On Mon, 18 Jan 2010, Arnt Gulbrandsen wrote: > Timo Sirainen writes: > > > 2) It's easier to enforce "SSL-only" traffic in firewall rules based on > > ports. For example they'll keep both imap and imaps enabled, but only imaps > > is allowed outside intranet. > > Yeah. But I can't remember talking to anyone who really cared about allowing > cleartext imap inside the firewall.
I'm not sure exactly what you mean here, but I have counter examples for two possible interpretations. If you mean that no one in your experience is worried by unencrypted access from local IP addresses, then we certainly are especially for wireless users. If you mean that no one in your experience enables unencrypted access from local IP addresses, then I believe it's fairly common for universities to do so to avoid having to reconfigure thousands of desktop clients. It took us about a year to completely disable unencrypted access - we wanted to avoid huge spikes in support load. With the right software it's fairly easy to restrict unencrypted logins to local wired networks. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD. _______________________________________________ yam mailing list [email protected] https://www.ietf.org/mailman/listinfo/yam
