| Re: Doubts about IMAP SSL authentication |
|
 |
|
 |
|
 |
|
 |
Group: gnu.emacs.gnus · Group Profile
Author: Ross PattersonRoss Patterson Date: Sep 17, 2008 10:58
> Gnus successfully opened an SSL connection with my IMAP server (GMail)
> as evidenced by the ff. lines in *Messages*:
>
> imap: Connecting to imap.gmail.com...
> imap: Opening SSL connection with `openssl s_client -quiet -ssl3 -
> connect %%s:%%p'...done
>
> However, further on, I see these lines:
>
> imap: Authenticating to ` imap.gmail.com' using `login'...
> imap: Plaintext authentication...
>
> Does this mean that Gnus ignored the SSL connection that was set up
> and went with a less secure plaintext login method instead?
Unless I'm misunderstanding, this is fine. Sine the *connection* is
fully encrypted with SSL, it is safe to *authenticate* using plain text
over the *encrypted connection*. Most SSL setups I've seen work this
way where plain text auth is used when the connection is encrypted.
Course, I'm no SSL expert.
Ross
| 
