[lug] ssl for imap and pop
Anders Knudsen
andersk at uswest.net
Mon Mar 5 07:40:51 MST 2001
>
>I recall once that I sent my ISP a message asking them if they supported
>APOP (after being informed about it by fetchmailconf, if I remember
>correctly). They replied that they didn't, and that furthermore it was
>pointless because it was plaintext equivalent. From what I read, that
>is just plain wrong. Am I (and the pop3 RFC writer, too) missing some
>gaping security problem with APOP? Or were they confused?
Maybe they think APOP is no better than normal POP since only the password
is not "sent in the clear". With APOP the email text is not encrypted on
the channel.
Still, If one's using APOP that is a huge benefit since the POP
password/phrase, if sniffed, is not useful. If it's content protection,
then PGP/GPG the message.
As for clients, I know that Eudora supports APOP (no linux client though).
Do a search on Freshmeat for apop. I did. Not much there, but there is a
gtk+ client that supports apop:
http://sylpheed.good-day.net/
of course you could use fetchmail to retrieve mail locally and then read
from there.
-anders.
More information about the LUG
mailing list