From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/46064 Path: main.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: IMAP/SSL with gnus Date: Thu, 08 Aug 2002 19:53:00 +0200 Sender: owner-ding@hpc.uh.edu Message-ID: References: <87vg6m7i6g.fsf@giotto.sj.ru> <87n0ryqoax.fsf@pale.loc> <87it2l6zk8.fsf@giotto.sj.ru> NNTP-Posting-Host: localhost.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1028829263 14262 127.0.0.1 (8 Aug 2002 17:54:23 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Thu, 8 Aug 2002 17:54:23 +0000 (UTC) Cc: ding@gnus.org Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by main.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 17crUK-0003hg-00 for ; Thu, 08 Aug 2002 19:54:21 +0200 Original-Received: from sina.hpc.uh.edu ([129.7.128.10] ident=lists) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 17crTV-0002cQ-00; Thu, 08 Aug 2002 12:53:29 -0500 Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Thu, 08 Aug 2002 12:53:55 -0500 (CDT) Original-Received: from sclp3.sclp.com (qmailr@sclp3.sclp.com [209.196.61.66]) by sina.hpc.uh.edu (8.9.3/8.9.3) with SMTP id MAA27300 for ; Thu, 8 Aug 2002 12:53:39 -0500 (CDT) Original-Received: (qmail 16182 invoked by alias); 8 Aug 2002 17:53:05 -0000 Original-Received: (qmail 16177 invoked from network); 8 Aug 2002 17:53:04 -0000 Original-Received: from 178.230.13.217.in-addr.dgcsystems.net (HELO yxa.extundo.com) (217.13.230.178) by gnus.org with SMTP; 8 Aug 2002 17:53:04 -0000 Original-Received: from latte.josefsson.org (yxa.extundo.com [217.13.230.178]) (authenticated bits=0) by yxa.extundo.com (8.12.5/8.12.5) with ESMTP id g78Hqwi2019988; Thu, 8 Aug 2002 19:52:58 +0200 Original-To: Alexander Kotelnikov Mail-Copies-To: nobody X-Hashcash: 020808:sacha@giotto.sj.ru:56eb31685e15831e X-Hashcash: 020808:ding@gnus.org:85d541b6368678a7 In-Reply-To: <87it2l6zk8.fsf@giotto.sj.ru> (Alexander Kotelnikov's message of "Thu, 08 Aug 2002 21:16:39 +0400") Original-Lines: 19 User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.3.50 (i686-pc-linux-gnu) Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:46064 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:46064 Alexander Kotelnikov writes: > SJ> Do you need to be prompted? Simply installing your CA so that OpenSSL > SJ> finds it should be enough, I think. With "reject on fail", you can't > SJ> login unless the server certificate verifies correctly, so it is > SJ> almost like a prompt. :-) > > I do not see any other way to avoid IP spoofing with successive > password grabbing. If the remote cert doesn't validate, you won't send your password. If it validates, doesn't this mean you trust the other end, and trust them to handle your password properly? I don't see how IP spoofing can modify this. > May be to switch to (nnimap-stream shell) with ssh, but it do not work > for me, may be some tweaking is needed. SSH port forwarding can be recommended.