On Friday 18 January 2002 20:43, Tzafrir Cohen wrote:
> > Using SSL is fine for protecting passwords. For protecting the emails
> > themselves, you need to use GPG or something similar.
>
> Actually: not only the passwords. All the traffic. If you want to protect

No, only the passwords. Any email you collect via POP or IMAP over SSL
could easily have been sniffed before it arrived in your account via
SMTP. So, in effect, using SSL in this way only secures your password.
You still need GPG or PGP. And not many ISPs support SSL anyway.

> PGP/GPG doesn't allow even the mail server to read the contents of the
> message (if you use encryption). But you naturally can hide less
> information that way: you have to keep the headers in tact (so if you use
> pgp but don't encrypt the connection, an evesdropper can still know who
> sent you messages, and how big they are. With pop3/imap it can know much
> less.)

Yes, there still exists a need for end to end privacy where information
such as message size, or sender / recipient remains undetectable.

For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]