-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
2003.08.04 @ 11:09 PDT
* Fearghas McKay <[EMAIL PROTECTED]> [2003.08.04 19:02 +0100]:
> At 09:00 +0100 2/8/03, Julian Bond wrote:
> >The fly in the ointment is that typically both pop3 and smtp ids and
> >passwords are passed in plain text. Since it's comparatively trivial to
> >log every packet on a wifi hotspot, you *MUST* hide these behind SSL
>
> or use APOP/CRAM MD5/etc authentication for the POP3/IMAP/SMTP logins.
...which requires that your service provider store your
credentials in the clear. Dunno about you, but I don't even
*know* anything about how well secured AOL, Yahoo, MSN, SBC,
etc., etc., mail servers and authentication services are.
SSLv3/TLS is a no-brainer. With that in place, confidentiality
on the wire is *not* the weakest link in the chain.
NB - there exist secure password protocols which *don't* require
passwords to be stored in the clear (SRP, enhanced SPEKE, etc.),
but they aren't widely implemented, and are fraught with patent
problems.
> If port 25 blocking is happening, your mail server may accept connections
> on an alternate port usually 587, this is often referred to as the SMTP
> Submit port. Again connections here should use APOP/etc authentication
> and/or SSH tunnels.
This will also get blocked as more clients support SUBMIT. It
seems likely, if SUBMIT gains traction at all, it will be opened
only to customers, and blocked to everyone else.
People will end up using arbitrary ports to work around this
problem. The refusal to accept mail on port 25 from dynamically
allocated IP space is more problematic. You either need a relay
in "trusted" IP space, or maybe fake the src address (can you
successfully transfer mail with a fake src address?).
cheers
J
- --
I must review my disbelief in angels.
-----BEGIN PGP SIGNATURE-----
iD8DBQE/LqSBUMt2z+iZNdMRAkxyAJ0TGdkU+/tEEoioC/8kCMlUt+T8XQCdHgFP
SyalvmZQxmUbx6tGjZ6QNlw=
=Sz4y
-----END PGP SIGNATURE-----
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
