Firewall Wizards mailing list archives
Re: POP vs IMAP vs MAPI - security through firewalls?
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Mon, 26 Feb 2001 16:35:18 -0500
On Mon, Feb 26, 2001 at 08:02:11AM +0200, Chris Crozier wrote: ...
Both POP3 and IMAP4 have stronger authentication mechanisms (APOP for POP3, CRAM-MD5 for IMAP4), but I have never seen them used - nearly everyone uses clear text passwords, which are blatantly lousy security.
In the 'qpopper' mailing list, a lot of people using the Qualcomm POP daemon are asking about details of using APOP, which suggests that they are using it. This is just a data point to contrast against "never". I don't have a similar one for IMAP4.
Whichever way you slice it, I believe that no-one should use email for sensitive information without encrypting/signing at the client level since none of the mail access protocols have any inherent security worth considering, especially in the military context.
You'll be happy to know, then, that that's another part of the proposed change. ;-} -- Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao COSPO/OSIS Computer Support EMT-B ----------------------------------------------------------------------- This message is not an official statement of COSPO policies. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 25)
- RE: POP vs IMAP vs MAPI - security through firewalls? Chris Crozier (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Michael Nelson (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Patrick Darden (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Rick Murphy (Feb 26)
- <Possible follow-ups>
- RE: POP vs IMAP vs MAPI - security through firewalls? Ben Nagy (Feb 26)
- Re: POP vs IMAP vs MAPI - security through firewalls? Joseph S D Yao (Feb 26)
- RE: POP vs IMAP vs MAPI - security through firewalls? Jan van Rensburg (Feb 26)
- RE: POP vs IMAP vs MAPI - security through firewalls? Chris Crozier (Feb 26)