-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 24 Feb 2014, Andreas Schulze wrote:
Hadmut Danisch:
I did not say that I did not trust 127.0.0.1. I said that I do not
trust the Web-IMAP-Gateway (such as squirrelmail) if the client uses
an untrusted computer.
the question to me is: why
Hadmut Danisch:
I did not say that I did not trust 127.0.0.1. I said that I do not
trust the Web-IMAP-Gateway (such as squirrelmail) if the client uses
an untrusted computer.
the question to me is: why could Hadmut Danisch not configure
dovecot use an non default trust state for localhost for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 24 Feb 2014, Giles Coochey wrote:
You could choose not to use localhost IP, but bind to the actual local IP of
the host, even though it is on the local machine?
Is it only attaching to the 127.0.0.1 because you're binding to it by
hostnam
On 24/02/2014 15:19, Hadmut Danisch wrote:
As far as I can see dovecot does not consider 127.0.0.1 as "secured"
for any good reason, just to make debugging in plaintext easier. This
is a severe security gap. Hadmut
You could choose not to use localhost IP, but bind to the actual local
IP of th
Am 24.02.2014 16:19, schrieb Hadmut Danisch:
> On Mon, Feb 24, 2014 at 12:54:51AM +0100, Reindl Harald wrote:
>>
>> you described nothing relevant
>
> You're quite ignorant and obviously don't understand the background.
no
>> you only talk why 127.0.0.1 is treated as "secured"
>> well because
On Mon, Feb 24, 2014 at 12:54:51AM +0100, Reindl Harald wrote:
>
> you described nothing relevant
You're quite ignorant and obviously don't understand the background.
> you only talk why 127.0.0.1 is treated as "secured"
> well because it is by definition, if you don't trust
> 127.0.0.1 you
Am 24.02.2014 00:23, schrieb Hadmut Danisch:
> On Sun, Feb 23, 2014 at 11:37:55PM +0100, Reindl Harald wrote:
>> what headache?
> The one I've described.
you described nothing relevant
you only talk why 127.0.0.1 is treated as "secured"
well because it is by definition, if you don't trust
127.
On Sun, Feb 23, 2014 at 11:37:55PM +0100, Reindl Harald wrote:
>
> what headache?
The one I've described.
>
> how do you imagine a man-in-the-middle-attack on 127.0.0.1
You're confusing the different attacks. This has nothing to do with a
man-in-the-middle. This is against a passive eavesd
Am 23.02.2014 23:27, schrieb Hadmut Danisch:
> But if the web gateway and dovecot are no the /same/ machine, this does
> not work anymore, since %c becomes "secured" on localhost, even if
> unencrypted. It causes a lot of trouble and headache
what headache?
how do you imagine a man-in-the-middle