[Dovecot] SSL/TLS with Outlook client
Kyle Wheeler
kyle-dovecot at memoryhole.net
Wed Nov 14 20:29:30 EET 2007
On Wednesday, November 14 at 11:51 AM, quoth Ed W:
> Is TLS always performed BEFORE auth with generally available POP/IMAP
> clients?
Yes, because that's generally the entire point of using encryption.
After all, what's more important: encrypting your username/password
before transmitting it over an open wire, or encrypting your email
messages before transmitting them over an open wire? (Hint: if you
need your email encrypted, use PGP.)
Technically, there's nothing in the IMAP spec that forbids doing it
the other way around, however many IMAP servers (including Dovecot)
typically reject unencrypted authentication attempts.
> Random idea but if there were some way to identify the client BEFORE
> presenting the certificate then it would be possible to present one
> of a number of certificates depending on the incoming client....
Of course, but unfortunately, there's very little. The only thing the
server can reliably know is the client's IP address and source TCP
port (and it's own IP address). Not much to go on.
> (don't fancy scraping SMTP server log files and matching back to IP
> addresses though...)
HEH. SMTP-before-IMAP? What a bizarre concept. :) You'd just be
transferring the problem: how does the SMTP server know what
certificate to use?
~Kyle
--
You can gain reconciliation from your enemies, but you can only gain
peace from yourself.
-- Rubin "The Hurricane" Carter
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://dovecot.org/pipermail/dovecot/attachments/20071114/b7712238/attachment.bin
More information about the dovecot
mailing list