BTW, http://www.deja.com/getdoc.xp?AN=445766142 contains a discussion on
SSL-wrapping sendmail the STARTTLS way, and
http://www.aet.tu-cottbus.de/personen/jaenicke/pfixtls/ has patches for
STARTTLS'ing Postfix. Both links come from the home page of Stunnel,
http://mike.daewoo.com.pl/computer/stunnel/ .
Enzo
----- Original Message -----
From: Marc Horowitz <[EMAIL PROTECTED]>
To: Lucky Green <[EMAIL PROTECTED]>
Cc: 'Enzo Michelangeli' <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, July 06, 1999 11:33 AM
Subject: Re: sendmail patch for smtps (SSL-SMTP)?
> "Lucky Green" <[EMAIL PROTECTED]> writes:
>
> >> Ouch. Seems somebody is busy making certain that one won't be able to
use
> >> standard US distributions of these implementations much longer to
trivially
> >> implement the secure protocols by adding a wrapper. This is very bad
news,
> >> indeed.
>
> The IETF is more interested in having well-engineered protocols than
> in making it easy to use US implementations. The port explosion was a
> real problem, and security done through wrappers makes some security
> problems (like authorization) harder, not easier.
>
> Regardless, the STARTTLS command as usually spec'd could probably be
> implemented as a wrapper, it would just have to be more complicated
> than a simple wrapper.
>
> >> As for simplifying the firewall setup, I would question that
> >> forcing a secure and an insecure service to run on the same port
> >> adds to the security of a site.
>
> This encourages sites to deprecate the insecure service in favor of
> the secure one. In the long run, this increases security and reduces
> the need for firewalls, which as often as not give false security.
>
> Marc
>
>
