On Mon, 19 Sep 2005 20:52:18 EDT, "Robert A. Rosenberg" said:
If you read 2554 you will note that it provides for the Server to
offer a list of methods that the Server supports to allow the Client
to supply the Password. This list usually is "PLAIN" and "LOGIN" (and
sometimes CRAM-MD5). Depending on how paranoid you are, only CRAM-MD5
is actually secure. The other two methods not only send out a
constant (CRAM-MD5 is a one-time encryption) but if someone is
monitoring the connection the Password can be extracted from the
constant.
There's also the option of doing PLAIN or LOGIN after a STARTTLS command
to stop those nasty snoopers (and for that, a self-signed TLS cert is
quite sufficient). If you're really paranoid, you'll want to deploy the
certificate infrastructure needed to verify the identities at the other
end of the STARTTLS connection, so you can't have a MITM attack.
pgpzVgeY0GdA4.pgp
Description: PGP signature