At 11/28/2001 09:13 AM -0500, you wrote: >Naked IMAP is just as bad as naked POP3... Secure them with SSL. Sure, >this limits the mailers you can use, but the security is worth it.
But no worse, and there are no known major reasons not to use IMAP, right? Can one have the *option* of using SSL if available but going naked if necessary? I have 70 users, 50 of which are computer-illiterate basically. However, for the other 20 encryption of POP3 or IMAP over SSL would be *fantastic* and has been a dream of mine for a while. Also, "this limits the mailers." Which ones can? Eudora is one, right? Which ones can't? Are LookOut and LookOut Express in that list? Is only authentication encrypted or all mail transported encrypted? >To configure this: > >cd /usr/share/ssl/certs >mv imapd.pem imapd.pem.orig >make imapd.pem Just like that? >You don't want to use the default (and widely known!) key value, right? :) Er... what's a key value? And what's the default? (I understand why not: everyone will already have a copy. I just don't know what we're talking about here.) >Also, be aware that you're creating a self-signed X.509 cert that's >going to be valid for 1 year. Since it's self-signed, your mailers may >ask your users to confirm use of this cert. Your alternatives? > >1. Teach your users how to install the cert as "trusted". > >2. instead of doing make imapd.pem, do a make imapd.csr and get it signed > by Thawte, Verisign, Equifax, RSA, etc. That is - a trusted 3rd party > CA. I'll be going with #2. However, it is important that those with no knowledge or with stupid mail programs can still get their stuff without encryption using either POP3 or IMAP. -- Rodolfo J. Paiz [EMAIL PROTECTED] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
