spf-discuss
[Top] [All Lists]

Re: Re: SPF implementations

2005-08-16 07:41:03

SMTP AUTH uses CRAM-MD5 or DIGEST-MD5 (or any other protocol
implemented by both sides) to protect the password.  It
is not sent in cleartext.  The PLAIN protocol is usually
allowed only in conjunction with TLS.

But anyone sniffing the connection, might replay the encoded password. So
effectively, one doesn't need the plain password.

Regards,
Arjen
-- 
Eindhoven - The Netherlands
Key fingerprint - 66 4E 03 2C 9D B5 CB 9B  7A FE 7E C1 EE 88 BC 57


<Prev in Thread] Current Thread [Next in Thread>