tlug: Re: imap

[Rex Walters <rex@example.com>]

[Moved from tlug-admin for a wider audience to answer my question.  This
is getting bothersome.]

>>>>> Christopher Sekiya writes:  (on 06 Nov 98)

> >         ... I would recommend we have them use imap rather than pop.
> 
> No way.  I trust pop3 much more than I trust imap.

Why?

I *know* POP3 sends passwords in plaintext.  I'm pretty sure IMAP
doesn't, but I'm too lazy to look it up.  Some pretty bright people I
trust at UNC and CMU are quite gung ho about IMAP and don't normally
recommend insecure protocols.

My question stands: is the concern about imap security due to problems
with the protocol or with a particular implementation?  I'm willing to
believe, for instance, that cyrus, say, is susceptible to buffer
overflows, but are there specific problems with the IMAP protocol that
I'm unaware of?

Regards,
-- 
Rex (who is really leaving now, and won't be back on email for a week)
----------------------------------------------------------------
Next Nomikai: 20 November, 19:30   Tengu TokyoEkiMae 03-3275-3691
Next Technical Meeting: 12 December, 12:30 HSBC Securities Office
----------------------------------------------------------------
more info: http://tlug.linux.or.jp Sponsors: PHT, HSBC Securities