[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: POP3 password in plaintext?
From: |
David Caldwell |
Subject: |
Re: POP3 password in plaintext? |
Date: |
Wed, 01 Oct 2014 10:56:47 -0700 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:33.0) Gecko/20100101 Thunderbird/33.0 |
On 9/30/14 10:33 PM, David Kastrup wrote:
> Transparent STARTTLS on demand would seem useless against
> man-in-the-middle attacks. It's just good against eavesdropping on
> unintercepted traffic. And you don't even need to be true
> man-in-the-middle: you just need to be faster answering the STARTTLS
> negotiation.
The CA system[1] prevents MITM attacks. The best an attacker could do is
maybe stop the encryption from starting in the first place, but in my
book that should be an error.
-David
[1] https://en.wikipedia.org/wiki/Certificate_authority
smime.p7s
Description: S/MIME Cryptographic Signature