Stephen,
Just commenting on one of your comments ...
...
What is this "cleartext IMAP" of which you speak?
I guess that's a fair comment - we don't know that they're
able gather to inbox data via IMAP due to it being sent in
clear, however that seems like a reasonable guess based
on the newspaper story which says that collection is done
by telcos that are "overseas" and assuming that TLS is not
busted for these services.
Based only on the story that you cited, and your observation about
telcos being the sources of the info, might it be the case that the
telcos were also the mail providers? I'm not sure how to interpret
the slides the the cite story included. That sort of explanation
would be consistent with Ned's observations about commercial provider
use of SSL to protect IMAP/POP access.
Steve
_______________________________________________
perpass mailing list
perpass@ietf.org
https://www.ietf.org/mailman/listinfo/perpass
