:21AM -0400, vertigo wrote:
> > Pine has SSL patches? :) It's plain old pine within
> > an SSH session for me.
>
> Yeah - they implement IMAP-over-SSL, with the aforementioned
> limitation.
i'd recommend using stunnel + f
On Sat, Apr 21, 2001 at 05:11:21AM -0400, vertigo wrote:
> Pine has SSL patches? :) It's plain old pine within
> an SSH session for me.
Yeah - they implement IMAP-over-SSL, with the aforementioned
limitation.
> > The Pine SSL patches also don't do any validity checking of
> > certificates, AFA
On Fri, Apr 20, 2001 at 05:44:55PM -0400, vertigo wrote:
> On Fri, 20 Apr 2001, Enzo Michelangeli wrote:
>
> > Besides, the fact that many users don't check the validity of the certs
> > presented by the other side is a disgrace, and should not be encouraged by
> > distributing broken software.
>
On Fri, 20 Apr 2001, Enzo Michelangeli wrote:
> Besides, the fact that many users don't check the validity of the certs
> presented by the other side is a disgrace, and should not be encouraged by
> distributing broken software.
It certainly should not be encouraged. The fact remains that
infor
On Fri, 20 Apr 2001, Enzo Michelangeli wrote:
> Why? Proxies for HTTPS do not touch the encrypted data
Ours did. I don't know if Lycos still uses the software,
but it was not an HTTP proxy. Lycos, for example, had
a link to The Gap on their shopping page. The HREF was
something like 'proxy.ly
quot;Enzo Michelangeli" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, April 20, 2001 3:38 PM
Subject: Re: Another shining example of Microsoft "security".
> Not that anyone checks the validity of their certs anyway.
> There are a
Not that anyone checks the validity of their certs anyway.
There are a couple of companies with url-rewriting proxies
who are able to pay (or used to pay) their programmers because
of this lack of concern. Actually, this sounds almost like a
feature (i.e. "Accept all certs", "Accept only certs tha
I don't know if anybody already noticed, but Outlook Express (at least the
version 5.5) blindly accepts any server certificate presented by a pop3s
(POP3 over SSL) server, without trying to validate it against a
locally-stored parent cert. This implies, for example, that roaming users
won't be abl
