Robert Wolf wrote:
else (NOT LOCALHOST) and you can see it says LOGINDISABLED unless you
have enabled something like cram-md5.
Hi,
exactly, this is the reason, why plain-text is still needed. You don't need
encryption for authentication, if you have secure authentication. Without
knowing original password, the MITM cannot generate correct hash for login, so
the connection can be plain-text.
You don't need plaintext to use CRAM-MD5: there's no problem have *both*
CRAM-MD5 and SSL (it's overkill, but works). And mail data is worth
protecting too.
Of cource, if you then download your emails, the MITM can still read these
emails too, if these emails are plain-text (not encrypted using e.g. SMIME or
GPG). But he cannot misuse your login.
No argument here about using end-to-end encryption, but protecting mail
data and metadata is important too. Don't forget also, it's not just
about the privacy (reading) of mail data, but it's also important to
guarantee the authenticity of mail data from tampering.
By the way, if we assume a hostile network where MITM is possible, then
even closing STARTTLS ports will not guarantee confidential transport:
the MITM attacker can merely open up a fake plaintext-only service port,
then proxy that to the target server. The client must deny non-secured
transport to be fully protected.
Joseph Tam <[email protected]>
