[MlMt] Security

[Bill Cole]

On 17 Jan 2018, at 8:06, Steven M. Bellovin wrote:

> On 17 Jan 2018, at 5:51, Benny Kjær Nielsen wrote:
[...]
>> I back you up. Only thing to add is that one should make sure that 
>> SSL is always enabled such that a password is never sent to the 
>> IMAP/SMTP server in plain text. Note that most proper email servers 
>> wouldn't even allow non-SSL connections.
>>
> What authentication options that don't involve sending passwords does 
> MailMate support? Is there a way to configure MM to use only one of 
> these safer options if available?

I can't answer that, but I do take issue with the implied assertion that 
it is inherently safer to use CRAM-MD5, DIGEST-MD5, or other 
password-based mechanisms that avoid send the password to the server in 
decodable form rather than using a plaintext mechanism via an encrypted 
(i.e. TLS) transport. To support those mechanisms, the server needs to 
*store* a recoverable form of the password, which in most circumstances 
creates a less protectable attack surface than putting a password on the 
wire inside an encrypted channel to a server that only stores strong 
one-way hashes.