Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 9 Jul 2009, Timo Sirainen wrote:
That's a wrong way to think about it. imaps is a legacy port that should have died years ago. You can force encrypted sessions on imap port just by setting
Well, I do not see it like that, moreover because the STARTLS is not essentially better than IMAP-over-SSL. At least one should be able to submit the domain/host the client wants to connect to, in order to enable virtual IMAP/SMTP/... hosting.
So, STARTTLS is just overhead without gain, well, you need one port less.
Actually, I'm coming in rather late, but I thought that was the whole point of TLS that you could decide what certificate to present AFTER you knew which client was connecting? This allows virtual hosting with a different SSL cert per host (current situation is rather difficult... I'm using a cert with multiple names on it, but this is hard to buy)
It's exciting to see TLS finally coming to http for example and we can do virtual hosting for machines without needing gazillions of ports (on the other hand sadly FF has broken the ability to easily use self signed certs, so just as the internet was about to encrypt everything rather than go plain text, FF goes and spoils all the fun... *sigh*
Ed W