From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/46065 Path: main.gmane.org!not-for-mail From: Alexander Kotelnikov Newsgroups: gmane.emacs.gnus.general Subject: Re: IMAP/SSL with gnus Date: Thu, 08 Aug 2002 22:03:34 +0400 Organization: Debian Project Sender: owner-ding@hpc.uh.edu Message-ID: <873ctp4495.fsf@giotto.sj.ru> References: <87vg6m7i6g.fsf@giotto.sj.ru> <87n0ryqoax.fsf@pale.loc> <87it2l6zk8.fsf@giotto.sj.ru> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1028829822 16063 127.0.0.1 (8 Aug 2002 18:03:42 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Thu, 8 Aug 2002 18:03:42 +0000 (UTC) Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 17crdM-0004Ay-00 for ; Thu, 08 Aug 2002 20:03:41 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 17crd3-0002kt-00; Thu, 08 Aug 2002 13:03:21 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Thu, 08 Aug 2002 13:03:48 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id NAA27336 for ; Thu, 8 Aug 2002 13:03:30 -0500 (CDT) Original-Received: (qmail 16360 invoked by alias); 8 Aug 2002 18:02:56 -0000 Original-Received: (qmail 16355 invoked from network); 8 Aug 2002 18:02:55 -0000 Original-Received: from pet-relcom.softjoys.ru (HELO pet.softjoys.ru) (212.113.101.73) by gnus.org with SMTP; 8 Aug 2002 18:02:55 -0000 Original-Received: from giotto.sj.ru (debian.softjoys.ru [193.125.217.22]) by pet.softjoys.ru (8.11.0/8.11.0) with ESMTP id g78I7rg27945 for ; Thu, 8 Aug 2002 22:07:53 +0400 (MSD) Original-Received: from giotto.sj.ru (sacha@localhost [127.0.0.1]) by giotto.sj.ru (8.12.3/8.12.3/Debian -4) with ESMTP id g78I3YTH000601 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=OK) for ; Thu, 8 Aug 2002 22:03:35 +0400 Original-Received: (from sacha@localhost) by giotto.sj.ru (8.12.3/8.12.3/Debian -4) id g78I3Ywf000600; Thu, 8 Aug 2002 22:03:34 +0400 Original-To: ding@gnus.org X-Face: (uU)eOi[yT~l(bwno'Pl_Z-MbLa:<"SX"r]IQb3zJ8G[n(PGcwS^;\?oSN~iz{IrR3`=_A- ]ghp.+wSOFa}KX@4m{Nl!yP)&v;o8~ (Simon Josefsson's message of "Thu, 08 Aug 2002 19:53:00 +0200") Original-Lines: 31 User-Agent: Gnus/5.090007 (Oort Gnus v0.07) Emacs/21.2 (i386-debian-linux-gnu) Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:46065 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:46065 >>>>> On Thu, 08 Aug 2002 19:53:00 +0200 >>>>> "SJ" == Simon Josefsson wrote: SJ> SJ> Alexander Kotelnikov writes: SJ> Do you need to be prompted? Simply installing your CA so that OpenSSL SJ> finds it should be enough, I think. With "reject on fail", you can't SJ> login unless the server certificate verifies correctly, so it is SJ> almost like a prompt. :-) >> >> I do not see any other way to avoid IP spoofing with successive >> password grabbing. SJ> SJ> If the remote cert doesn't validate, you won't send your password. If SJ> it validates, doesn't this mean you trust the other end, and trust SJ> them to handle your password properly? I don't see how IP spoofing SJ> can modify this. Look. Now I do not have any cert on client side and password is sent and I am authorised :( SJ> >> May be to switch to (nnimap-stream shell) with ssh, but it do not work >> for me, may be some tweaking is needed. SJ> SJ> SSH port forwarding can be recommended. Is there any working example of configuration? -- Alexander Kotelnikov Saint-Petersburg, Russia