[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the uw-imap maintainer

On Tue, 15 Oct 2002, Steve Langasek wrote:

> On Tue, Oct 15, 2002 at 11:12:29PM -0400, Jaldhar H. Vyas wrote:
> > Now we have crypto in main, these packages will have SSL/TLS support.
> > The -ssl versions of these packages are just going to be dummies that will
> > upgrade you to the packages listed above which will ask you via debconf
> > which protocols you want to enable.
> > Following the upstream practice which is based on an IESG recommendation,
> > plaintext logins will be disabled on non-SSL/TLS connections.  If you
> > absolutely don't want to use SSL or TLS for some reason, your only
> > alternatives are to use CRAM-MD5 (See /usr/share/doc/libc-client2002/md5.txt)
> > or Kerberos or to recompile the package.
> Recommended or not, this is a substantial change that will break a lot
> of clients of existing systems.  There *are* still POP clients in use
> that support neither SASL nor SSL.  Likewise, a client that refused to
> negotiate plaintext would fail with some servers.  Is it possible to
> re-enable plaintext logins at runtime, or is this setting hard-coded
> into the binaries?

upstream doesn't believe in runtime configuration!

> Since most SSL-enabled POP servers don't have a certificate issued by a
> recognized CA, tunneling plaintext passwords over SSL provides only
> minimal protection against a dedicated attacker compared to sending
> plaintext passwords in the clear.

You know more about this than I do.  But I have to choose one or the other
or maintain two sets of packages which I don't want to do.

And minimal protection is better than none right?

> > * I would like some people to document how to set up up TLS or SSL in
> > popular
> >   IMAP clients (in particular: Outlook, Outlook Express, KMail,
> > Mozilla Mail,
> >   fetchmail, and Mutt.)  I will include this indormation in a FAQ.
> You've notably omitted Eudora and Pegasus from this list.

Then let's add them in.  And how about whatever mail client Mac OS X uses?

Jaldhar H. Vyas <jaldhar@debian.org>
It's a girl! See the pictures - http://www.braincells.com/shailaja/

Reply to: