ESMTPA vs. ESMTPS (was: SPF implementations)

Arjen de Korte wrote:

But anyone sniffing the connection, might replay the encoded
password.


AFAIK you can only hi-jack the session as "man in the middle".

There's no way to get the password by "watching" CRAM-MD5 or
similar SASL mechanisms.  Also no realistic dictionary attack.

                          Bye, Frank

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Re: SPF implementations, (continued) Re: Re: SPF implementations, Stuart D. Gathman Re: Re: SPF implementations, Graham Murray Re: Re: SPF implementations, Scott Kitterman Re: Re: SPF implementations, Dick St.Peters Re: Re: SPF implementations, Håkon Alstadheim Re: Re: SPF implementations, Stuart D. Gathman Re: Re: SPF implementations, Jeremy Doupe Re: Re: SPF implementations, Stuart D. Gathman Re: Re: SPF implementations, Arjen de Korte Re: Re: SPF implementations, Stuart D. Gathman ESMTPA vs. ESMTPS (was: SPF implementations), Frank Ellermann <= Re: ESMTPA vs. ESMTPS (was: SPF implementations), Tony Finch Re: ESMTPA vs. ESMTPS (was: SPF implementations), william(at)elan.net Re: ESMTPA vs. ESMTPS, Scott Kitterman Re: ESMTPA vs. ESMTPS, william(at)elan.net Re: ESMTPA vs. ESMTPS (was: SPF implementations), Tony Finch Re: ESMTPA vs. ESMTPS, Frank Ellermann Re: Re: ESMTPA vs. ESMTPS, Scott Kitterman Re: ESMTPA vs. ESMTPS, Frank Ellermann Re: Re: ESMTPA vs. ESMTPS, william(at)elan.net Re: ESMTPA vs. ESMTPS, Frank Ellermann