[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Doubts about IMAP SSL authentication
From: |
Adam Sjøgren |
Subject: |
Re: Doubts about IMAP SSL authentication |
Date: |
Sun, 21 Sep 2008 00:52:03 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) XEmacs/21.4.21 (linux) |
On Wed, 17 Sep 2008 10:58:20 -0700, Ross wrote:
> "chrycheng@gmail.com" <chrycheng@gmail.com> writes:
>> imap: Authenticating to `imap.gmail.com' using `login'...
>> imap: Plaintext authentication...
>> Does this mean that Gnus ignored the SSL connection that was set up
>> and went with a less secure plaintext login method instead?
> Unless I'm misunderstanding, this is fine. Sine the *connection* is
> fully encrypted with SSL, it is safe to *authenticate* using plain text
> over the *encrypted connection*. Most SSL setups I've seen work this
> way where plain text auth is used when the connection is encrypted.
> Course, I'm no SSL expert.
Nevertheless you are right.
A nice, easy way to reassure oneself that it is so, is to sniff the
actual packets going over the wire.
Run something like:
# ngrep -Wbyline host your.imap.server
And then connect with Gnus and check that your password is really sent
over the SSL-encrypted connection (i.e. you can't see it in the
encrypted "noise").
Best regards,
Adam
--
"Even if you don't have all the things you want, be Adam Sjøgren
grateful for the things you don't have that you asjo@koldfront.dk
don't want."