[Gllug] IMAPS

Jonathan Dye jonathan.dye at automationpartnership.com
Fri May 17 14:55:52 UTC 2002


> -----Original Message-----
> From: Dave Cridland [mailto:dave at cridland.net]
> Sent: 17 May 2002 16:51
> To: gllug at linux.co.uk
> Subject: Re: [Gllug] IMAPS
>
>
> On Fri, 2002-05-17 at 14:25, Jonathan Dye wrote:
> > Hi,
> >
> > Does anyone know if IMAPS does password authentication in an encrypted
> > session or is that done before the tunnel is set up?
>
> "IMAPS" is IMAP done through a pre-setup TLS tunnel.
>
> IMAP has a STARTLS command, too, which is generally better, however, OE
> doesn't support it. Git.
>
> Either way, authentication happens inside TLS, so it doesn't matter.

Good, that's what I had assumed but then I realised that it was best not to
assume that it was secure.

> IMAP is SASL-aware, and can support useful things like CRAM-MD5 and
> DIGEST-MD5, neither of which send the password in the clear. SASL does
> have a PLAIN mechanism, when it's safely inside TLS.

I thought there was some sort of other authentication options because my
imap server responds with something like AUTH PLAIN in it's erm.. list of
features on connection (sorry I forget the terminology).

> > Also, off topic I guess but does anyone know what Outlook Express (or
> > Outlook but I haven't looked) means when it says 'Use secure
> > password authentication' in the user credentials panel of the mail
> > account settings?  It's not IMAPS because that is on a different page.
>
> SPA is some Windows specific SASL mechanism. IIRC, it's documented as an
> RFC, and I *think* it might be the same as MS-CHAP. But I'm not sure, and
> can't find the RFC to hand at the moment.

Thanks for the info.

> Dave.

JD

_____________________________________________________________________
This message has been checked for all known viruses by the 
MessageLabs Virus Scanning Service


-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list