Re: Bits from the uw-imap maintainer

To: debian-devel@lists.debian.org
Subject: Re: Bits from the uw-imap maintainer
From: "Jaldhar H. Vyas" <jaldhar@debian.org>
Date: Wed, 16 Oct 2002 00:10:05 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.44.0210160003520.16084-100000@samadhi.braincells.com>
Reply-to: "Jaldhar H. Vyas" <jaldhar@debian.org>
In-reply-to: <[🔎] 20021016035315.GB31862@quetzlcoatl.dodds.net>

On Tue, 15 Oct 2002, Steve Langasek wrote:

> On Tue, Oct 15, 2002 at 11:12:29PM -0400, Jaldhar H. Vyas wrote:
> > Now we have crypto in main, these packages will have SSL/TLS support.
> > The -ssl versions of these packages are just going to be dummies that will
> > upgrade you to the packages listed above which will ask you via debconf
> > which protocols you want to enable.
>
> > Following the upstream practice which is based on an IESG recommendation,
> > plaintext logins will be disabled on non-SSL/TLS connections.  If you
> > absolutely don't want to use SSL or TLS for some reason, your only
> > alternatives are to use CRAM-MD5 (See /usr/share/doc/libc-client2002/md5.txt)
> > or Kerberos or to recompile the package.
>
> Recommended or not, this is a substantial change that will break a lot
> of clients of existing systems.  There *are* still POP clients in use
> that support neither SASL nor SSL.  Likewise, a client that refused to
> negotiate plaintext would fail with some servers.  Is it possible to
> re-enable plaintext logins at runtime, or is this setting hard-coded
> into the binaries?
>

upstream doesn't believe in runtime configuration!

> Since most SSL-enabled POP servers don't have a certificate issued by a
> recognized CA, tunneling plaintext passwords over SSL provides only
> minimal protection against a dedicated attacker compared to sending
> plaintext passwords in the clear.
>

You know more about this than I do.  But I have to choose one or the other
or maintain two sets of packages which I don't want to do.

And minimal protection is better than none right?

> > * I would like some people to document how to set up up TLS or SSL in
> > popular
> >   IMAP clients (in particular: Outlook, Outlook Express, KMail,
> > Mozilla Mail,
> >   fetchmail, and Mutt.)  I will include this indormation in a FAQ.
>
> You've notably omitted Eudora and Pegasus from this list.
>

Then let's add them in.  And how about whatever mail client Mac OS X uses?

-- 
Jaldhar H. Vyas <jaldhar@debian.org>
It's a girl! See the pictures - http://www.braincells.com/shailaja/

Reply to:

Follow-Ups:
- Re: Bits from the uw-imap maintainer
  - From: Steve Langasek <vorlon@netexpress.net>
- Re: Bits from the uw-imap maintainer
  - From: "Tomas Pospisek's Mailing Lists" <tpo2@sourcepole.ch>

References:
- Re: Bits from the uw-imap maintainer
  - From: Steve Langasek <vorlon@netexpress.net>

Prev by Date: Re: Bits from the uw-imap maintainer
Next by Date: Re: Bits from the uw-imap maintainer
Previous by thread: Re: Bits from the uw-imap maintainer
Next by thread: Re: Bits from the uw-imap maintainer
Index(es):
- Date
- Thread