[18266] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Tim Dierks)
Wed Aug 24 15:45:49 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <430C9995.8080609@systemics.com>
Date: Wed, 24 Aug 2005 13:48:47 -0400 (EDT)
From: "Tim Dierks" <tim@dierks.org>
To: "Ian G" <iang@systemics.com>
Cc: "John Kelsey" <kelsey.j@ix.netcom.com>, cryptography@metzdowd.com
Reply-To: tim@dierks.org
[resending due to e-mail address / cryptography list membership issue]
On 8/24/05, Ian G <iang@systemics.com> wrote:
> Once you've configured iChat to connect to the Google Talk service, you may
> receive a warning message that states your username and password will be
> transferred insecurely. This error message is incorrect; your username and
> password will be safely transferred.
iChat pops up the warning dialog whenever the password is sent to the
server, rather than used in a hash-based authentication protocol.
However, it warns even if the password is transmitted over an
authenticated SSL connection.
I'll leave it to you to decide if this is:
- an iChat bug
- a Google security problem
- in need of better documentation
- all of the above
- none of the above
- Tim
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
