On Thursday 20 November 2008 15:52:56 Victor Duchovni wrote: > On Thu, Nov 20, 2008 at 03:48:32PM +0000, Mark Watts wrote: > > > The first cipher has no authentication mechanism in the SSL handshake, > > > so you get encryption only, no authentication. The second cipher makes > > > authentication "possible", but you can still (and typically do) ignore > > > the peer certificate. So in practice the two ciphers offer the same > > > security, provided you are not going to reject unauthenticated > > > connections when sending email to the domain in question. > > > > Do people typically use SASL authentication insted of certificate > > checking? > > You are confusing authenticating users for submission access with > authenticating the destination server for channel integrity. > > This is the difference between web-site login forms and HTTPS server > certificate checks. > > I don't want to sidetrack into client certs vs SASL login in this thread.
OK, I understand - thanks for your help, its certainly increased my understanding of my original problem. Thanks, Mark. -- Mark Watts BSc RHCE MBCS Senior Systems Engineer QinetiQ Applied Technologies GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part.
