Hi Maxim,
On Thu, 17 May 2007 00:09:16 +0300 UTC (5/16/2007, 4:09 PM -0500 UTC my
time), Maxim Masiutin wrote:
M> TLS assures confidentiality and integrity of the information.
M> Confidentiality means that nobody in transit (that has access to the
M> data channel) can read your messages while your are retrieving them via TLS.
M> Integrity in email means that nobody in transit can alter your messages,
M> i.e. modify the contents of the messages, inject false messages, remove
M> legitimate messages, etc. while your are retriving them via TLS.
Yes I am aware of that. :)
M> So I do not agree that there is no difference between BD and AC.
There is no difference with respect to the fact that I have to auth into the
server either way.
M> If you are using TLS with expired or otherwise invalid certificates, this
M> means that there is no actually TLS and confidentiality and integrity is
M> no longer assuered, so the malicious person that has access to data
M> channel can read and/or modify the messages while you are retrieving
M> them.
It is not assured on port 110 or 143 either :) The only assurance regarding
integrity is to also use DKIM signing, but most importantly PGP/GPG or some
asymmetric encryption for confidentiality.
Again, it should be up to the user to decide to accept a cert that has
expired (even after he has used it for five years) :)
I give up ... LOL ....... you are not going to change it :)
--
Gary
________________________________________________________
Current beta is 3.99.06 | 'Using TBBETA' information:
http://www.silverstones.com/thebat/TBUDLInfo.html
