[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Is SSL on POP3 advantageous?
- To: firstname.lastname@example.org
- Subject: Is SSL on POP3 advantageous?
- From: Ed Wandasiewicz <email@example.com>
- Date: Fri, 20 Feb 2004 13:24:47 +0000
- Content-Disposition: inline
- User-Agent: Mutt/1.4.1i
Is SSL on POP3 advantageous compared to not having SSL on POP3?
An ADSL provider doesn't think so. I received the following from them:
"Firstly, somone would have to be sniffing his connection to get his
password, this is unlikely (unless he's upset someone). Secondly you
couldn't get everyones passwords without sniffing from our end of the
network, this is virtually impossible. Thirdly APOP doesn't add much
security if any at all over normal pop, the only advantage is the password
doesn't travel clear text over the network. The drawbacks are that if
someone could sniff your network, they can still intercept your email, also
the password then has to be stored clear text at both the client and the
server, instead of one way encrypted as it currently is."
--end of reply
When you download email from a non-SSL POP server, your username and password is sent in plain-text (see tcpdump or dsniff). Using SSL, this data is encrypted when downloaded.
For encrypting sent mail, see http://www.benzedrine.cx/starttls.html.
Does the same apply to IMAP?