merlynat_private (Randal L. Schwartz) writes: > Net effect: your iDisk password is transmitted in the clear without > your awareness, albeit as a mail password. > > Problems: > > - mac.com SMTP doesn't support encrypted passwords Are you sure? myhost{dsouth}: telnet smtp.mac.com 25 Trying 204.179.120.48... Connected to smtp.mac.com. Escape character is '^]'. 220 ESMTP service ehlo foo.bar 250-asmtp02.mac.com 250-PIPELINING 250-ETRN 250-DSN 250-STARTTLS 250-AUTH PLAIN LOGIN 250 AUTH=LOGIN ^] telnet> quit Connection closed. It looks like smtp.mac.com supports STARTTLS, which could be used to armor the PLAIN/LOGIN authentication. Granted, it isn't clear that mail.app is capable of doing SSL/TLS when connecting to a SMTP server for sends, but mail.app does support SSL/TLS for IMAP receives. -- /* Dale Southard Jr. dsouthat_private 925-422-1463, fax 422-9429 */ /* Computer Scientist, Accelerated Strategic Computing Initiative */ /* L-073, Lawrence Livermore National Lab, Livermore CA 94551 */ /* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
This archive was generated by hypermail 2b30 : Wed Jul 24 2002 - 14:29:50 PDT