14 Nov
2007
14 Nov
'07
1:51 p.m.
Is TLS always performed BEFORE auth with generally available POP/IMAP clients?
Random idea but if there were some way to identify the client BEFORE presenting the certificate then it would be possible to present one of a number of certificates depending on the incoming client.... (don't fancy scraping SMTP server log files and matching back to IP addresses though...)
Ed W