[lug] ssl for imap and pop

Kirk Rafferty kirk at fpcc.net
Sun Mar 4 12:04:45 MST 2001


On Sat, Mar 03, 2001 at 01:57:46PM -0500, Hugh Brown wrote:
> Does anyone know of a client that supports secure pop/pop over ssl?

This is just my $0.02, but secure email retrieval on the internet isn't
too useful (yet).  Unless the email was sent to you over a secure network,
or was sent via a secure protocol such as SSL, the email you're pulling
from your ISP through a secure connection has been sent in plain text to
your ISP's mailserver through who knows how many different networks.  If the
email was sent in plain text, as opposed to GPG or PGP encrypted, it's
already been potentially compromised.

Sendmail 8.11.x supports secure connections, but this only works if the
other end supports it as well.  And even then, unless any relays also
support encryption (including the SMTP connection from the workstation that
sent it), it's been transmitted in plain-text at some point.

ObSemi-related-story: A few years ago (back in the late 20th Century) I had
ordered something-or-other from a website.  They used SSL to process my
Credit Card and personal information, which made me feel warm and fuzzy.
However, the confirmation email they sent me had all of the information
(including my full credit card number) they had just taken pains to secure.
They completely negated their own security, and lost a customer.

-k



More information about the LUG mailing list