At 11:22 -0700 4/8/03, J Irving wrote:
>>
>> or use APOP/CRAM MD5/etc authentication for the POP3/IMAP/SMTP logins.
>
>...which requires that your service provider store your
>credentials in the clear. Dunno about you, but I don't even
>*know* anything about how well secured AOL, Yahoo, MSN, SBC,
>etc., etc., mail servers and authentication services are.
ummmm and how do they store your pop3 passwds et al? same place they store
the smtp etc.
Go to a decent mail provider if you don't trust the list above.
>SSLv3/TLS is a no-brainer. With that in place, confidentiality
>on the wire is *not* the weakest link in the chain.
if it is available across the client base - it ain't across mine so we use
ssh tunnels.
>NB - there exist secure password protocols which *don't* require
>passwords to be stored in the clear (SRP, enhanced SPEKE, etc.),
>but they aren't widely implemented, and are fraught with patent
>problems.
meanwhile CRAM MD5 / APOP exists now and is a solution.
>> If port 25 blocking is happening, your mail server may accept connections
>> on an alternate port usually 587, this is often referred to as the SMTP
>> Submit port. Again connections here should use APOP/etc authentication
>> and/or SSH tunnels.
>
>This will also get blocked as more clients support SUBMIT. It
>seems likely, if SUBMIT gains traction at all, it will be opened
>only to customers, and blocked to everyone else.
Quite possibly however in the world that we live in just now - it is a
possibility. Which is what I was discussing rather than some future world.
>People will end up using arbitrary ports to work around this
>problem. The refusal to accept mail on port 25 from dynamically
>allocated IP space is more problematic. You either need a relay
>in "trusted" IP space, or maybe fake the src address (can you
>successfully transfer mail with a fake src address?).
get a mail provider that will let you access your smtp server from where
ever. If that means using a boutique ISP rather than AOL then move.
f
--
general wireless list, a bawug thing <http://www.bawug.org/>
[un]subscribe: http://lists.bawug.org/mailman/listinfo/wireless
