[Dovecot] SSL Client Certificate Support
Timo Sirainen
tss at iki.fi
Fri Oct 3 17:48:14 EEST 2003
On Wed, 2003-10-01 at 13:37, Bert Koelewijn wrote:
> most modern enterprises make use of a Public Key Infrastructure. It
> would be nice to have dovecot check a client certificate instead of a
> password. This makes life much easier and more secure.
> Mail clients like Mozilla and MS Outlook do support this. What do you
> think of the following feature request:
>
> - Client authenticates with a certificate via SSL. (Like stunnel can)
> - Dovecot looks the username up in a table with (public key, username)
> - The mailclient gives a name and password, but dovecot ignores them
> - Dovecot gives the client access by the username found in the table
I've thought about it before myself a few times. I'm not against such
patch, but I don't think I'll implement it myself anytime soon.
Doing this also worries me a bit. Wasn't the recent security hole in
OpenSSL just in the client certificate parsing? SSL cert authentication
would have to rely on OpenSSL (or GNUTLS).
More information about the dovecot
mailing list