BBC 'vague' reporting again!

[Ian Batten]

--Apple-Mail-22-883977118
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit

>
> The problem with POP3 and IMAP is they send the password as cleartext,

IMAP doesn't if you're vaguely competent and use CRAM-MD5 or similar.   
Indeed, it's possible to configure your IMAP server so that it only  
offers plaintext passwords if their is an encryption layer in use:

-bash-3.00$ telnet localhost 143
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS LOGINDISABLED  
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] mail.batten.eu.org server ready
. login igb somepass
. NO Login only available under a layer
. logout
* BYE LOGOUT received
. OK Completed
Connection to localhost closed by foreign host.
-bash-3.00$ openssl s_client -quiet -connect  
offsite2.batten.eu.org:imaps
depth=1 /C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
verify error:num=20:unable to get local issuer certificate
verify return:0
* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=DIGEST-MD5 AUTH=CRAM- 
MD5 AUTH=LOGIN AUTH=PLAIN SASL-IR] mail.batten.eu.org server ready
. login igb somepass
. OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID LOGINDISABLED AUTH=DIGEST- 
MD5 AUTH=CRAM-MD5 AUTH=LOGIN AUTH=PLAIN ACL RIGHTS=kxte QUOTA MAILBOX- 
REFERRALS NAMESPACE UIDPLUS NO_ATOMIC_RENAME UNSELECT CHILDREN  
MULTIAPPEND BINARY SORT SORT=MODSEQ THREAD=ORDEREDSUBJECT  
THREAD=REFERENCES ANNOTATEMORE CATENATE CONDSTORE SCAN IDLE URLAUTH]  
User logged in
. logout
* BYE LOGOUT received
. OK Completed
read:errno=0
-bash-3.00$


--Apple-Mail-22-883977118
Content-Type: text/html;
	charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

<html><body style=3D"word-wrap: break-word; -webkit-nbsp-mode: space; =
-webkit-line-break: after-white-space; "><div><blockquote =
type=3D"cite"><div><br>The problem with POP3 and IMAP is they send the =
password as cleartext,</div></blockquote><br></div><div>IMAP doesn't if =
you're vaguely competent and use CRAM-MD5 or similar. &nbsp;Indeed, it's =
possible to configure your IMAP server so that it only offers plaintext =
passwords if their is an encryption layer in =
use:</div><div><br></div><div><div>-bash-3.00$ telnet localhost =
143</div><div>Trying 127.0.0.1...</div><div>Connected to =
localhost.</div><div>Escape character is '^]'.</div><div>* OK =
[CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID STARTTLS <b>LOGINDISABLED</b> =
AUTH=3DDIGEST-MD5 AUTH=3DCRAM-MD5 SASL-IR] mail.batten.eu.org server =
ready</div><div>. login igb somepass</div><div>. NO <b>Login only =
available under a layer</b></div><div>. logout</div><div>* BYE LOGOUT =
received</div><div>. OK Completed</div><div>Connection to localhost =
closed by foreign host.</div><div>-bash-3.00$ openssl s_client -quiet =
-connect offsite2.batten.eu.org:imaps</div><div><div>depth=3D1 =
/C=3DUS/ST=3DUT/L=3DSalt Lake City/O=3DThe USERTRUST Network/OU=3D<a =
href=3D"http://www.usertrust.com/CN=3DUTN-USERFirst-Hardware">http://www.u=
sertrust.com/CN=3DUTN-USERFirst-Hardware</a></div><div>verify =
error:num=3D20:unable to get local issuer certificate</div><div>verify =
return:0</div><div>* OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID =
AUTH=3DDIGEST-MD5 AUTH=3DCRAM-MD5 <b>AUTH=3DLOGIN AUTH=3DPLAIN</b> =
SASL-IR] mail.batten.eu.org server ready</div><div>. login igb =
somepass</div><div>. OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID =
LOGINDISABLED AUTH=3DDIGEST-MD5 AUTH=3DCRAM-MD5 AUTH=3DLOGIN AUTH=3DPLAIN =
ACL RIGHTS=3Dkxte QUOTA MAILBOX-REFERRALS NAMESPACE UIDPLUS =
NO_ATOMIC_RENAME UNSELECT CHILDREN MULTIAPPEND BINARY SORT SORT=3DMODSEQ =
THREAD=3DORDEREDSUBJECT THREAD=3DREFERENCES ANNOTATEMORE CATENATE =
CONDSTORE SCAN IDLE URLAUTH] User logged in</div><div>. =
logout</div><div>* BYE LOGOUT received</div><div>. OK =
Completed</div><div>read:errno=3D0</div><div>-bash-3.00$&nbsp;</div><br></=
div></div></body></html>=

--Apple-Mail-22-883977118--