31 lines
1.6 KiB
Plaintext
31 lines
1.6 KiB
Plaintext
MBOX-Line: From davew at hireahit.com Tue Mar 18 19:50:34 2014
|
|
To: imap-protocol@u.washington.edu
|
|
From: Dave Warren <davew@hireahit.com>
|
|
Date: Fri Jun 8 12:34:52 2018
|
|
Subject: [Imap-protocol] STARTTLS after PREAUTH
|
|
In-Reply-To: <1395195811.7439.96177201.64A35884@webmail.messagingengine.com>
|
|
References: <20140318141305.Horde.iyy0UP8Ostx9TojRZiFyjw1@bigworm.curecanti.org> <059bac1f-35eb-4f87-bd5e-e986dfb46b83@flaska.net> <20140318152549.Horde.0C2tXb4vwx_29xt0ZbwdEQ4@bigworm.curecanti.org> <1395187453.9897.96141249.7BE88CD8@webmail.messagingengine.com> <08C9B4E3-B0C3-40B3-AF7A-1B29FA09A0C9@orthanc.ca>
|
|
<1395195811.7439.96177201.64A35884@webmail.messagingengine.com>
|
|
Message-ID: <532905FA.1060706@hireahit.com>
|
|
|
|
On 2014-03-18 19:23, Bron Gondwana wrote:
|
|
> Sadly, they're still out there - which is why FastMail doesn't allow port 143 at all. Port 993 appears to be working in the real world[tm].
|
|
>
|
|
> I'd be interested in seeing the actual stats for which clients can be convinced by a MITM to give up their credentials in plaintext in their default configuration. Don't give me a checkbox which requires the user to actively increase the security level, because that won't work. In fact, don't even give the user a dialog which allows them to send the password insecurely, because they will.
|
|
>
|
|
> Not responding to a SYN on port 143 with an ACK...
|
|
|
|
|
|
If you put together a list, be sure to exclude clients that either
|
|
ignore certificate errors, or have users that ignore certificate errors.
|
|
SSL solves nothing when users are already trained to just ignore errors
|
|
and proceed anyway.
|
|
|
|
--
|
|
Dave Warren
|
|
http://www.hireahit.com/
|
|
http://ca.linkedin.com/in/davejwarren
|
|
|
|
|
|
|