RE: talk.google.com

["Mark Senior" <Mark.Senior () gov ab ca>]

> From: James Tucker

(snip)

> And we're authed, using PLAIN. This string is short, and not 
> entirely human readable, but the mechanism is well 
> documented. The security implications of this are simple, the 
> Google Talk client uses a more secure authentication method, period.

A more correct statement would be that the Google Talk client uses a
less well-understood authentication method.  To say whether or not it is
more secure would require understanding and studying the mechanism.
Just because it's not human readable doesn't mean the crypto is worth
anything.

That said, I have a much better feeling about a mechanism devised by
Google, than one devised by any number of other companies one could
name.

This email and any files transmitted with it are confidential and intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the individual named. If you are not the named 
addressee you should not disseminate, distribute or copy this e-mail.


This email and any files transmitted with it are confidential and intended solely for the use of the individual or 
entity to whom they are addressed. If you have received this email in error please notify the system manager. This 
message contains confidential information and is intended only for the individual named. If you are not the named 
addressee you should not disseminate, distribute or copy this e-mail.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/