Zitat von Hans Spaans <hans@dailystuff.nl>:
Patrick Lists schreef op 2013-09-12 09:23:
Hi Noel,
On 09/12/2013 08:54 AM, Noel Butler wrote: [snip]
I'm always of the belief that if one person wants a feature, they might be the only vocal person, but they are never really alone, so post your patch, Timo can only either pull it in, or decline it, as for its useful for others, only time will tell, but not even god will help those who use it on a commercial network with paying customers - thats just plain professional suicide.
Unless it was clearly stated what the requirements are when they sign up. With NIST sleeping at the helm and the NSA having a field day it would not surprise me if businesses understand the importance of stronger encryption.
Why not turn it around? Why not tell the paying customer he is using
an unencrypted connection or with options that are insecure. Parse
the logfiles and make an additional section on the website where
he/she can see from where he/she had a successful login and the
security level? Make it red for unencrypted, orange/amber for
insecure and green for a "secure" connection. Most people like to
have everything in the green and you give them a choice what to do.
Also the cost is almost nothing for doing this. You could even make
it a service for companies who get a weekly/monthly PDF with an
overview.For now only Dovecot tells if it is a TLS-connection or not. Postfix
for example already tells if it is TLSv1 connection and the cipher.
If this could be extended then sysadmins have a way to make a
decision about the path to follow or to advise to management.Hans
http://dovecot.2317879.n4.nabble.com/Patch-to-log-the-cipher-suite-used-for-...
??
Regards
Andreas