On Fri, Mar 04, 2011 at 03:41:09PM +0100, kapetr wrote:
> At the moment am I satisfied with fact, that the communication with
> ISPs server is encrypted. So my with SALS LOGIN/PLAIN send
> name/passwd are +- safe.
There is no such thing as "safe", rather "safe" is always relative to
a set of threats that are mitigated. Encryption is not synonymous with
security. Rather, encryption yields confidentiality protection against
a passive wiretap.
So your username/password are safe from interception by an attacker who
passively captures packets. Your username/password are not safe from
a man-in-the-middle attack, thwarting that requires authentication as
well as encryption. With stunnel that means "verify = 3" and a local
copy of the SMTP server certificate.
The peer certificate copy is IIRC only used for its "subject DN",
so if the peer certificate is renewed, without changing any of
the DN components, it will still match provided the trust chain
verifies. Basically, stunnel only supports authentication via a cert in
the CAfile whose DN exactly matches the peer DN. You can even generate a
cert such a self-signed certificate yourself and throw away the private
key. Provided the subject DN matches the peer's subject DN you're set.
--
Viktor.
