Many IMAP servers (mine included) cannot support SSL for IMAP, but can support things like CRAM-MD5 for secure authentication. Mozilla needs to embrace these other secure forms of authentication.
Mozilla supports CRAM-MD5 as of a couple weeks ago. There's a bug open about supporting CRAM-DIGEST as well. Is there anything else that you can think of?
Wonderful. But it is quite unobvious as to how to use it. The IMAP dialog in the 4/17 build only haas SSL for IMAP.
I sniffed my conversation with the IMAP server, and indeed it seems to be automatic! Way to go Mozilla folks!
Status: NEW → RESOLVED
Last Resolved: 16 years ago
Resolution: --- → FIXED
yes, it's automatic.
I do have a request for an enhancement on this fix. I think it is important to let the user know that his IMAP password is being transmitted encrypted, so some sort of icon should appear when this happens, or not.
Maybe I made a Chinese wish and got what I asked for, but didn't really want. With the 2003042908 build, every time I access my secure POP server, I get a message that the CRAM-MD5 authentication failed. Since it is POP over SSL, CRAM-MD5 really isn't needed. But I like the idea of the message when they do support CRAM-MD5, and it failed. So, we need a way to indicate whether the server does CRAM-MD5 in the Server Settings pane. If it doesn;t do it, the user could indicate that, and the error messages would be supressed.
tomorrow's build with work with CRAM-MD5
You need to log in before you can comment on or make changes to this bug.