SSL E-mail Via Java?

[Guest fraser]

I'm a bit paranoid. I don't like unencrypted traffic on the net one bit, especially when passwords to my system are sent in plain text, as Pocket Outlook does. Normally I use IMAPS for e-mail, but this SPV limitation has restricted me to IMAP on the phone, which I really am not happy about!!

Looking at the new Java stuff, I notice that they have included some SSL classes. Has anyone got any thoughts on using this to create an SSL tunnel to get your e-mail across?

My suggestion would be to disable any automatic mail retreival in Pocket Outlook. Then, write a small app to periodically open an SSL tunnel to your server, then tell Outlook to do a send and receive, and close the connection when finished.

Any interest in this...? I could do it myself, but I am very very busy on other things at the moment, but I could be persauded if others would like it.

Also, anyone got any thoughts on having a Java application running 24/7 on the phone? Could this drain the battery prematurely with the extra processor time? Would a totally stand-alone (compiled) application be better here?

[Guest wbloore]

Personally, I wouldn't worry about downloading email by non-secure methods on the internet, as millions of people are downloading email everyday, so the chances of somebody snooping web traffic to find your password are extremely remote. There are more important things that people can be snooping for. An email account will probably not even interest a hacker, as most peoples email contains nothing important or remotely interesting to anyone other than email account holder.

I am more worried about Government agencies being able to read emails. And SSL will not stop that. This is a far more concerning problem, and one that most people fail to realise.

The best advice for choosing passwords is to use a different password for different things - eg, the password for your email will be different to your password for internet banking. And change your passwords regularly, such as every month or two.

[Guest fraser]

Can't change my password as I'm using a linux box that has one of the common authentication systems...so it's the same password to ssh into my box, as well as log into the web server. If you figure it out, all of my personal documents are available on the server (as well as 60gig of media). Compromising these would be catastrophic for me, far too much personal info in there. This is why I'm not happy about this password going across the net in plain-text. Even pocket IE can handle SSL and authentication without any problems, I'm very disappointed that Pocket Outlook isn't the same. I work for a company that has completely banned any non-secure services, and believe me, they know their stuff when it comes to this.

WRT gov. agencies snooping, I'm working on a way around that... :twisted: I'm going for a fully encrypted system, from end-to-end. Until FreeSwan opertunistic encryption becomes common, the incomming SMTP will always be the weak point, but I have thoughts on that as well...