2005. június 14. 01:36, Ian Eure <[EMAIL PROTECTED]> -> debian-security@lists.debian.org,: > On Monday 13 June 2005 04:23 pm, LeVA wrote: > > Hi! > > > > I've configured a courier-imap server with pop3(-ssl) and imap(-ssl) > > support. Now I can not decide which combination of methods is the most > > secure (first of all) and most usefull (lastly) for me. > > > > The courier server supports both SSL and TLS, and I can use PLAIN and > > CRAM-MD5 methods for authentication. > > > > My mail user agent supports all of the above, so I would really > > appreciate if someone could tell me which configuration is the most > > secure way. > > TLS and SSL are equally secure. TLS is easier on your system's resources; > Courier-IMAP runs a seperate daemon for SSL connections, which you don't > need if you use TLS. > > PLAIN is easier to set up. IIRC, CRAM-MD5 requires a seperate password > file. Shouldn't be a risk if you're only using PLAIN over TLS.
I understand that with TLS or SSL the clear text passwords are secured, so do you think that an SSL + CRAM-MD5 combination is just a usesell complication of the problem, and I should stay with the SSL(or TLS) + clear text auth or with the no connection encryption + CRAM-MD5 auth? Daniel -- LeVA
