[RndTbl] MitM on IMAPS?

Trevor Cordes trevor at tecnopolis.ca
Sat Jan 18 03:37:26 CST 2014

I'm just wondering if it is possible for someone to MitM me in the 
following scenario and intercept plaintext traffic:

dovecot imaps server with real thawte "quick" cert
imaps (ssl)
public wifi
android phone using imaps using "ssl" not "ssl (any cert)" option

For instance, can a malicious hotspot use some sort of interception 
technique / spoofing and some sort of wildcard cert to trick my phone into 
negotiating SSL with it, which then does its own SSL to my dovecot server, 
thus MitM'ing me without me even knowing?  I know in a web browser I'd 
normally be protected against that by looking at the URL in the address 
bar, or the green EV-cert graphics (or am I wrong in even that 

How paranoid do I have to be?  And is there any way to beat any 
shortcoming on Android, perhaps with a client cert or a way to tie the 
account to a single manually-specified server SSL cert?

More information about the Roundtable mailing list