Color me stupid, but I don't see a significant increase in security by going from 56-bit to 128-bit SSL. Granted, it's easier to break and eavesdrop on 56-bit SSL. But if I were a hacker and wanted access to someone's mail stream, it would be easier to break into the servers and network to access someone's mail illegally.
Something that would significantly increase security would be to support Microsoft's proprietary POP SPA (Secure Password Auth). I'm not sure this is possible for servers behind a firewall. As it is, it's necessary to block POP3 at your border routers if you don't want POP3 passwords in clear text on the internet. While IMail has an excellent APOP authentication, Microsoft in it's monopolistic blinders mode chooses not to support it. We're on contract so we'll get the upgrade. I understand that the company must have a budgetary revenue stream to support and enhance the product. I would vote for a very rigorous source code review because the product teetered on becoming unusable with the combination of necessary security patches and new web messaging bugs. The existence of the bogus "%s! %1.2d" junk in the log files indicates what lies beneath. It mostly works now, with the exception of web calendaring crashing occasionally. ----- Original Message ----- From: "John Korsak" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, May 08, 2002 7:02 PM Subject: [IMail Forum] IMail Server 7.1 Upgrade Policy > Security was a concern > so we added 128-bit SSL to our Web services. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
