On Thu, 29 Nov 2001, Rodolfo J. Paiz wrote:
> At 11/28/2001 09:13 AM -0500, you wrote: > >Naked IMAP is just as bad as naked POP3... Secure them with SSL. Sure, > >this limits the mailers you can use, but the security is worth it. > > But no worse, and there are no known major reasons not to use IMAP, right? none that I know of > Can one have the *option* of using SSL if available but going naked if > necessary? I have 70 users, 50 of which are computer-illiterate basically. > However, for the other 20 encryption of POP3 or IMAP over SSL would be > *fantastic* and has been a dream of mine for a while. yes. Just open both ports 143 and 993, and use stunnel to create the secure connection. In fact I think this is the default now for the uw-imap server. this is not challenging to configure on the client - no harder than configuring it to use Secure Password Authentication for example. > > Also, "this limits the mailers." Which ones can? Eudora is one, right? > Which ones can't? Are LookOut and LookOut Express in that list? Outlook express can most definatelty, and I assume Outlook too. See the Advanced tab of the Accounts dialog. > >2. instead of doing make imapd.pem, do a make imapd.csr and get it signed > > by Thawte, Verisign, Equifax, RSA, etc. That is - a trusted 3rd party > > CA. > > I'll be going with #2. However, it is important that those with no > knowledge or with stupid mail programs can still get their stuff without > encryption using either POP3 or IMAP. they can, but you should strive for at least securing the password. My personal opinion on imap over ssl is that it's kind of silly beyond securing the password - after all, the message travelled the wild before making their inbox (excluding corporate lan mail - but I don't think this is your scenario) hth charles _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
