|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tzafrir Cohen (tzafrir
technion.ac.il)Date: Fri Jan 18 2002 - 14:43:46 CST
On Fri, 18 Jan 2002, Nick Murtagh wrote:
> On Thursday 17 January 2002 22:02, Tzafrir Cohen wrote:
> > You won't catch any of the anti-telnet guys using plain pop3 or
> > (non-annonymous) ftp. To replace ftp you have scp and sftp. pop3 and imap
> > can be carried over SSL. Imap can also use a chalange-response
> > authenticcation.
>
> Using SSL is fine for protecting passwords. For protecting the emails
> themselves, you need to use GPG or something similar.
>
Actually: not only the passwords. All the traffic. If you want to protect
only the passowrds you can still use telnet with kerberos authentication,
imap with chalange-response authnetincation (I forgot how its called),
etc. But you don't protect the traffic (the contents of your mail between
the server and the client, the keyclicks of the user (including the
password in 'su') on telnet sessions, etc.
PGP/GPG doesn't allow even the mail server to read the contents of the
message (if you use encryption). But you naturally can hide less
information that way: you have to keep the headers in tact (so if you use
pgp but don't encrypt the connection, an evesdropper can still know who
sent you messages, and how big they are. With pop3/imap it can know much
less.)
-- Tzafrir Cohen mailto:tzafrirFor help, email discuss-help
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]