Charles Marcus <dovecot@dovecot.org> wrote on 23 Jul 2007 13:21: > Phillip T. George, on 7/23/2007 1:00 PM, said the following: > > SSL/TLS is not going to solve the keylogger and malware problem. > > Basically, if you're on a public (or even a friend's) computer and > > someone decides to monitor keystrokes using some application, your > > password will be completely compromised. > > Well, thats true, but this really isn't a dovecot issue...
Yes, that's true. I believe I must make some additional notes to explain the reason for my mail: 1. I believe one One-time Passwords can be useful, especially in untrusted webmail environments. 2. Until now I did not find an easy solution to setup OTP with common used IMAP servers and webmail packages. If somebody is able to show me a solution I would be happy and we can abort this thread. 3. I did not use dovecot before, but when I evaluated some IMAP servers I came to the conclusion, that dovecot has a clean structure and can be extended easily. I was able to patch dovecot in order to show that the proposed solutions are possible. So dovecot has no errors in this context, but I believe it could be extended easily and that's why I wrote in this mailing list. My hope is, that people comment: - My ideas are stupid or not. - My proposol is a useful IMAP extension, or we should solve the problem in other ways. - We should extend dovecot a litle bit or leave it, because other mail servers does not implement such a feature. I do not complain about dovecot, I'm proposing some enhancements, but may be in the wrong direction. I hope I do not disturb the mailing list readers. Regards, Frank -- Frank Behrens, Osterwieck, Germany PGP-key 0x5B7C47ED on public servers available.
