At 23:57 -0400 on 06/15/2005, Keith Moore wrote about Re: request
discussion of two documents on SMTP relaying:
regarding cram-md5: anything that does challenge-response without
changing the key each time is easy to break independent of what hash
algorithm is used, especially in the case of a wireless network where
it's very easy to impersonate a server and mount a man-in-the-middle
attack. one time passwords (s/key) work okay, but not
challenge-response. this implicates cram-md5, and also APOP (not that
this is relevant to message submission), and some other things too.
It was my impression (possibly in error) that SMTP AUTH CRAM-MD5 and
POP's APOP Handshakes encrypt a string that includes a timestamp (and
thus changes each time) so the encrypted reply is unique and one-time
(and thus immune to replay attacks) so they are safe from monitoring
and man-in-the-middle.
As to APOP not being relevant to message submission, it CAN BE if the
POP session that was initiated via APOP then has XTND XMIT commands
submitted (to have the POP Server act as a MSA for relating to a MTA).