RE: introduction
On Thu, 13 Mar 2003, Boyle Owen wrote: SSL and mail? Usually, SSL is used to secure the communications between a webserver and its clients. I guess you could encrypt SMTP traffic but I've never done it (no doubt someone else will comment on this). The SMTP verb is STARTTLS. See RFC 3207. Something like this is also defined for POP, IMAP, ACAP, and some others. I've been toying with the idea of inventing a new UUCP protocol to provide authentication and secure transport using TLS (but there's no code yet). There are lots of uses for something like TLS, beyond web stuff, and probably many more yet to be discovered. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] MS Windows *is* user-friendly, but only for certain values of user. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: introduction
The OpenSSL Developers have already done this. Look at the smime command for the openssl program at http://www.openssl.org/docs/apps/smime.html# Also look at http://www.openssl.org/docs/crypto/SMIME_write_PKCS7.html You can sign messages using your private key which allows recipients to verify the message came from you. To encrypt messages the recipient must have a public key. Just sign or encrypt the message then send it like regular mail. See the attached file for a simple example. - Original Message - From: Mark H. Wood [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 14, 2003 7:25 AM Subject: RE: introduction On Thu, 13 Mar 2003, Boyle Owen wrote: SSL and mail? Usually, SSL is used to secure the communications between a webserver and its clients. I guess you could encrypt SMTP traffic but I've never done it (no doubt someone else will comment on this). The SMTP verb is STARTTLS. See RFC 3207. Something like this is also defined for POP, IMAP, ACAP, and some others. I've been toying with the idea of inventing a new UUCP protocol to provide authentication and secure transport using TLS (but there's no code yet). There are lots of uses for something like TLS, beyond web stuff, and probably many more yet to be discovered. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] MS Windows *is* user-friendly, but only for certain values of user. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Mail.cpp Description: Binary data
Re: introduction
Mozilla can use SSL for NNTP, POP, and SMTP connections, so its source code will have client code for each of those service types. Mozilla knows how to provide client certs if the server requests them, but it's up to the server to do that. I've coded servers that require client certs, but I don't know if there's an SMTP server that does that. (I mean, I'm ignorant, not I don't think one exists.) The client/server examples from Eric Rescorla's book might also be useful in figuring out how the code works. And actually, Eric's book (SSL and TLS, Designing and Building Secure Systems, Addison Wesley) should be on the shelf of anyone coding with SSL. I've certainly found it handy. Paul Allen Jake Zajac wrote: I am new to the ssl thing but have been asked to implement this into an existing application. We currently support email in our app, but only smtp servers that do not require any type of authentication. Can you provide me with a link that has an overview of ssl? I am looking for information on the flow of the data, the details of the transaction between the client and the smtp server, and an overview of the certificates and how they work with ssl. Any input on this would be greatly appreciated. I am sure that you get a lot of questions like this and I apologize for asking, but I could not find any overviews on the web site. I have looked at several newsgroups but could not find any information on my topic or get any answers to my questions, so I figured that I would try here... To connect to a server that does use SSL, is there always going to be a need for certificates on the client machine? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: Introduction paper still needed?
Hi Jan, Sorry I did not read the entire "openssl desperately needs some intro docs" thread (busy busy busy), just wanted to ask if the effort would still be appreciated? Very much! An understandable but complete introduction would be very useful (at least to me). Sander Steffann. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Introduction paper still needed?
Hi everyone, Sorry I did not read the entire "openssl desperately needs some intro docs" thread (busy busy busy), just wanted to ask if the effort would still be appreciated? If so, I think I can "create" the time to make it provided I get some assistance with the requirements (and I think I am writing to the right group of people ;), else I know I will tend to create something to good and it will never get finished. Some background on why I think it could work. SURFnet is currently setting up a true PKI. We participate in the efforts in the Netherlands to let digital signatures get the same legal status as a written signature. We are using both commercial and non commercial products (x-cert and openssl+home-brew RA). Because openssl is completely open, and the commercial product is closed as usual I and a couple of other people working on it tend to trust openssl more :). The openssl efforts are mostly my responsibility. I do not know everything, but enough to run a basic ca. I know enough (or am going to know) about PKI and security to be able to write a proper introductionary document. SURFnet has a large responsibility in disemminating information throughout its community. We are currently setting up a website that should serve as an documentation platform for our community. Writing an introductionary document to an opensource CA product would fit in perfectly. So, if the need still exists for an introductionary document and all of you are willing to contribute to the requirements, I am prepared to finally do my share of development (sorry, have not been programming that much for the past 2 years...) Jan Meijer SURFnet -- alive ~ true __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Introduction?
Does anybody know a URL or book with an easy to follow introduction to establishing secured connections? (something like '... for dummies' or so) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]