merlyn@stonehenge.com (Randal L. Schwartz) writes:
> Net effect: your iDisk password is transmitted in the clear without
> your awareness, albeit as a mail password.
>
> Problems:
>
> - mac.com SMTP doesn't support encrypted passwords
Are you sure?
myhost{dsouth}: telnet smtp.mac.com 25
Trying 204.179.120.48...
Connected to smtp.mac.com.
Escape character is '^]'.
220 ESMTP service
ehlo foo.bar
250-asmtp02.mac.com
250-PIPELINING
250-ETRN
250-DSN
250-STARTTLS
250-AUTH PLAIN LOGIN
250 AUTH=LOGIN
^]
telnet> quit
Connection closed.
It looks like smtp.mac.com supports STARTTLS, which could be used to
armor the PLAIN/LOGIN authentication. Granted, it isn't clear that
mail.app is capable of doing SSL/TLS when connecting to a SMTP server
for sends, but mail.app does support SSL/TLS for IMAP receives.
--
/* Dale Southard Jr. dsouth@llnl.gov 925-422-1463, fax 422-9429 */
/* Computer Scientist, Accelerated Strategic Computing Initiative */
/* L-073, Lawrence Livermore National Lab, Livermore CA 94551 */
/* AFF/I, SL/I, T/I, D-11216, Sr. Rig --- I'd rather be skydiving */
